Setting up Dropbear Public Key Authentication

Jan 27, 2016

First off make sure that you have an SSH client on your computer. For Windows you will want to download PuTTY.

Generating your Key

To create your key we will be using ssh-keygen, or if you are a Windows user, use puttygen.exe. Just use the following command to generate your ssh-key.

ssh-keygen

Add your key to your OpenWRT device

To add the key to the authorized_keys file on your OpenWRT device, on your PC enter the following command, replacing 192.168.1.1 with your OpenWRT device IP.

ssh-copy-id [email protected]

The key is added to the /root/.ssh/authorized_keys file on your OpenWRT device. Next we want to add the key to dropbear, so SSH into our OpenWRT device and enter the following command.

cp /root/.ssh/authorized_keys /etc/dropbear/

We need to make sure that the permissions are set correctly, so enter in the following commands.

chmod 700 /etc/dropbear
chmod 600 /etc/dropbear/authorized_keys

SSH to your OpenWRT device using your key

If everything was done correctly you can now log into your device using the key, not asking you for a password. If you are using Windows then start PuTTY and follow these steps:

  • Session > Host Name: OpenWRT device’s IP address. Set connection type to SSH
  • Connection > Data > Auto-login username: root
  • Connection > SSH > Auth > Private key file for Authentication: Click browse and select the key you generated before
  • Session > Saved Sessions: Enter a name for your session and click the Save button

If you are connecting via terminal, then just SSH to your OpenWRT device using the following command, where 192.168.1.1 is your OpenWRT device’s IP address.

ssh [email protected]

(Optional) Added security

One additional change you can make to increase security is disable Dropbear’s password login.

To do this, while connected via SSH to your OpenWRT device, enter the following commands

uci set dropbear.@dropbear[0].PasswordAuth=off
uci commit dropbear

CT WiFi is a cloud based WiFi management platform for businesses. The firmware gives consumer-grade WiFi access points enterprise-like capabilities. Or you can utilise the captive portal solution with your existing infrastructure. Create a free account and check it here ct-networks.io

Come join CT WiFi

Sign Up

Sign-up for CT WiFi, it's free for unlimited access points :)