Skip to main content

Add authentication keys to dropbear ssh? [Resolved]

For ssh I usually add keys to /etc/ssh/keys-root/authorized_keys so that I can log in without entering a password. I recently discovered a few systems that use dropbear ssh instead of ssh/openssh. Is there an equivalent to authorized_keys for dropbear? Is there any way to add authorized keys for dropbear?


Question Credit: EGr
Question Reference
Asked March 15, 2019
Posted Under: Network
32 views
3 Answers

It appears Dropbear is compatible with ~/.ssh/authorized_keys public key authentication per this documentation. (And all documentation/setups I've seen from a quick Google search)


credit: colealtdelete
Answered March 15, 2019

Pretty old question, but in case someone has same problem.

You just need to put authorized_keys file into /etc/dropbear folder (in my case on Ugoos AM3 with Entware it was /opt/etc/dropbear).

Don't forget to do chmod 0600 /etc/dropbear/authorized_keys.

Ref: https://oldwiki.archive.openwrt.org/doc/howto/dropbear.public-key.auth


credit: DimGun
Answered March 15, 2019

Thanks for the answers from @DimGun and @colealtdelete

I faced this 'opportunity' recently with my now dated Samsung tablet. Unfortunately my tried and true ssh Android app doesn't support older hardware/releases.

I found on simpleSSHD as a very serviceable DropBear based replacement which, and I feel wisely, is set-up so that you can only use authorized_keys for login.

That creates a bit of a bootstrap problem. User notes seemed to assume a few things:

An easy way approach (from my Linux) PC was to paste the new entry into my tablet's authorized_keys file in the simpleSSHD home directory. You can do this by logging-in the first time with a one-time password.

On the PC ...

 #  add the tablet to the PC ~/.ssh/config file
 cat id_rsa.pub | xclip -selection clipboard

Puts the public key entry into my clipboard. Or you can just select and copy.

Then ssh into the tablet:

 $ ssh linuxpc@192.168.xx.zz -p2222  
 The authenticity of host '[192.168.xx.zz]:2222 ([192.168.xx.zz]:2222)' can't be established.
 ECDSA key fingerprint is SHA256:oqsN8RKo9T990vjWiQEGooRBDUyId7yJG28eqGTAsa4.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added '[192.168.xx.zz]:2222' (ECDSA) to the list of known hosts.
 linuxpc@192.168.xx.zz's password: 
 user@android:/data/data/org.galexander.sshd/files $ ls -l
 -rw------- u0_a142  u0_a142      1499 2019-03-13 09:05 dropbear.err
 -rw------- u0_a142  u0_a142         5 2019-03-13 08:52 dropbear.pid
 -rw------- u0_a142  u0_a142       243 2018-09-21 12:41 dropbear_ecdsa_host_key
 $ cat > authorized_keys                                                               
 ecdsa-sha2-nistp256 
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= linuxpc@hostname
 [Ctrl/D]
 $ chmod 0600 authorized_keys

Now the tablet simpleSSHD service is ready for secure login. Trial that with filezilla and ssh with no password, etc.

That all worked very nicely. In addition, these days I can use the file browser without needing an FTP client with the path:

 sftp://linuxpc@192.168.xx.zz:2222//storage/extSdCard/Movies

Somewhat 1,000 times faster that ye olde MTP links. It is advised to set the permissions on the parent directory to: 0700 for the parent equivalent to: ~/.ssh path.


credit: will
Answered March 15, 2019
Your Answer