Engima2 enable ssh key access only

**birdman** · 20-04-17, 12:00

Originally Posted by birdman

It's running busybox, so the ssh is dropbear.

Not quite sure why I though the former meant the latter.

Anyway - I (think) I've worked out a way to do it.

Create a .ssh directory for root.
Put an authorized_keys file in . This should contain the public copy of the key you wish to authenticate with (one line starting ssh-rsa.....).
Then change the /etc/default/dropbear file to contain:
Code:
```
DROPBEAR_EXTRA_ARGS="-g"
```

For this to persists over any reflashes you'll need to add /etc/default/dropbear and /home/root/.ssh to the backup file list.

**Alankellyeire** · 20-04-17, 21:33

Originally Posted by birdman

Not quite sure why I though the former meant the latter.

Anyway - I (think) I've worked out a way to do it.

Create a .ssh directory for root.
Put an authorized_keys file in . This should contain the public copy of the key you wish to authenticate with (one line starting ssh-rsa.....).
Then change the /etc/default/dropbear file to contain:
Code:
```
DROPBEAR_EXTRA_ARGS="-g"
```

For this to persists over any reflashes you'll need to add /etc/default/dropbear and /home/root/.ssh to the backup file list.

no luck bud.

this has me baffled. on the man page it says dropbearconvert is needed to convert the private key either openssh or dropbear to the other. since mac and Ubuntu use openssh shouldn't i need to use it.

im going to keep searching, if i find a solution or anything helpful ill post it here.

thanks

**birdman** · 21-04-17, 00:15

Originally Posted by Alankellyeire

this has me baffled. on the man page it says dropbearconvert is needed to convert the private key either openssh or dropbear to the other. since mac and Ubuntu use openssh shouldn't i need to use it.

You don't need to convert any keys.

Oh. and I forgot to add the final point above.

Restart* dropbear, or reboot the system (which will achieve the same thing):

*

Code:

/etc/init.d/dropbear restart

**Alankellyeire** · 21-04-17, 08:41

I have been restarting after every settings change but still no luck. I try again when I finish work and I'll post all the commands Im using.

Can you connect to your box using keys generated using openssh? Like I'm trying to do?

**birdman** · 21-04-17, 09:13

Originally Posted by Alankellyeire

Can you connect to your box using keys generated using openssh? Like I'm trying to do?

Yes, I just copy the id_rsa.pub file from the account I want to connect to root to /home/root/.ssh/authorized_keys.

Having done that and restarted dropbear with a "-g" option the result is:

Account with that id_rsa.pub

Code:

[parent]: slogin root@et8000
root@et8000:~#

Account without that id_rsa.pub

Code:

tester@parent ~ $ slogin root@et8000
root@et8000's password: 
Permission denied, please try again.

It still prompts for a password, so that you don't know why it's not letting you in.

if I wanted to allow multiple accounts to connect I'd just catenate all of their id_rsa.pub files into the authorized_keys file.

Thread: Engima2 enable ssh key access only

Thread Tools

Display

Hybrid View

The Following User Says Thank You to birdman For This Useful Post:

The Following User Says Thank You to birdman For This Useful Post:

The Following User Says Thank You to birdman For This Useful Post:

Posting Permissions

Options

About

Site Links

Social Media