What's new

Replace Dropbear SSH with OpenSSH.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

unsynaps

Senior Member
Has anyone replaced the built in Dropbear SSH with OpenSSH?
I would like to do this because of this bug that still has not b een addressed.

Wondering if someone has working instructions because if you mess something up you are basically 'locked out' and have to factory default.
 
Openssh-server is in entware - so enjoy!

You don't need to replace Dropbear with Openssh-Server, just run it on a different port

The "bug" you mention in the link - not a dropbear bug, it's a client one...

 
Has anyone replaced the built in Dropbear SSH with OpenSSH?
I would like to do this because of this bug that still has not b een addressed.

Wondering if someone has working instructions because if you mess something up you are basically 'locked out' and have to factory default.
Since Dropbear is built into the F/W, you can't actually replace it in the sense that you cannot remove it and put something else in its place. But you can certainly install the OpenSSH server as an alternative method while still leaving the built-in Dropbear server active to be your fallback just in case the OpenSSH server fails to run for some reason (e.g. USB-attached disk where Entware is installed does not get mounted during a reboot).

Here's a post with instructions to install & set up an OpenSSH server:

I would also suggest trying an experiment by running a new Dropbear server instance with the following command:
Bash:
/usr/sbin/dropbear -p IP:PORT -s -j -k -K 15
Where "IP" is the router's IP address, and "PORT" is a new listening port number (*must* be different from your current Dropbear server port). The "-K 15" is the "keepalive" option set in seconds. Now have your SSH client open a new connection using the new listening PORT number set in the above command and see if the problem still persists.

My 2 cents.
 
If like me, there are times when you get interrupted and leave your session for an hour or two, then you might be interested in using MOSH instead.
 
Has anyone replaced the built in Dropbear SSH with OpenSSH?
I would like to do this because of this bug that still has not b een addressed.

Wondering if someone has working instructions because if you mess something up you are basically 'locked out' and have to factory default.
I was considering it given dropbear doesn't support sftp/scp, but the resource footprint of OpenSSH vs Dropbear is significantly larger so decided against.
 
my two cents:

Code:
aptitude install dropbear-bin

mkdir -p ~/tmp ; cd ~/tmp

cp /etc/ssh/ssh_host_{ecdsa,ed25519,rsa}_key ./

# conver openssh keys to PEM (dropbearconvert can only read keys in PEM format)

ssh-keygen -p -f ssh_host_ecdsa_key -m pem
ssh-keygen -p -f ssh_host_ed25519_key -m pem
ssh-keygen -p -f ssh_host_rsa_key -m pem

# conver PEM openssh keys to dropbear format

dropbearconvert openssh dropbear ssh_host_ecdsa_key dropbear_ecdsa_host_key
dropbearconvert openssh dropbear ssh_host_ed25519_key dropbear_ed25519_host_key
dropbearconvert openssh dropbear ssh_host_rsa_key dropbear_rsa_host_key

scp dropbear_*_key admin@<ASUS_IP>:/jffs/.ssh
 
my two cents:

Code:
aptitude install dropbear-bin

mkdir -p ~/tmp ; cd ~/tmp

cp /etc/ssh/ssh_host_{ecdsa,ed25519,rsa}_key ./

# conver openssh keys to PEM (dropbearconvert can only read keys in PEM format)

ssh-keygen -p -f ssh_host_ecdsa_key -m pem
ssh-keygen -p -f ssh_host_ed25519_key -m pem
ssh-keygen -p -f ssh_host_rsa_key -m pem

# conver PEM openssh keys to dropbear format

dropbearconvert openssh dropbear ssh_host_ecdsa_key dropbear_ecdsa_host_key
dropbearconvert openssh dropbear ssh_host_ed25519_key dropbear_ed25519_host_key
dropbearconvert openssh dropbear ssh_host_rsa_key dropbear_rsa_host_key

scp dropbear_*_key admin@<ASUS_IP>:/jffs/.ssh
Hi Matteo,
Expertise appreciated. I'm attempting to setup script (without password) ssh login and scp to raspberry-pi server on the same LAN as my router and having trouble with:
Code:
pwd
/root/.ssh
ls -l
authorized_keys # empty
known_hosts # contains: raspberry-pi ssh-ed25519 long...ssh...key
ssh-copy-id raspberry-pi
-sh: ssh-copy-id: not found

Looks like the code you provided may work or is there a concise way to use dropbear to ssh and scp to raspberry-pi without providing password each logon?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top