Public Key Authentication on OpenWRT using dropbear

OpenWRT is a linux distribution for embedded devices like a router. The installation of OpenWRT on your device instead of the original vendor’s firmware allows you to do some nifty stuff with your router like installing additional software out of openWRT’s own repository.

Although there is a package for the openSSH server available, dropbear is the default choice. To enable password-less ssh access you first need to generate the ssh keys on your client machine if you haven’t already. If you want, you can secure your key by typing in a password, otherwise just press enter.

pat@earth:~$ ssh-keygen

Next you have to transfer your public key (the file ending with .pub) to your openWRT installation.

pat@earth:~$ scp ~/.ssh/

Replace with the IP of your router. If you changed the Port of your ssh server, you have to define it using the -P parameter like scp -P 4321 etc.

Connect to your router and add the transferred public key file to your authorized_keys. Unlike OpenSSH, Dropbear doesn’t look in .ssh underneath your home directory for the authorized_keys file, so you have to create the file in /etc/dropbear/.

root@router:~# cd /etc/dropbear/
root@router:~# cat /tmp/ >> authorized_keys
root@router:~# chmod 0600 authorized_keys

Now you should be able to ssh from your client pc to your openWRT device without the need of a password.

2 Gedanken zu „Public Key Authentication on OpenWRT using dropbear

  1. Francesco

    Bonjour, je vois partout comment se connecter de mon PC vers le routeur en générant une clé „ssh-keygen“, mais quant et ‚il du contraire.

    Je désire que mon routeur, se connecte avec une clés à mon PC sans avoir à taper de mot de passe.
    J’ai besoins qu’il viennent prendre des consignes et comme il est DHCP , je veut vraiment allez dans ce sens.

    La commande ssh-keygen ne marche pas sur OPENWRT.
    j’ai installé le paquet OPENSSH , SSH_KEYGEN mais rien à faire.

    Je n’arrive pas créer une clé avec OPENWRT pour la donné à mon PC

    Avez vous une solution ?

    1. pat Beitragsautor

      the keysystem works with a private and a public key. The private key is the important one and stays on your system, the public key is transferred to the remote host. To make the connection from the openwrt router, the router needs the private key. Where the key was generated doesn’t matter.
      Just create the keypair on an other machine and copy the private key to the openwrt router.
      Make sure to not override your local keys. You can specify an output keyfile with the parameter -f.
      When establishing a connection, you can specify the keyfile with the paramter -i.


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.