Setting up Dropbear Public Key Authentication
Jan 27, 2016
First off make sure that you have an SSH client on your computer. For Windows you will want to download PuTTY.
Generating your Key
To create your key we will be using ssh-keygen, or if you are a Windows user, use puttygen.exe. Just use the following command to generate your ssh-key.
Add your key to your OpenWRT device
To add the key to the authorized_keys file on your OpenWRT device, on your PC enter the following command, replacing 192.168.1.1 with your OpenWRT device IP.
ssh-copy-id [email protected]
The key is added to the /root/.ssh/authorized_keys file on your OpenWRT device. Next we want to add the key to dropbear, so SSH into our OpenWRT device and enter the following command.
cp /root/.ssh/authorized_keys /etc/dropbear/
We need to make sure that the permissions are set correctly, so enter in the following commands.
chmod 700 /etc/dropbear chmod 600 /etc/dropbear/authorized_keys
SSH to your OpenWRT device using your key
If everything was done correctly you can now log into your device using the key, not asking you for a password. If you are using Windows then start PuTTY and follow these steps:
- Session > Host Name: OpenWRT device’s IP address. Set connection type to SSH
- Connection > Data > Auto-login username: root
- Connection > SSH > Auth > Private key file for Authentication: Click browse and select the key you generated before
- Session > Saved Sessions: Enter a name for your session and click the Save button
If you are connecting via terminal, then just SSH to your OpenWRT device using the following command, where 192.168.1.1 is your OpenWRT device’s IP address.
(Optional) Added security
One additional change you can make to increase security is disable Dropbear’s password login.
To do this, while connected via SSH to your OpenWRT device, enter the following commands
uci set [email protected].PasswordAuth=off uci commit dropbear
CT WiFi is a cloud based WiFi management platform for businesses. The firmware gives consumer-grade WiFi access points enterprise-like capabilities. Or you can utilise the captive portal solution with your existing infrastructure. Create a free account and check it here ct-networks.io
Come join CT WiFiSign Up
Sign-up for CT WiFi, it's free for unlimited access points :)