The solution is a "reverse tunnel" (in this case with SSH) that is initiate from the remote host we want to reach (the OpenWRT router) to a SSH server that in my case is an Ubuntu 10.04 box.
OPENWRT use as SSH client dropbear, a lightweight version that is compatible with public key authentication of the standard openSSH.
Generate a valid public key on the OpenWRT router with dropbear in .ssh folder . NO PUBLIC KEY FILES HAVE TO BE INSIDE THIS FOLDER OTHERWISE DROPBEARKEY WILL GENERATE AN ERROR!!
root@OpenWrt:~/.ssh# cd /root/.ssh/
root@OpenWrt:~/.ssh# dropbearkey -t rsa -f id_rsa
The output shold be something like that
root@OpenWrt:~/.ssh# dropbearkey -t rsa -f id_rsa
Will output 1024 bit rsa secret key to 'id_rsa'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCZfO3SRHCmekstO+tLRS4Yj3a0/8tCeWgXbQLI+3dv+wqZKS1wfOlLviRA9yj124CoAAAAB3NzaC1yc2EAAAADAQABAAAAgwCZfO3SRHCmekstO+tLRS4Yj3a0/8tCeWgXbQLI+3dv+wqZKS1wfOlLviRA9yj124Co
V6GRZbzPmJ+b root@OpenWrt
Fingerprint: md5 ac:a4:aa:f8:a2:a7:e8:ae:b9:ad:aa:2e:a4:eb:a0:a7
Copy the string of the generated public key in authorized_keys in the .ssh folder of the SSH server (ssh-rsa ..... root@OpenWrt) , I used scp command but you can do it in every way , by hand for example.
root@OpenWrt:~/.ssh# cd /root/.ssh/
root@OpenWrt:~/.ssh# scp -P 1022 authorized_keys USER_SERVER@SERVERSSH:/home/USER_SERVER/.ssh/
Now it should be possible to authenticate with the public key and without password
Note that this 2 commands are equivalent with the dropbear client
root@OpenWrt:~/.ssh# dbclient -i ~/.ssh/id_rsa -y -p 1022 USER_SERVER@SERVERSSH #equivalent to
root@OpenWrt:~/.ssh# ssh -i ~/.ssh/id_rsa -y -p 1022 USER_SERVER@SERVERSSH
This is the command to make the tunnel ssh run in background (this is necessary if you want to put it in a script)
/usr/bin/dbclient -f -N -R 1500:localhost:22 -p 1022 USER_SERVER@SERVERSSH -i /root/.ssh/id_rsa -y
Now logging in the SSH server shell with this command we will be able to reach the OpenWRT shell using port 1500 of the SSH server and using the tunnel we have create.
USER_SERVER@SERVERSSH:~/ssh root@localhost -p 1500
Hi,
RispondiEliminaThanks for this step by step document.
I can successfully login to server using the dbclient, however when i tries the ssh command, it still prompts me to enter password.
Any ideas why is this happening?
Hello, dbclient is equivalent to ssh command, both should work at the same way. Try to check also the authorized_keys file.
EliminaI don't know if I understand properly your question, try to be more precise.
Bye