how to save private key and ssh config file in Asuswrt Merlin?

[saccleo]

I want to login a remote server through ssh by key pair without passwd. Where should I put the private key and config files? In normal linux OS, just put them into $ home/.ssh directory.
But in Merlin, I don't know which directory should be work.
Thanks a lot for helping.

 

[Zonkd]

I want to login a remote server through ssh by key pair without passwd. Where should I put the private key and config files? In normal linux OS, just put them into $ home/.ssh directory.
But in Merlin, I don't know which directory should be work.
Thanks a lot for helping.

Private key remains on your host (in ~/.ssh directory) and public key belongs on the router. To copy public key to router it’s easiest to use web browser. You want Administration/ System / Service then in the Authorised keys field copy/paste in your public key. Recommended to enable LAN only for ssh and keep private key on host encrypted with a short password. Does this answer your question?

 

[martinr]

I want to login a remote server through ssh by key pair without passwd. Where should I put the private key and config files? In normal linux OS, just put them into $ home/.ssh directory.
But in Merlin, I don't know which directory should be work.
Thanks a lot for helping.

I’m having a problem understanding your question, to clarify: you are asking about connecting through SSH to a remote server that is not on the same network as your router? You’re not talking about connecting to your router via SSH? What is the client that initiated the connection to the remote server?

 

[JDB]

I want to login a remote server through ssh by key pair without passwd. Where should I put the private key and config files? In normal linux OS, just put them into $ home/.ssh directory.
But in Merlin, I don't know which directory should be work.
Thanks a lot for helping.

I save the id_rsa to /jffs/configs (enable JFFS partition in the Web UI and create the configs dir if not already there).

If you don't already have the key pair, generate it on the router with dropbearkey;

dropbearkey -t rsa -f /jffs/configs/id_rsa

That will print the public part to the terminal for you which you can copy/paste into a file for addition on the remote server ~/.ssh/authorized_keys as normal.

Then from the router you can SSH using the private key with;

ssh -y -i /jffs/configs/id_rsa <user>@<host>

Note I included the -y as this suppresses any yes/no prompt for remote key acceptance - useful if scripting a remote SSH command!

 

[JDB]

It's also worth noting you can copy the private key to /root/.ssh/id_dropbear and it will work without the -i <path_to_key> argument, however every reboot will end up with the file being wiped. This can be solved by adding a 'cp /jffs/configs/id_rsa /root/.ssh/id_dropbear' line to the /jffs/scripts/services-start file (see https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts for more info). Note I see this only as a solution of user initiated ssh sessions, I always recommend explicitly passing the path to the key for scripted/automated ssh sessions as you can't 100% be sure that the /root/.ssh/id_dropbear file exists all the time at boot.

 

[saccleo]

I’m having a problem understanding your question, to clarify: you are asking about connecting through SSH to a remote server that is not on the same network as your router? You’re not talking about connecting to your router via SSH? What is the client that initiated the connection to the remote server?

I am not talking about login my router via SSH with key pair. I am talking about login a remote server from the router via SSH with key pair.

 

[saccleo]

I save the id_rsa to /jffs/configs (enable JFFS partition in the Web UI and create the configs dir if not already there).

If you don't already have the key pair, generate it on the router with dropbearkey;

dropbearkey -t rsa -f /jffs/configs/id_rsa

That will print the public part to the terminal for you which you can copy/paste into a file for addition on the remote server ~/.ssh/authorized_keys as normal.

Then from the router you can SSH using the private key with;

ssh -y -i /jffs/configs/id_rsa <user>@<host>

Note I included the -y as this suppresses any yes/no prompt for remote key acceptance - useful if scripting a remote SSH command!

Thanks a lot for helping.
I tried and succeed.
I also wrote a script in init-start to copy id_dropbear to /root/.ssh, and i can omit '-i private_keyfile'.