What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SSH with id_rsa.pub (public key)

pedeb04

Occasional Visitor
Currently I ssh into the router by having enabled ssh and copied my id_rsa.pub on the asuswrt-merlin web interface.
After installing the entware package Openssh-client on the router I thought I would be able to copy the public key to home/.ssh/authorized_keys. This is how I do it between my linux machines.
But after installing openssh-client on the router there is no .ssh directory.
Which got me thinking where does asuswrt-merlin software store the id_rsa.pub I copied to the web interface?
 
Is there a /opt/root/.ssh/authorized_keys file after installing Entware’s version?
 
Is there a /opt/root/.ssh/authorized_keys file after installing Entware’s version?
No. When I cd into opt it takes me to me to /tmp/mnt/Merlin/entware# (mounts USB SSD) as if its some sort of symbolic link?
However, under the root are two hidden files.
/tmp/mnt/Merlin/entware/root# ls -a
. .. .inputrc .profile
 
Based on garycnew reply I did find .ssh and authorized_keys under /tmp/home/root
/tmp/home/root/.ssh# ls
authorized_keys

I am assuming this is where asuswrt-merlin software stores id_rsa.pub files when I copied them into the UI.
Sounds like I don't need the openssh-client package and rather than using the UI to copy id_rsa.pub files I could copy from the terminal to (router) /tmp/home/root/.ssh/autherized_keys
 
I am assuming this is where asuswrt-merlin software stores id_rsa.pub files when I copied them into the UI.
Entries you paste into the UI get saved in nvram (sshd_authkeys) and overwrite the /tmp/mnt/root/.ssh/authorized_keys file when dropbear is started. There is no persistence if you modify that file directly. You have to upload the key to the UI to make it stick.
 
@pedeb04, I run into a similar issue as you, except with the known_hosts file. I use scp on the router to distribute SSL certificates to my various servers on renewal thus I have to keep an updated known_hosts file to prevent scp from asking to add the ESA fingerpint (my renewal script runs twice a day via a cron job). Except as you have figured out, the authorized_keys and known_hosts files in /root/.ssh are dynamically built each time the dropbear service starts. Welcome to the world of embedded Linux systems.

What I did .... Once I had a built known_hosts file, I copied it to the jffs partition where the file will persist. Then, in the services-start script, I copy the jffs copy of known_hosts to the /root/.ssh directory. I don't see why this would not work for the authorized_keys file either.

Of course, the one gotcha is "this is Asus" and you never know when Asus will restart dropbear or if the Asus ASD software will intervene, however, touch wood, I have not had an issue.

Just a thought
 
Oh ya, don't forget that the Router uses dropbear and not the regular SSH function that most Linux distros use. You may need to convert your SSH keypairs to a format compatible with dropbear. See this link for a a utility that I use. I beleive it is part of the router firmware. @garycnew mentions it in the post his referenced above.

 
Thanks everyone for your help, I have learnt a lot from your responses.
But considering that I just wanted treat the router as any other linux device on the network, I am going to keep it simple and stick to pasting the public keys via the the UI.
Getting intimate with the embedded linux system on the router looks like a big time-soak, who names a ssh tool 'dropbear' anyway!!!!
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top