F2 SSH access with key

From FON Wiki Beta

This documentation is based on DropbearPublicKeyAuthenticationHowto - OpenWrt' and slightly adjusted to the Fonera environment.

To access the Fonera 2202 using a Public / Private Key, you can follow the next steps:

Contents 1 1. Create public / private keys 2 2. Copy the public key file to the Fonera 3 3. Add the key to authorized keys 4 4. Setup Putty to connect with your private key 5 5. Now...connect, using your private key 6 6. Next step: you should disable the password logon

1. Create public / private keys

If you don't have your public/privat keys ready, create them (see here Putty here) and use PuTTYgen (an RSA and DSA key generation utility)

Start the PuTTY Key Generator with puttygen.exe.

• Click on the button Generate.
• Click on Save public key. Save the public key in a file called Fonero-Public-Key.
• Click on Save private key. Save the private key in a file called Fonero-Private-Key.ppk.

Keep in mind, that your will have to remember your passphrase !!!!

A public key looks like (the text is all one, without linebreaks):

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmihVmFR3GH8V0BmN0uexjxmCMenVrYUQ8OKYUntz7knmxE1Wzxy1ZF6unK36GXJAxEekK1WdSXXEEB50FLcVgbfQRoTo3RBVEP2acXyvTM5R3n5GRhXltEUVlkK5vL98f2xpQK5cqmu9+jFz/zBdXycORb5cO6m28TDLRD+9Fk= Rsa-key-20050927

2. Copy the public key file to the Fonera

For this open a CMD console:

C:\> echo ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmihVmFR3GH8V0BmN0uexjxmCMenVrYUQ8OKYUntz7knmxE1Wzxy1ZF6unK36GXJAxEekK1WdSXXEEB50FLcVgbfQRoTo3RBVEP2acXyvTM5R3n5GRhXltEUVlkK5vL98f2xpQK5cqmu9+jFz/zBdXycORb5cO6m28TDLRD+9Fk=  Rsa-key-20050927 > Fonero-Public-Key.txt
C:\> pscp.exe -scp -l root -pw <your_router_password> Fonero-Public-Key.txt 192.168.10.1:/tmp/id_rsa.pub

You can also use copy & paste the public key to Fonero after making a normal password SSH connection to it.

Or copy the file using FTP to an attached USB-stick.

3. Add the key to authorized keys

Add the public key to the authorized_keys file on Fonera by doing the following:

cd /etc/dropbear
cat /tmp/id_*.pub >> authorized_keys
chmod 0600 authorized_keys

You can repeat this step with every new public key. Each key is appended to the /etc/dropbear/authorized_keys file.

Now, you're ready to connect to your Fonera using Putty with your privat key file (you should carefully maintain it, and keep it private.

So, do the following, to connect to Fonera2202 with your Private Key:

4. Setup Putty to connect with your private key

Start putty.exe and do the following:

• Session:

In "Host Name" enter the router's DNS name or IP address, e.g. for access from the LAN enter 192.168.10.1 (your router's IP address) or from the WAN my-router.dyndns.org (your registered dynamic DNS name). If you change the port for Dropbear, then also adopt the "Port" statement here. The protocol ("connection type") is always "SSH".

• Connection → Data:

In the box "Login details" enter the "Auto-login username" which is root

• Connection → SSH → Auth:

In the box "Authentication Parameters" under "Private key file for Authentication" state the path to your private key file for this connection (e.g. the Fonero-Private-Key.ppk file you created before). Best is to click "Browse..." and select the file via the file dialog.

• Session:

Load- save or delete a stored session, enter OpenWrt-Session in Saved Sessions and click the Save button

5. Now...connect, using your private key

While connecting to your Fonero, you see now this: Using username "root". Authenticating with public key "rsa-key-20090306" Passphrase for key "rsa-key-20090306":

put in your passphrase, and .... here we go:

BusyBox v1.11.1 (2009-03-24 13:53:28 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
                               /\          /\
                              ( \\        // )
                               \ \\      // /
                                \_\\||||//_/
                                 \/ _  _ \
                                \/|(O)(O)|
                               \/ |      |
           ___________________\/  \      /
          //                //     |____|
         //                ||     /      \
        //|                \|     \ 0  0 /
       // \       )         V    / \____/
      //   \     /        (     /
     ""     \   /_________|  |_/
            /  /\   /     |  ||
           /  / /  /      \  ||
           | |  | |        | ||
           | |  | |        | ||
           |_|  |_|        |_||
            \_\  \_\        \_\\ Hard'96
                     Platero
--------  Fonera 2.0 Firmware (v2.2.4.0) -----------
      * Based on OpenWrt - http://openwrt.org
      * Powered by FON - http://www.fon.com
----------------------------------------------------

root@Fonera:~#

6. Next step: you should disable the password logon

• .....but I haven't figured out how this works....have you?
• untested :

root@OpenWrt:~# uci set dropbear.@dropbear[0].PasswordAuth=off
root@OpenWrt:~# uci commit dropbear