On a GL_Inet 1800AX router with firmware 4.7.0 I want to login via SSH with private key.
First I installed OpenSSH beside Dropbear as I am more familiar with the first, just another port number 2222.
I tried ssh -vv -p 2222 -i ~/.ssh/id_ed52219 -o ChallengeResponseAuthentication=yes root@IPROUTER, but it keeps asking for a password even after I added the public key id_ed52219.pub to /root/.ssh/authorized_keys' and did ssh-copy-id -p 2222 root@IPROUTER`.
Weird, for me this is not working, it still prompts for a password.
I saw that the file /etc/dropbear/authorized_keys is updated with the public key as result of adding the pubkey in the LuCI page.
This is the LuCI page for Dropbear settings:
sorry man I'm been quite busy, from your capture it seems ok from my side, but I'm been thinking how your are making your public ssh key ? cos from my side what I did... from my localcomputer (linux) I create the ssh-key by openssh and the pub key generated I copy it and paste to Glinet route from lucy dashboard (SSH-Keys menu) and that is all I done to get the access from my localhost to my router by ssh (without password)
That is what I already did, but to no avail.
Result of ssh -vvv:
debug1: Will attempt key: ecdsa-sha2-nistp256 ECDSA SHA256:XXXXXXXXXXX/YYYYYYYYYYY agent
debug1: Will attempt key: /Users/user/.ssh/id_rsa RSA SHA256:XXXXXXXXXXX/YYYYYYYYYYY
debug1: Will attempt key: /Users/user/.ssh/id_ecdsa
debug1: Will attempt key: /Users/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/user/.ssh/id_ed25519 ED25519 SHA256:XXXXXXXXXXX
debug1: Will attempt key: /Users/user/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/user/.ssh/id_xmss
debug2: pubkey_prepare: done
debug1: Offering public key: ecdsa-sha2-nistp256 ECDSA SHA256:XXXXXXXXXXX/YYYYYYYYYYY agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /Users/user/.ssh/id_rsa RSA SHA256:XXXXXXXXXXX/YYYYYYYYYYY
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/user/.ssh/id_ecdsa
debug3: no such identity: /Users/user/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/user/.ssh/id_ecdsa_sk
debug3: no such identity: /Users/user/.ssh/id_ecdsa_sk: No such file or directory
debug1: Offering public key: /Users/user/.ssh/id_ed25519 ED25519 SHA256:XXXXXXXXXXX
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/user/.ssh/id_ed25519_sk
debug3: no such identity: /Users/user/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /Users/user/.ssh/id_xmss
debug3: no such identity: /Users/user/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:
On other servers both my ED25519 and RSA are accepted.
And with openssh I also fixed it so I can use private keys.
The issue was that in /etc/ssh/sshd_config there was a line pubkeyacceptedkeytypes ssh-rsa. I commented this out and restarted sshd and could log in via openssh as well.
I run both on different ports to prevent when I am locked out on one I can use the other. Obviously they are only accessible within the LAN of the router.
