NSLU2-Linux
view · edit · print · history

HowTo.UseDropBearForRemoteAccess History

Hide minor edits - Show changes to markup

May 10, 2010, at 11:18 AM by Kees Moerman --
Changed lines 1-2 from:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP). [Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?]

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP). [Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear ].

Changed lines 106-107 from:

Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?.

to:

Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear.

May 10, 2010, at 11:17 AM by Kees Moerman -- SFTP working in dropbear
Changed lines 1-2 from:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP).

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP). [Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?]

Changed lines 106-107 from:
to:

Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?.

July 23, 2009, at 07:44 AM by tms13 --
July 23, 2009, at 07:44 AM by tms13 --
Changed lines 112-115 from:
# mv random random.orig
-># cp urandom random
to:

# mv random random.orig
# cp urandom random

July 23, 2009, at 07:44 AM by tms13 --
Changed lines 111-115 from:

cd /dev
mv random random.orig
cp urandom random

to:
# cd /dev
-># mv random random.orig
-># cp urandom random
July 23, 2009, at 07:42 AM by tms13 --
Added line 115:
July 23, 2009, at 07:42 AM by tms13 --
Added line 115:

Bear in mind that this reduces the security of the SSH session key, so think of this as a short-term workaround.

January 07, 2009, at 03:40 PM by Ernst J Oud --
Changed lines 82-83 from:

11) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

to:

11) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (8).

January 07, 2009, at 03:38 PM by Ernst J Oud --
Changed lines 59-63 from:


# chmod a+r authorized_keys
# chmod og-wx authorized_keys

to:
# chmod a+r authorized_keys
# chmod og-wx authorized_keys
January 07, 2009, at 03:37 PM by Ernst J Oud --
Added line 60:
January 07, 2009, at 03:37 PM by Ernst J Oud --
Deleted line 58:
January 07, 2009, at 03:36 PM by Ernst J Oud --
Added line 25:
Added line 59:
January 07, 2009, at 03:34 PM by Ernst J Oud -- Wrong reference to bullet corrected, stray text removed
Deleted lines 36-40:


For example, if my NSLU2 was called LKG0FD5B0 and this key was for the root ID, I would type:
# echo ssh-rsa AAAAB3Nza......TYUBWWtCWOGc= root@LKG0FD5B0 > authorized_keys

Changed lines 39-40 from:

9) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

to:

9) Copy the public key similar to the string in (7) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

December 06, 2008, at 03:37 PM by Peter -- Added information about dropbear custom port number
Added lines 20-21:

(If the dropbear line has '-p 2222' or similar at the end, you will need to specify this custom port number to connect to dropbear with SSH or Putty)

October 31, 2005, at 04:57 AM by Piter -- Dropbear hangs on login?
Added lines 109-116:

If you've problem logging into your slug with dropbear, i.e. if you wait the login prompt for ages, it may be a problem related to the random number generator. Try this quick and dirty trick:

cd /dev
mv random random.orig
cp urandom random

October 29, 2005, at 04:49 PM by Lord JieM --
Changed lines 35-37 from:

For example, if my NSLU2 was called LKG0FD5B0? and this key was for the root ID, I would type:

  1. echo ssh-rsa AAAAB3Nza?......TYUBWWtCWOGc?= root@LKG0FD5B0? > authorized_keys
to:


For example, if my NSLU2 was called LKG0FD5B0 and this key was for the root ID, I would type:
# echo ssh-rsa AAAAB3Nza......TYUBWWtCWOGc= root@LKG0FD5B0 > authorized_keys

Changed lines 61-64 from:
  1. chmod a+r authorized_keys
  2. chmod og-wx authorized_keys
to:


# chmod a+r authorized_keys
# chmod og-wx authorized_keys

October 29, 2005, at 04:43 PM by Lord JieM -- Give details about what must be the \"someone@hostname\" in the generated key.
Added lines 35-37:

For example, if my NSLU2 was called LKG0FD5B0? and this key was for the root ID, I would type:

  1. echo ssh-rsa AAAAB3Nza?......TYUBWWtCWOGc?= root@LKG0FD5B0? > authorized_keys
Added lines 55-57:

NOTE: I found problems using nano (small compact file editor) to create the file, because it kept changing the spacing and carriage returns which causes the key not to validate. The whole key should be on a single line.

Added lines 60-62:
  1. chmod a+r authorized_keys
  2. chmod og-wx authorized_keys
October 12, 2005, at 06:25 PM by maurice -- Changed cd ~/ to cd ~ --> now you\'re in the home directory
Changed lines 41-42 from:
# cd ~/
to:
# cd ~
September 03, 2005, at 01:25 PM by prikryl -- winscp link
Changed lines 89-90 from:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

to:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.net/) and simply configured it up, by entering the IP address, pointing to the key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

August 21, 2005, at 08:26 PM by sharth -- adding a line.
Added line 24:
  /bin/bash
May 06, 2005, at 09:34 PM by JP --
Added lines 89-96:

WinSCP minimises the amount of time you spend bashing away at the keyboard to achieve simple tasks, while simultaneously providing a better picture of what goes on in the Slug.

When logging in with WinSCP and using SCP with DropBear, you may receive an error message referring to the command: "groups". This command may well be absent in the slug. In WinSCP, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

DropBear or OpenSSH? Have a look here: (http://winscp.net/eng/docs/protocols)

February 18, 2005, at 02:11 PM by MattMcNeill --
Changed line 1 from:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding.

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP).

January 31, 2005, at 09:33 PM by paulhar --
Added line 24:
  /bin/sh
January 31, 2005, at 09:01 PM by paulhar --
Deleted lines 2-3:

If you would like to use OpenSSH rather than DropBear then follow the UseOpenSSHForRemoteAccess HowTo instead.

Changed lines 22-27 from:

5) Now we need to generate some keys. So run Start->Programs->Putty->Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the window you will see a public key string something like the following (The key here has been shortened for display purposes. Your generated key will be a much longer string):

to:

5) If you intend to use a shell other than sh (e.g. /opt/bin/bash) then you need to create an /etc/shells file with the following contents:

  /opt/bin/bash

6) You can now connect using your client. If you stop at this point then the NSLU2 will allow all connections to be made, and may potentially have the client complain about unknown keys. If this doesn't concern you (and for general use, it shouldn't) then you can stop at this point.

7) Now we need to generate some keys. So run Start->Programs->Putty->Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the window you will see a public key string something like the following (The key here has been shortened for display purposes. Your generated key will be a much longer string):

Changed line 33 from:

6) First of all save your private key pair (*.ppk) file with a password to encrypt it.

to:

8) First of all save your private key pair (*.ppk) file with a password to encrypt it.

Changed line 35 from:

7) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

to:

9) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

Changed line 52 from:

8) OK so that should get us ready for authentication by key file. Furthermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

to:

10) OK so that should get us ready for authentication by key file. Furthermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

Changed line 71 from:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

to:

11) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

Changed line 73 from:

10) Click open and when requested log in as 'root'. It should authenticate using the keys and a shell prompt will appear.

to:

12) Click open and when requested log in as 'root'. It should authenticate using the keys and a shell prompt will appear.

January 30, 2005, at 09:33 PM by MattMcNeill --
Changed line 7 from:

1) Unsling your slug - see {http://www.nslu2-linux.org/wiki/Unslung/HomePage Unslung}

to:

1) Unsling your slug - see http://www.nslu2-linux.org/wiki/Unslung/HomePage Unslung

January 30, 2005, at 07:07 PM by MattMcNeill --
Added lines 3-4:

If you would like to use OpenSSH rather than DropBear then follow the UseOpenSSHForRemoteAccess HowTo instead.

January 17, 2005, at 09:29 AM by MattMcNeill --
Changed line 28 from:

6) First of all save your private key pair (*.puk) file with a password to encrypt it.

to:

6) First of all save your private key pair (*.ppk) file with a password to encrypt it.

Changed line 66 from:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.puk file that you created and saved in (6).

to:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

November 05, 2004, at 02:10 AM by tman --
Changed line 1 from:

This HowTo covers the setup and usage of the DropBear? secure shell for remote command line access.

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding.

Changed line 3 from:

I have a Windows 2000 machine which I want to be able to use from work (behind a number of firewalls) to access the slug on my home broadband network. So what do I need to do?

to:

I have a Windows 2000 machine which I want to be able to use from work (behind a number of firewalls) to access the slug on my home broadband network. So what do I need to do?

Changed line 7 from:

2) Install the dropbear package which gives you your SSH daemon. You can do this by executing the following via telnet

to:

2) Install the DropBear package which gives you your SSH daemon. You can do this by executing the following via telnet.

Changed line 12 from:

3) Reboot and check dropbear is running.

to:

3) Reboot and check DropBear is running.

Changed line 20 from:

4) OK so it's running. What the heck do you do now? Well, you need to get an ssh client for your windows box. I use the free client called Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) so that's what I'm going to talk about here. Download it and install.

to:

4) OK so it's running. What the heck do you do now? Well, you need to get an SSH client for your Windows box. I use the free client called Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) so that's what I'm going to talk about here. Download it and install.

Changed line 22 from:

5) Now we need to generate some keys. So run Programs>Putty>Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the windw you will see a public key string something like the following:

to:

5) Now we need to generate some keys. So run Start->Programs->Putty->Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the window you will see a public key string something like the following (The key here has been shortened for display purposes. Your generated key will be a much longer string):

Changed line 24 from:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
to:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA......aJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
Changed line 36 from:

Now create the hidden directory for the ssh settings

to:

Now create the hidden directory for the SSH settings

Changed line 41 from:

Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:

to:

Once we have this we want to save our public key into the authorized keys file which can be done easily as follows (The key here has been shortened for display purposes. Your generated key will be a much longer string):

Changed line 43 from:
# echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname > authorized_keys
to:
# echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA......aJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname > authorized_keys
Changed line 47 from:

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

to:

8) OK so that should get us ready for authentication by key file. Furthermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

Changed line 66 from:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

to:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.puk file that you created and saved in (6).

Changed line 68 from:

10) Click open and when requested log in as 'root'. The keys should authenticate and a prompt appears.

to:

10) Click open and when requested log in as 'root'. It should authenticate using the keys and a shell prompt will appear.

Changed lines 82-84 from:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the Key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

to:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

October 16, 2004, at 02:05 PM by MattMcN --
Added lines 79-84:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the Key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

October 10, 2004, at 09:55 PM by rwhitby --
Changed line 24 from:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname
to:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
Changed line 43 from:
# echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname > authorized_keys
to:
# echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname > authorized_keys
October 09, 2004, at 12:55 PM by snrub --
Changed line 66 from:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set (note that the Port number is 22 - the same as FTP - which is useful for tunnelling through firewalls if your firewalls allow FTP access). Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

to:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

October 05, 2004, at 02:32 AM by ka6sox --
Changed line 49 from:
# ps-ef
to:
# ps -ef
September 24, 2004, at 07:30 PM by MattMcN --
Changed line 64 from:

/opt/sbin/dropbear -s ''' \\

to:

/opt/sbin/dropbear -s '''

September 24, 2004, at 07:29 PM by MattMcN --
Changed lines 74-76 from:

Enter 'help' for a list of built-in commands. '''

to:

Enter 'help' for a list of built-in commands.

#'''

September 24, 2004, at 07:28 PM by MattMcN --
Changed lines 71-72 from:

Authenticating with public key "root@slug" from agent

to:

Authenticating with public key "root@slug" from agent
\\

Changed line 74 from:

Enter 'help' for a list of built-in commands.

to:

Enter 'help' for a list of built-in commands. '''

September 24, 2004, at 07:27 PM by MattMcN --
Deleted lines 75-76:

# '''

Deleted lines 76-80:

To Do

  1. Need to work out where dropbear is started by the system so that the -s option can be persisted over a reboot.
September 24, 2004, at 07:27 PM by MattMcN --
Added lines 59-65:

To make this permanent we need to add the "-s" option on start up. this can be done by editing the /opt/etc/init.d/S51dropbear file. So that it looks like the following:

# cat /opt/etc/init.d/S51dropbear
#!/bin/sh

/opt/sbin/dropbear -s
\\
Changed lines 70-71 from:
login as: root
Authenticating with public key "root@slug" from agent
to:
'''login as: root
Authenticating with public key "root@slug" from agent

BusyBox? v0.60.4 (2004.07.01-03:05+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

# '''

September 24, 2004, at 02:17 PM by MattMcN --
Changed line 32 from:

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the root directory:

to:

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the home directory:

September 24, 2004, at 02:17 PM by MattMcN --
Changed line 10 from:
# ipkg install dropbear \\
to:

# ipkg install dropbear

Changed lines 12-15 from:

3) Reboot and check dropbear is running.
-># ps -ef
And look for a line something like the following:
-> 692 root 1628 S dropbear \\

to:

3) Reboot and check dropbear is running.

# ps -ef

And look for a line something like the following:

692 root 1628 S dropbear
Changed lines 32-34 from:

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the root directory:
-># cd ~/
Now create the hidden directory for the ssh settings \\

to:

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the root directory:

# cd ~/

Now create the hidden directory for the ssh settings

Changed lines 39-41 from:
# cd .ssh
Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:
-># echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname > authorized_keys \\
to:

# cd .ssh

Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:

# echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname > authorized_keys
Changed lines 47-50 from:

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:
-># ps-ef
We need to kill all the dropbear processes by their PID using the following:
-># kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above \\

to:

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

# ps-ef

We need to kill all the dropbear processes by their PID using the following:

# kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above
Changed lines 56-57 from:
# /opt/sbin/dropbear -s \\
to:
# /opt/sbin/dropbear -s
Changed line 64 from:
Authenticating with public key "root@slug" from agent
to:

Authenticating with public key "root@slug" from agent

Added lines 69-71:

To Do

  1. Need to work out where dropbear is started by the system so that the -s option can be persisted over a reboot.
September 24, 2004, at 02:14 PM by MattMcN --
Changed line 10 from:

# ipkg install dropbear

to:
# ipkg install dropbear \\
Changed lines 12-18 from:

3) Reboot and check dropbear is running.

# ps -ef

And look for a line something like the following:

692 root 1628 S dropbear
to:

3) Reboot and check dropbear is running.
-># ps -ef
And look for a line something like the following:
-> 692 root 1628 S dropbear \\

Changed lines 29-34 from:

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the root directory:

# cd ~/

Now create the hidden directory for the ssh settings:

to:

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the root directory:
-># cd ~/
Now create the hidden directory for the ssh settings \\

Changed lines 33-38 from:

# cd .ssh

Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:

# echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname > authorized_keys
to:
# cd .ssh
Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:
-># echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname > authorized_keys \\
Changed lines 38-45 from:

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

# ps-ef

We need to kill all the dropbear processes by their PID using the following:

# kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above
to:

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:
-># ps-ef
We need to kill all the dropbear processes by their PID using the following:
-># kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above \\

Changed lines 43-44 from:
# /opt/sbin/dropbear -s
to:
# /opt/sbin/dropbear -s \\
Changed line 50 from:

Authenticating with public key "root@slug" from agent

to:
Authenticating with public key "root@slug" from agent
Deleted line 53:

To Do

Deleted line 54:
  1. Restart dropbear automatically by modifying the startup script - got to find it first
September 24, 2004, at 02:14 PM by MattMcN --
Changed lines 1-70 from:
to:

This HowTo covers the setup and usage of the DropBear? secure shell for remote command line access.

I have a Windows 2000 machine which I want to be able to use from work (behind a number of firewalls) to access the slug on my home broadband network. So what do I need to do?

1) Unsling your slug - see {http://www.nslu2-linux.org/wiki/Unslung/HomePage Unslung}

2) Install the dropbear package which gives you your SSH daemon. You can do this by executing the following via telnet

# ipkg update
# ipkg install dropbear

3) Reboot and check dropbear is running.

# ps -ef

And look for a line something like the following:

692 root 1628 S dropbear

4) OK so it's running. What the heck do you do now? Well, you need to get an ssh client for your windows box. I use the free client called Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) so that's what I'm going to talk about here. Download it and install.

5) Now we need to generate some keys. So run Programs>Putty>Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the windw you will see a public key string something like the following:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname

This is what is called a public key.

6) First of all save your private key pair (*.puk) file with a password to encrypt it.

7) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the root directory:

# cd ~/

Now create the hidden directory for the ssh settings:

# mkdir .ssh
# cd .ssh

Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:

# echo ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV?+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk?/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG?/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc?= someone@hostname > authorized_keys

Check that this file is not editable by anyone but the current user ensure that the write permissions are write only for the user (i.e. have a mask like -rwxr--r-- when you do an ls -l)

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

# ps-ef

We need to kill all the dropbear processes by their PID using the following:

# kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above

Now we need to restart dropbear with the login with keys only option:

# /opt/sbin/dropbear -s

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set (note that the Port number is 22 - the same as FTP - which is useful for tunnelling through firewalls if your firewalls allow FTP access). Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

10) Click open and when requested log in as 'root'. The keys should authenticate and a prompt appears.

login as: root
Authenticating with public key "root@slug" from agent

Voila!!

To Do

  1. Restart dropbear automatically by modifying the startup script - got to find it first
view · edit · print · history · Last edited by Kees Moerman.
Based on work by Kees Moerman, tms13, Ernst J Oud, Peter, Piter, Lord JieM, maurice, prikryl, sharth, JP, MattMcNeill, paulhar, tman, MattMcN, rwhitby, snrub, and ka6sox.
Originally by MattMcN.
Page last modified on May 10, 2010, at 11:18 AM