dropbear ssh server won't let me connect Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionsshfs will not use ~/.ssh/config (on Linux Mint 15)Why is my ssh connection unauthorized although I have updated my key on the remote machine?How do I stop ssh-agent trying all keys with agent forwarding?SSH via cert-authoritySSH pageant not workingSSH Remote Execution - checking server can do it?Why is my SSH connection being closed immediately after pubkey auth succeeds?SSH Configuration Help / Can't tunnelWho SSH'd into User using auth.log/RSA Keypasswordless ssh to localhost in Ubuntu 16.04

Is there any way for the UK Prime Minister to make a motion directly dependent on Government confidence?

Delete nth line from bottom

Do square wave exist?

How to compare two different files line by line in unix?

What is implied by the word 'Desika'

Using et al. for a last / senior author rather than for a first author

Dating a Former Employee

Is this homebrew Lady of Pain warlock patron balanced?

When the Haste spell ends on a creature, do attackers have advantage against that creature?

Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?

Is grep documentation wrong?

Fundamental Solution of the Pell Equation

また usage in a dictionary

Is there a kind of relay only consumes power when switching?

Does classifying an integer as a discrete log require it be part of a multiplicative group?

Using audio cues to encourage good posture

Can an alien society believe that their star system is the universe?

Can you use the Shield Master feat to shove someone before you make an attack by using a Readied action?

Can anything be seen from the center of the Boötes void? How dark would it be?

What is the longest distance a player character can jump in one leap?

Do wooden building fires get hotter than 600°C?

What font is "z" in "z-score"?

Where are Serre’s lectures at Collège de France to be found?

Why aren't air breathing engines used as small first stages?



dropbear ssh server won't let me connect



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionsshfs will not use ~/.ssh/config (on Linux Mint 15)Why is my ssh connection unauthorized although I have updated my key on the remote machine?How do I stop ssh-agent trying all keys with agent forwarding?SSH via cert-authoritySSH pageant not workingSSH Remote Execution - checking server can do it?Why is my SSH connection being closed immediately after pubkey auth succeeds?SSH Configuration Help / Can't tunnelWho SSH'd into User using auth.log/RSA Keypasswordless ssh to localhost in Ubuntu 16.04



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








5















I'm trying to gain ssh access to my router. Currently I only have telnet access and I installed dropbear and is running (using opkg on a usb drive connected to the router).



From the beginning, what I did was generate a private key and decrypt it (since dropbear doesn't support this yet) and the public one:



cd .ssh
openssl genrsa -des3 -out id_rsa
openssl rsa -in id_rsa -out id_rsa
ssh-keygen -y -f id_rsa > authorized_keys


I uploaded the public key (authorized_keys) to /root/.ssh. I put the file on a Apache server (in my local computer) and download it on the router using wget (so the downloaded file gets root as owner/group) and then changed the permissions to 0600 (same for the client but with my user).



When I try to access, it gives me a "Permission denied (publickey)" error:



$ ssh -v -i ~/.ssh/id_rsa root@192.168.1.1
OpenSSH_7.4p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:1EFA75uwLp+4hBW0t3aaY05QjLzYd4jjDWoULAzF/8o
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /home/chazy/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chazy/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).


Unless I'm misreading what the documentation (GitHub repo) says:




Server public key auth:



You can use ~/.ssh/authorized_keys in the same way as with OpenSSH,
just put the key entries in that file. They should be of the form:



ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc=
someone@hostname



You must make sure that ~/.ssh, and the key file, are only writable by
the user. Beware of editors that split the key into multiple lines.



Dropbear supports some options for authorized_keys entries, see the
manpage.




I did everything it says, so I don't know where the problem could be.



The documentation mentions another way:




Client public key auth:



Dropbear can do public key auth as a client, but you will have to
convert OpenSSH style keys to Dropbear format, or use dropbearkey to
create them.



If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to
do:



dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db
dbclient -i ~/.ssh/id_rsa.db



Dropbear does not support encrypted hostkeys though can connect to
ssh-agent.




So this menas that if I convert the private key to a dropbear private key, I can use the dropbear client to connect to the dropbear server:



dropbearconvert openssh dropbear id_rsa id_rsa.db


I'm going to give this a try and see if it works. But anyways, Server public key auth should work.






linux ssh openwrt key-authentication dropbear







share|improve this question
























  • Does the dropbear ssh server/config allow for root login? By default on several ssh servers, root login is disallowed for security.

    – Kenneth B. Jensen
    Jan 12 '17 at 2:17











  • I think so, I don't see any config file in opt/etc/dropbear (only the host keys), and the parameter to disallow it is -w (not using it).

    – Chazy Chaz
    Jan 12 '17 at 2:31












  • Question edited: followed the steps to convert the ssh key to a dropbear key and nothing (as noted by Ipor Sircer from first answer).

    – Chazy Chaz
    Jan 12 '17 at 3:04












  • Found documentation in the github repo (can't report there, issues are not enabled). Question edited again. Same problem yet :(

    – Chazy Chaz
    Jan 12 '17 at 17:31


















5















I'm trying to gain ssh access to my router. Currently I only have telnet access and I installed dropbear and is running (using opkg on a usb drive connected to the router).



From the beginning, what I did was generate a private key and decrypt it (since dropbear doesn't support this yet) and the public one:



cd .ssh
openssl genrsa -des3 -out id_rsa
openssl rsa -in id_rsa -out id_rsa
ssh-keygen -y -f id_rsa > authorized_keys


I uploaded the public key (authorized_keys) to /root/.ssh. I put the file on a Apache server (in my local computer) and download it on the router using wget (so the downloaded file gets root as owner/group) and then changed the permissions to 0600 (same for the client but with my user).



When I try to access, it gives me a "Permission denied (publickey)" error:



$ ssh -v -i ~/.ssh/id_rsa root@192.168.1.1
OpenSSH_7.4p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:1EFA75uwLp+4hBW0t3aaY05QjLzYd4jjDWoULAzF/8o
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /home/chazy/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chazy/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).


Unless I'm misreading what the documentation (GitHub repo) says:




Server public key auth:



You can use ~/.ssh/authorized_keys in the same way as with OpenSSH,
just put the key entries in that file. They should be of the form:



ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc=
someone@hostname



You must make sure that ~/.ssh, and the key file, are only writable by
the user. Beware of editors that split the key into multiple lines.



Dropbear supports some options for authorized_keys entries, see the
manpage.




I did everything it says, so I don't know where the problem could be.



The documentation mentions another way:




Client public key auth:



Dropbear can do public key auth as a client, but you will have to
convert OpenSSH style keys to Dropbear format, or use dropbearkey to
create them.



If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to
do:



dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db
dbclient -i ~/.ssh/id_rsa.db



Dropbear does not support encrypted hostkeys though can connect to
ssh-agent.




So this menas that if I convert the private key to a dropbear private key, I can use the dropbear client to connect to the dropbear server:



dropbearconvert openssh dropbear id_rsa id_rsa.db


I'm going to give this a try and see if it works. But anyways, Server public key auth should work.






linux ssh openwrt key-authentication dropbear







share|improve this question
























  • Does the dropbear ssh server/config allow for root login? By default on several ssh servers, root login is disallowed for security.

    – Kenneth B. Jensen
    Jan 12 '17 at 2:17











  • I think so, I don't see any config file in opt/etc/dropbear (only the host keys), and the parameter to disallow it is -w (not using it).

    – Chazy Chaz
    Jan 12 '17 at 2:31












  • Question edited: followed the steps to convert the ssh key to a dropbear key and nothing (as noted by Ipor Sircer from first answer).

    – Chazy Chaz
    Jan 12 '17 at 3:04












  • Found documentation in the github repo (can't report there, issues are not enabled). Question edited again. Same problem yet :(

    – Chazy Chaz
    Jan 12 '17 at 17:31














5












5








5


2






I'm trying to gain ssh access to my router. Currently I only have telnet access and I installed dropbear and is running (using opkg on a usb drive connected to the router).



From the beginning, what I did was generate a private key and decrypt it (since dropbear doesn't support this yet) and the public one:



cd .ssh
openssl genrsa -des3 -out id_rsa
openssl rsa -in id_rsa -out id_rsa
ssh-keygen -y -f id_rsa > authorized_keys


I uploaded the public key (authorized_keys) to /root/.ssh. I put the file on a Apache server (in my local computer) and download it on the router using wget (so the downloaded file gets root as owner/group) and then changed the permissions to 0600 (same for the client but with my user).



When I try to access, it gives me a "Permission denied (publickey)" error:



$ ssh -v -i ~/.ssh/id_rsa root@192.168.1.1
OpenSSH_7.4p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:1EFA75uwLp+4hBW0t3aaY05QjLzYd4jjDWoULAzF/8o
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /home/chazy/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chazy/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).


Unless I'm misreading what the documentation (GitHub repo) says:




Server public key auth:



You can use ~/.ssh/authorized_keys in the same way as with OpenSSH,
just put the key entries in that file. They should be of the form:



ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc=
someone@hostname



You must make sure that ~/.ssh, and the key file, are only writable by
the user. Beware of editors that split the key into multiple lines.



Dropbear supports some options for authorized_keys entries, see the
manpage.




I did everything it says, so I don't know where the problem could be.



The documentation mentions another way:




Client public key auth:



Dropbear can do public key auth as a client, but you will have to
convert OpenSSH style keys to Dropbear format, or use dropbearkey to
create them.



If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to
do:



dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db
dbclient -i ~/.ssh/id_rsa.db



Dropbear does not support encrypted hostkeys though can connect to
ssh-agent.




So this menas that if I convert the private key to a dropbear private key, I can use the dropbear client to connect to the dropbear server:



dropbearconvert openssh dropbear id_rsa id_rsa.db


I'm going to give this a try and see if it works. But anyways, Server public key auth should work.






linux ssh openwrt key-authentication dropbear







share|improve this question
















I'm trying to gain ssh access to my router. Currently I only have telnet access and I installed dropbear and is running (using opkg on a usb drive connected to the router).



From the beginning, what I did was generate a private key and decrypt it (since dropbear doesn't support this yet) and the public one:



cd .ssh
openssl genrsa -des3 -out id_rsa
openssl rsa -in id_rsa -out id_rsa
ssh-keygen -y -f id_rsa > authorized_keys


I uploaded the public key (authorized_keys) to /root/.ssh. I put the file on a Apache server (in my local computer) and download it on the router using wget (so the downloaded file gets root as owner/group) and then changed the permissions to 0600 (same for the client but with my user).



When I try to access, it gives me a "Permission denied (publickey)" error:



$ ssh -v -i ~/.ssh/id_rsa root@192.168.1.1
OpenSSH_7.4p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/chazy/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:1EFA75uwLp+4hBW0t3aaY05QjLzYd4jjDWoULAzF/8o
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /home/chazy/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chazy/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).


Unless I'm misreading what the documentation (GitHub repo) says:




Server public key auth:



You can use ~/.ssh/authorized_keys in the same way as with OpenSSH,
just put the key entries in that file. They should be of the form:



ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc=
someone@hostname



You must make sure that ~/.ssh, and the key file, are only writable by
the user. Beware of editors that split the key into multiple lines.



Dropbear supports some options for authorized_keys entries, see the
manpage.




I did everything it says, so I don't know where the problem could be.



The documentation mentions another way:




Client public key auth:



Dropbear can do public key auth as a client, but you will have to
convert OpenSSH style keys to Dropbear format, or use dropbearkey to
create them.



If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to
do:



dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db
dbclient -i ~/.ssh/id_rsa.db



Dropbear does not support encrypted hostkeys though can connect to
ssh-agent.




So this menas that if I convert the private key to a dropbear private key, I can use the dropbear client to connect to the dropbear server:



dropbearconvert openssh dropbear id_rsa id_rsa.db


I'm going to give this a try and see if it works. But anyways, Server public key auth should work.






linux ssh openwrt key-authentication dropbear




linux ssh openwrt key-authentication dropbear






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 31 '18 at 11:52









Law29

9281616




9281616










asked Jan 12 '17 at 1:44









Chazy ChazChazy Chaz

12914




12914












  • Does the dropbear ssh server/config allow for root login? By default on several ssh servers, root login is disallowed for security.

    – Kenneth B. Jensen
    Jan 12 '17 at 2:17











  • I think so, I don't see any config file in opt/etc/dropbear (only the host keys), and the parameter to disallow it is -w (not using it).

    – Chazy Chaz
    Jan 12 '17 at 2:31












  • Question edited: followed the steps to convert the ssh key to a dropbear key and nothing (as noted by Ipor Sircer from first answer).

    – Chazy Chaz
    Jan 12 '17 at 3:04












  • Found documentation in the github repo (can't report there, issues are not enabled). Question edited again. Same problem yet :(

    – Chazy Chaz
    Jan 12 '17 at 17:31


















  • Does the dropbear ssh server/config allow for root login? By default on several ssh servers, root login is disallowed for security.

    – Kenneth B. Jensen
    Jan 12 '17 at 2:17











  • I think so, I don't see any config file in opt/etc/dropbear (only the host keys), and the parameter to disallow it is -w (not using it).

    – Chazy Chaz
    Jan 12 '17 at 2:31












  • Question edited: followed the steps to convert the ssh key to a dropbear key and nothing (as noted by Ipor Sircer from first answer).

    – Chazy Chaz
    Jan 12 '17 at 3:04












  • Found documentation in the github repo (can't report there, issues are not enabled). Question edited again. Same problem yet :(

    – Chazy Chaz
    Jan 12 '17 at 17:31

















Does the dropbear ssh server/config allow for root login? By default on several ssh servers, root login is disallowed for security.

– Kenneth B. Jensen
Jan 12 '17 at 2:17





Does the dropbear ssh server/config allow for root login? By default on several ssh servers, root login is disallowed for security.

– Kenneth B. Jensen
Jan 12 '17 at 2:17













I think so, I don't see any config file in opt/etc/dropbear (only the host keys), and the parameter to disallow it is -w (not using it).

– Chazy Chaz
Jan 12 '17 at 2:31






I think so, I don't see any config file in opt/etc/dropbear (only the host keys), and the parameter to disallow it is -w (not using it).

– Chazy Chaz
Jan 12 '17 at 2:31














Question edited: followed the steps to convert the ssh key to a dropbear key and nothing (as noted by Ipor Sircer from first answer).

– Chazy Chaz
Jan 12 '17 at 3:04






Question edited: followed the steps to convert the ssh key to a dropbear key and nothing (as noted by Ipor Sircer from first answer).

– Chazy Chaz
Jan 12 '17 at 3:04














Found documentation in the github repo (can't report there, issues are not enabled). Question edited again. Same problem yet :(

– Chazy Chaz
Jan 12 '17 at 17:31






Found documentation in the github repo (can't report there, issues are not enabled). Question edited again. Same problem yet :(

– Chazy Chaz
Jan 12 '17 at 17:31











4 Answers
4






active

oldest

votes


















2














authorized_keys is a file, not a directory.




An example authorized_keys file:




 # Comments allowed at start of line
 ssh-rsa AAAAB3Nza...LiPk== user@example.net
 from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
 AAAAB2...19Q== john@example.net


http://man.he.net/man5/authorized_keys



Also the .ssh/ and all files in it must be owned and readable only by the user, in this case root.






share|improve this answer


















  • 1





    I just fixed that but still no luck :( (see updated question).

    – Chazy Chaz
    Jan 12 '17 at 3:10


















1














man dropbearkeys:



NOTES
 The program dropbearconvert(1) can be used to convert between Dropbear
 and OpenSSH key formats.

 Dropbear does not support encrypted keys.

EXAMPLE
 generate a host-key:
 # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

 extract a public key suitable for authorized_keys from private key:
 # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys





share|improve this answer























  • I did managed to convert the private key, but still no luck :( (see updated question).

    – Chazy Chaz
    Jan 12 '17 at 3:09


















1














Short answer: You are probably running OpenWrt, and you need to put your public key in /etc/dropbear/authorized_keys instead of /root/.ssh/authorized_keys.



Long answer:



The GitHup repo you point to is the one maintained by the dropbear author; it says that ~/.ssh/authorized_keys works, and according to git blame it has done so at least for 14 years. Looking at the code in svr-authpubkey.c it adds /.ssh/authorized_keys to the "pw_dir".



I, however, had the same problem as you have, and I discovered that the binary provided in OpenWrt 18.06.1 is actually opening /etc/dropbear/authorized_keys. Using that file works for me.



This behavior is documented in the OpenWrt docs.



So how come?



Given that the code above cannot produce that filename on its own (the .ssh is missing) and there is no .ssh symlink anywhere, I ran strings on the binary. That showed that /etc/dropbear/authorized_keys is mentioned explicitly, just before of the %s/.ssh/authorized_keys that can be expected from the GitHub code. I conclude that the OpenWrt binary is not compiled from the same sources... and indeed, OpenWrt patches the upstream code with this patch. It changes the file used to /etc/dropbear/authorized_keys if (and only if) the target user is root.



Since you mention opkg, I imagine you are also using OpenWrt, and that this is your problem. I'll add an OpenWrt tag to your question (if I can).






share|improve this answer
































    0














    You need to create ssh key using dropbearkey tool.
    RSA_KEYFILE=/etc/dropbear/dropbear_rsa_host_key
    DSS_KEYFILE=/etc/dropbear/dropbear_dss_host_key



    dropbearkey -t dss -f $DSS_KEYFILE



    dropbearkey -t rsa -f $RSA_KEYFILE



    Then restart the dropbear daemon.
    Then try to connect, it should work.






    share|improve this answer























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f336736%2fdropbear-ssh-server-wont-let-me-connect%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      2














      authorized_keys is a file, not a directory.




      An example authorized_keys file:




       # Comments allowed at start of line
       ssh-rsa AAAAB3Nza...LiPk== user@example.net
       from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
       AAAAB2...19Q== john@example.net


      http://man.he.net/man5/authorized_keys



      Also the .ssh/ and all files in it must be owned and readable only by the user, in this case root.






      share|improve this answer


















      • 1





        I just fixed that but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:10















      2














      authorized_keys is a file, not a directory.




      An example authorized_keys file:




       # Comments allowed at start of line
       ssh-rsa AAAAB3Nza...LiPk== user@example.net
       from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
       AAAAB2...19Q== john@example.net


      http://man.he.net/man5/authorized_keys



      Also the .ssh/ and all files in it must be owned and readable only by the user, in this case root.






      share|improve this answer


















      • 1





        I just fixed that but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:10













      2












      2








      2







      authorized_keys is a file, not a directory.




      An example authorized_keys file:




       # Comments allowed at start of line
       ssh-rsa AAAAB3Nza...LiPk== user@example.net
       from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
       AAAAB2...19Q== john@example.net


      http://man.he.net/man5/authorized_keys



      Also the .ssh/ and all files in it must be owned and readable only by the user, in this case root.






      share|improve this answer













      authorized_keys is a file, not a directory.




      An example authorized_keys file:




       # Comments allowed at start of line
       ssh-rsa AAAAB3Nza...LiPk== user@example.net
       from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
       AAAAB2...19Q== john@example.net


      http://man.he.net/man5/authorized_keys



      Also the .ssh/ and all files in it must be owned and readable only by the user, in this case root.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Jan 12 '17 at 2:13









      ChloeChloe

      2401513




      2401513







      • 1





        I just fixed that but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:10












      • 1





        I just fixed that but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:10







      1




      1





      I just fixed that but still no luck :( (see updated question).

      – Chazy Chaz
      Jan 12 '17 at 3:10





      I just fixed that but still no luck :( (see updated question).

      – Chazy Chaz
      Jan 12 '17 at 3:10













      1














      man dropbearkeys:



      NOTES
       The program dropbearconvert(1) can be used to convert between Dropbear
       and OpenSSH key formats.

       Dropbear does not support encrypted keys.

      EXAMPLE
       generate a host-key:
       # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

       extract a public key suitable for authorized_keys from private key:
       # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys





      share|improve this answer























      • I did managed to convert the private key, but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:09















      1














      man dropbearkeys:



      NOTES
       The program dropbearconvert(1) can be used to convert between Dropbear
       and OpenSSH key formats.

       Dropbear does not support encrypted keys.

      EXAMPLE
       generate a host-key:
       # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

       extract a public key suitable for authorized_keys from private key:
       # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys





      share|improve this answer























      • I did managed to convert the private key, but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:09













      1












      1








      1







      man dropbearkeys:



      NOTES
       The program dropbearconvert(1) can be used to convert between Dropbear
       and OpenSSH key formats.

       Dropbear does not support encrypted keys.

      EXAMPLE
       generate a host-key:
       # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

       extract a public key suitable for authorized_keys from private key:
       # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys





      share|improve this answer













      man dropbearkeys:



      NOTES
       The program dropbearconvert(1) can be used to convert between Dropbear
       and OpenSSH key formats.

       Dropbear does not support encrypted keys.

      EXAMPLE
       generate a host-key:
       # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

       extract a public key suitable for authorized_keys from private key:
       # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys






      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Jan 12 '17 at 1:47









      Ipor SircerIpor Sircer

      11k11224




      11k11224












      • I did managed to convert the private key, but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:09

















      • I did managed to convert the private key, but still no luck :( (see updated question).

        – Chazy Chaz
        Jan 12 '17 at 3:09
















      I did managed to convert the private key, but still no luck :( (see updated question).

      – Chazy Chaz
      Jan 12 '17 at 3:09





      I did managed to convert the private key, but still no luck :( (see updated question).

      – Chazy Chaz
      Jan 12 '17 at 3:09











      1














      Short answer: You are probably running OpenWrt, and you need to put your public key in /etc/dropbear/authorized_keys instead of /root/.ssh/authorized_keys.



      Long answer:



      The GitHup repo you point to is the one maintained by the dropbear author; it says that ~/.ssh/authorized_keys works, and according to git blame it has done so at least for 14 years. Looking at the code in svr-authpubkey.c it adds /.ssh/authorized_keys to the "pw_dir".



      I, however, had the same problem as you have, and I discovered that the binary provided in OpenWrt 18.06.1 is actually opening /etc/dropbear/authorized_keys. Using that file works for me.



      This behavior is documented in the OpenWrt docs.



      So how come?



      Given that the code above cannot produce that filename on its own (the .ssh is missing) and there is no .ssh symlink anywhere, I ran strings on the binary. That showed that /etc/dropbear/authorized_keys is mentioned explicitly, just before of the %s/.ssh/authorized_keys that can be expected from the GitHub code. I conclude that the OpenWrt binary is not compiled from the same sources... and indeed, OpenWrt patches the upstream code with this patch. It changes the file used to /etc/dropbear/authorized_keys if (and only if) the target user is root.



      Since you mention opkg, I imagine you are also using OpenWrt, and that this is your problem. I'll add an OpenWrt tag to your question (if I can).






      share|improve this answer





























        1














        Short answer: You are probably running OpenWrt, and you need to put your public key in /etc/dropbear/authorized_keys instead of /root/.ssh/authorized_keys.



        Long answer:



        The GitHup repo you point to is the one maintained by the dropbear author; it says that ~/.ssh/authorized_keys works, and according to git blame it has done so at least for 14 years. Looking at the code in svr-authpubkey.c it adds /.ssh/authorized_keys to the "pw_dir".



        I, however, had the same problem as you have, and I discovered that the binary provided in OpenWrt 18.06.1 is actually opening /etc/dropbear/authorized_keys. Using that file works for me.



        This behavior is documented in the OpenWrt docs.



        So how come?



        Given that the code above cannot produce that filename on its own (the .ssh is missing) and there is no .ssh symlink anywhere, I ran strings on the binary. That showed that /etc/dropbear/authorized_keys is mentioned explicitly, just before of the %s/.ssh/authorized_keys that can be expected from the GitHub code. I conclude that the OpenWrt binary is not compiled from the same sources... and indeed, OpenWrt patches the upstream code with this patch. It changes the file used to /etc/dropbear/authorized_keys if (and only if) the target user is root.



        Since you mention opkg, I imagine you are also using OpenWrt, and that this is your problem. I'll add an OpenWrt tag to your question (if I can).






        share|improve this answer



























          1












          1








          1







          Short answer: You are probably running OpenWrt, and you need to put your public key in /etc/dropbear/authorized_keys instead of /root/.ssh/authorized_keys.



          Long answer:



          The GitHup repo you point to is the one maintained by the dropbear author; it says that ~/.ssh/authorized_keys works, and according to git blame it has done so at least for 14 years. Looking at the code in svr-authpubkey.c it adds /.ssh/authorized_keys to the "pw_dir".



          I, however, had the same problem as you have, and I discovered that the binary provided in OpenWrt 18.06.1 is actually opening /etc/dropbear/authorized_keys. Using that file works for me.



          This behavior is documented in the OpenWrt docs.



          So how come?



          Given that the code above cannot produce that filename on its own (the .ssh is missing) and there is no .ssh symlink anywhere, I ran strings on the binary. That showed that /etc/dropbear/authorized_keys is mentioned explicitly, just before of the %s/.ssh/authorized_keys that can be expected from the GitHub code. I conclude that the OpenWrt binary is not compiled from the same sources... and indeed, OpenWrt patches the upstream code with this patch. It changes the file used to /etc/dropbear/authorized_keys if (and only if) the target user is root.



          Since you mention opkg, I imagine you are also using OpenWrt, and that this is your problem. I'll add an OpenWrt tag to your question (if I can).






          share|improve this answer















          Short answer: You are probably running OpenWrt, and you need to put your public key in /etc/dropbear/authorized_keys instead of /root/.ssh/authorized_keys.



          Long answer:



          The GitHup repo you point to is the one maintained by the dropbear author; it says that ~/.ssh/authorized_keys works, and according to git blame it has done so at least for 14 years. Looking at the code in svr-authpubkey.c it adds /.ssh/authorized_keys to the "pw_dir".



          I, however, had the same problem as you have, and I discovered that the binary provided in OpenWrt 18.06.1 is actually opening /etc/dropbear/authorized_keys. Using that file works for me.



          This behavior is documented in the OpenWrt docs.



          So how come?



          Given that the code above cannot produce that filename on its own (the .ssh is missing) and there is no .ssh symlink anywhere, I ran strings on the binary. That showed that /etc/dropbear/authorized_keys is mentioned explicitly, just before of the %s/.ssh/authorized_keys that can be expected from the GitHub code. I conclude that the OpenWrt binary is not compiled from the same sources... and indeed, OpenWrt patches the upstream code with this patch. It changes the file used to /etc/dropbear/authorized_keys if (and only if) the target user is root.



          Since you mention opkg, I imagine you are also using OpenWrt, and that this is your problem. I'll add an OpenWrt tag to your question (if I can).







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 10 hours ago









          Rui F Ribeiro

          42.1k1484142




          42.1k1484142










          answered Oct 31 '18 at 7:16









          Law29Law29

          9281616




          9281616





















              0














              You need to create ssh key using dropbearkey tool.
              RSA_KEYFILE=/etc/dropbear/dropbear_rsa_host_key
              DSS_KEYFILE=/etc/dropbear/dropbear_dss_host_key



              dropbearkey -t dss -f $DSS_KEYFILE



              dropbearkey -t rsa -f $RSA_KEYFILE



              Then restart the dropbear daemon.
              Then try to connect, it should work.






              share|improve this answer



























                0














                You need to create ssh key using dropbearkey tool.
                RSA_KEYFILE=/etc/dropbear/dropbear_rsa_host_key
                DSS_KEYFILE=/etc/dropbear/dropbear_dss_host_key



                dropbearkey -t dss -f $DSS_KEYFILE



                dropbearkey -t rsa -f $RSA_KEYFILE



                Then restart the dropbear daemon.
                Then try to connect, it should work.






                share|improve this answer

























                  0












                  0








                  0







                  You need to create ssh key using dropbearkey tool.
                  RSA_KEYFILE=/etc/dropbear/dropbear_rsa_host_key
                  DSS_KEYFILE=/etc/dropbear/dropbear_dss_host_key



                  dropbearkey -t dss -f $DSS_KEYFILE



                  dropbearkey -t rsa -f $RSA_KEYFILE



                  Then restart the dropbear daemon.
                  Then try to connect, it should work.






                  share|improve this answer













                  You need to create ssh key using dropbearkey tool.
                  RSA_KEYFILE=/etc/dropbear/dropbear_rsa_host_key
                  DSS_KEYFILE=/etc/dropbear/dropbear_dss_host_key



                  dropbearkey -t dss -f $DSS_KEYFILE



                  dropbearkey -t rsa -f $RSA_KEYFILE



                  Then restart the dropbear daemon.
                  Then try to connect, it should work.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 10 '18 at 5:31









                  Rahul RaviRahul Ravi

                  1




                  1



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f336736%2fdropbear-ssh-server-wont-let-me-connect%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -dropbear, key-authentication, linux, openwrt, ssh
                      -

                      Popular posts from this blog

                      Frič See also Navigation menuinternal link

                      Image
                      SurnamesCzech-language surnames ‹ The template Infobox surname is being considered for merging. › Frič Origin Language(s) Czechized German (eastern Middle German dialects and Alemannic German) - Thuringian, Upper Saxon, Low Lusatian, Silesian Meaning derived from German: Friedrich Other names Variant(s) Fritsch, Fritzsch, Frycz, Fricz, Fryczyński, Frietsch, Fritsche, Fritzsche; Fritschi (Alemannic), Fritz, Fritze, Fritzel, Fritzl, Fritzke, Fritzen Frič is a Czechized German surname. Notable people with the surname include: Alberto Vojtěch Frič, Czech botanist Antonín Jan Frič (Fritsch) , Czech paleontologist Jaroslav Erik Frič, Czech poet Martin Frič, Czech film director, screenwriter and actor See also Fričovce (Hungarian: Frics ) .mw-parser-output table.dmboxclear:both;margin:0.9em 1em;border-top:1px solid #ccc;border-bottom:1px solid #ccc;background-color:transparent Surname list This page lists people with the surname Frič . If an internal link intending to refer to a specifi
                      Read more

                      Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

                      Image
                      Apollo command module space walk? prime numbers and expressing non-prime numbers Can a non-EU citizen traveling with me come with me through the EU passport line? Extract all GPU name, model and GPU ram How to deal with a team lead who never gives me credit? Why was the term "discrete" used in discrete logarithm? Why do we bend a book to keep it straight? When do you get frequent flier miles - when you buy, or when you fly? How come Sam didn't become Lord of Horn Hill? At the end of Thor: Ragnarok why don't the Asgardians turn and head for the Bifrost as per their original plan? Is it true that "carbohydrates are of no use for the basal metabolic need"? Using et al. for a last / senior author rather than for a first author How to tell that you are a giant? How to react to hostile behavior from a senior developer? String `!23` is replaced with `docker` in command line How to find out what spells would be useless to a blind NPC sp
                      Read more

                      fontconfig warning: “/etc/fonts/fonts.conf”, line 100: unknown “element blank” The 2019 Stack Overflow Developer Survey Results Are In“tar: unrecognized option --warning” during 'apt-get install'How to fix Fontconfig errorHow do I figure out which font file is chosen for a system generic font alias?Why are some apt-get-installed fonts being ignored by fc-list, xfontsel, etc?Reload settings in /etc/fonts/conf.dTaking 30 seconds longer to boot after upgrade from jessie to stretchHow to match multiple font names with a single <match> element?Adding a custom font to fontconfigRemoving fonts from fontconfig <match> resultsBroken fonts after upgrading Firefox ESR to latest Firefox

                      Image
                      How to type this arrow in math mode? Multiply Two Integer Polynomials What do hard-Brexiteers want with respect to the Irish border? Why isn't the circumferential light around the M87 black hole's event horizon symmetric? For what reasons would an animal species NOT cross a *horizontal* land bridge? Can one be advised by a professor who is very far away? Identify boardgame from Big movie slides for 30min~1hr skype tenure track application interview Why do we hear so much about the Trump administration deciding to impose and then remove tariffs? If I score a critical hit on an 18 or higher, what are my chances of getting a critical hit if I roll 3d20? Can we generate random numbers using irrational numbers like π and e? Worn-tile Scrabble Output the Arecibo Message What is the meaning of Triage in Cybersec world? How are circuits which use complex ICs normally simulated? Shouldn't "much" here be used instead of "more"? Dele
                      Read more