What's new

Problem with multiple SSH keys

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

pdc

Regular Contributor
Hello,

I am having problems accessing SSH to an AiMesh node when I have multiple SSH Authorized Keys configured. I have configured the keys using Administration > System > Authorized Keys, one key per line.

I found that the main node (GT-AX6000 running Merlin 3004.388.7) and AiMesh node (RT-AC86U Asus F/W 3.0.0.4.386_51925) have the same nvram value, e.g.

Code:
# nvram get sshd_authkeys
ssh-rsa KEY1 comment1>ssh-rsa KEY2 comment2>ssh-rsa KEY3 comment3

On the Merlin node, this results in an authorized keys file like you'd expect:
Code:
# cat ~/.ssh/authorized_keys
ssh-rsa KEY1 comment1
ssh-rsa KEY2 comment2
ssh-rsa KEY3 comment3

However, on the AiMesh node, the nvram is not converted:
Code:
# cat ~/.ssh/authorized_keys
ssh-rsa KEY1 comment1>ssh-rsa KEY2 comment2>ssh-rsa KEY3 comment3

SSH doesn't recognize > as a key separator, so every node reboot I need to log on to fix the authorized keys file.

Is there something I'm not doing right?
 
Technical limitation. To support more than one key, Asuswrt-Merlin has to encode the keys differently, and that method is not compatible with stock firmware (so, it won't work with AiMesh nodes).
 
@RMerlin thanks for the clarification! That's all the excuse I needed to install Merlin on the mesh node :)
 
@RMerlin thanks for the clarification! That's all the excuse I needed to install Merlin on the mesh node :)
I never tested if propagation of that setting works properly even if the node runs Asuswrt-Merlin, you will have to test it. The propagation code is closed source, so I have no idea what kind of processing it might do before transmissing settings to the nodes.
 
Someday I should see if the initial encoding issue that prevented having multiple keys has been fixed. Nvram handling code has changed a fair bit in modern HND devices versus older ARM devices. That's however quite a bit low on my lengthy ToDo list...
 
Another example of where RMerlin firmware on the main and nodes is the more robust, reliable, and suggested setup from me.
 
It works for me, I have several SSH keys and they all work on the router and the node.
I have Merlin FW on both router and node.

BUT - I had to define them on the router, then add the node to AiMesh.
If I add new ones to the router, they don't propagate to the node without removing/adding it to AiMesh again.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top