huotg01
Senior Member
I want to Rsync through a ssh tunnel without entering the remote password.
From my reading, in order to do that I have to generate a pair of RSA keys.
In AsusWRT/Merlin, the ssh engine is called Dropbear, and the program used to generate the key pair is named Dropbearkey.
will add a file (id_rsa) with the Private key in it. The file is located in the "home/.ssh/" folder. If there is already a id_rsa file in the folder, Dropbearkey will stop on error. You then have to remove the existing file before running again Dropbearkey.
At the same time Dropbearkey will also print on the terminal the Public Key.
We have to copy/paste this key to the remote router, using the AsusWRT GUI, in the field "SSH Authentication key" by going to the Administration menu, System tab. In fact the key will also be "copied" by Asuswrt to the authorized_keys file of the remote root.
That done, I should be able to ssh log on the remote Router with a command like:
If everything goes well, you will be logged on the remote router. If you are asked to enter the remote password, and then you are logged in the remote after entering it, then it means that your ssh command is ok, but not the keys pairing process.
I read somewhere (https://www.linux-tips.org/article/66/dropbear-rsa-key-problem)
Therefore you just have to specify where is the private key (option -i). After seeing that, I just replace the dbclient by ssh:
and it works (quite normal: it's probably just a symlink...).
If you try the same thing without the "-i" option, no luck. You will asked for the remote password. There is an option with dropbear that allows to specify where is the private key file, with the command:
When trying it I got the errors:
Anyway, it works when using the option "-i" to specify where is the private key. I'm happy because I will be ok to fire Rsync rocket with the command:
Enough for me for today.
Many informations I used today come from http://troy.jdmz.net/rsync/
I will also use that site for the Rsync backup commands.
I someone has/had any success changing the default private key location for Dropbear, or knows where is the configuration file of Dropbear, or knows how to start and stop Dropbear, please add it to this thread.
@opheliagrimm This is not the draft procedure we talked about. I started this thread with a problem, but when describing it, I finally found out an interesting information about Dropbear. That leaded to a bypass, and we no longer have a problem. From now on I will work from the wiki.
From my reading, in order to do that I have to generate a pair of RSA keys.
In AsusWRT/Merlin, the ssh engine is called Dropbear, and the program used to generate the key pair is named Dropbearkey.
Code:
dropbearkey -t rsa -f ~/.ssh/id_rsa
At the same time Dropbearkey will also print on the terminal the Public Key.
We have to copy/paste this key to the remote router, using the AsusWRT GUI, in the field "SSH Authentication key" by going to the Administration menu, System tab. In fact the key will also be "copied" by Asuswrt to the authorized_keys file of the remote root.
That done, I should be able to ssh log on the remote Router with a command like:
Code:
ssh admin@xxxx.asuscomm.com
I read somewhere (https://www.linux-tips.org/article/66/dropbear-rsa-key-problem)
I also found out that this "family" has also a member called dbclient. It can be used to connect to a remote (like ssh) with the command:Using public key authentication with dropbear ssh client is a little different from regular openssh clients. Dropbear doesn't lookup users .ssh directory for user's private key. You should expicitly say which private key will be used for session with the -i parameter.
Code:
dbclient -i ~/.ssh/id_rsa admin@xxxx.asuscomm.com
Code:
ssh -i ~/.ssh/id_rsa admin@xxxx.asuscomm.com
If you try the same thing without the "-i" option, no luck. You will asked for the remote password. There is an option with dropbear that allows to specify where is the private key file, with the command:
Code:
dropbear -r ~/.ssh/id_rsa
When trying it I got the errors:
Code:
Dec 2 10:12:35 dropbear[6370]: Failed listening on '22': Error listening: Address already in use
Dec 2 10:12:35 dropbear[6370]: Early exit: No listening ports available.
Anyway, it works when using the option "-i" to specify where is the private key. I'm happy because I will be ok to fire Rsync rocket with the command:
Code:
rsync -avz -e "dbclient -i /home/root/.ssh/id_rsa" /SourceFiles admin@xxxxx.asuscomm.com:/
Enough for me for today.
Many informations I used today come from http://troy.jdmz.net/rsync/
I will also use that site for the Rsync backup commands.
I someone has/had any success changing the default private key location for Dropbear, or knows where is the configuration file of Dropbear, or knows how to start and stop Dropbear, please add it to this thread.
@opheliagrimm This is not the draft procedure we talked about. I started this thread with a problem, but when describing it, I finally found out an interesting information about Dropbear. That leaded to a bypass, and we no longer have a problem. From now on I will work from the wiki.
Last edited: