Add authentication keys to dropbear ssh?

Question

For ssh I usually add keys to /etc/ssh/keys-root/authorized_keys so that I can log in without entering a password. I recently discovered a few systems that use dropbear ssh instead of ssh/openssh. Is there an equivalent to authorized_keys for dropbear? Is there any way to add authorized keys for dropbear?

Answer 1

Pretty old question, but in case someone has same problem.

You just need to put authorized_keys file into /etc/dropbear folder (in my case on Ugoos AM3 with Entware it was /opt/etc/dropbear).

Don't forget to do chmod 0600 /etc/dropbear/authorized_keys.

Ref: https://oldwiki.archive.openwrt.org/doc/howto/dropbear.public-key.auth

Answer 2

It appears Dropbear is compatible with ~/.ssh/authorized_keys public key authentication per this documentation. (And all documentation/setups I've seen from a quick Google search)

Answer 3

I am using this on MacOS to connect to android devices using SSH-2.0-dropbear_2019.78

scp -P 2222 /Users/<USER_NAME>/.ssh/id_rsa.pub user@<IP_ADDRESS_FROM_DROPBEAR_APP>:/data/data/org.galexander.sshd/files/authorized_keys

Answer 4

Thanks for the answers from @DimGun and @colealtdelete

I faced this 'opportunity' recently with my now dated Samsung tablet. Unfortunately my tried and true ssh Android app doesn't support older hardware/releases.

I found the simpleSSHD app, this is a very serviceable replacement set-up so that you can only use authorized_keys for login. simpleSSHD is based on the DropBear project.

That creates a bit of a bootstrap problem. User notes seemed to assume a few things:

• simpleSSHD Quick Start

An easy way approach (from my Linux) PC was to paste the new entry into my tablet's authorized_keys file in the simpleSSHD home directory. You can do this by logging-in the first time with a one-time password.

On the PC ...

 #  add the tablet to the PC ~/.ssh/config file
 cat id_rsa.pub | xclip -selection clipboard

Puts the public key entry into my clipboard. Or you can just select and copy.

Then ssh into the tablet:

 $ ssh linuxpc@192.168.xx.zz -p2222  
 The authenticity of host '[192.168.xx.zz]:2222 ([192.168.xx.zz]:2222)' can't be established.
 ECDSA key fingerprint is SHA256:oqsN8RKo9T990vjWiQEGooRBDUyId7yJG28eqGTAsa4.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added '[192.168.xx.zz]:2222' (ECDSA) to the list of known hosts.
 linuxpc@192.168.xx.zz's password: 
 user@android:/data/data/org.galexander.sshd/files $ ls -l
 -rw------- u0_a142  u0_a142      1499 2019-03-13 09:05 dropbear.err
 -rw------- u0_a142  u0_a142         5 2019-03-13 08:52 dropbear.pid
 -rw------- u0_a142  u0_a142       243 2018-09-21 12:41 dropbear_ecdsa_host_key
 $ cat > authorized_keys                                                               
 ecdsa-sha2-nistp256 
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= linuxpc@hostname
 [Ctrl/D]
 $ chmod 0600 authorized_keys

Now the tablet simpleSSHD service is ready for secure login. Trial that with filezilla and ssh with no password, etc.

That all worked very nicely. In addition, these days I can use the file browser without needing an FTP client with the path:

 sftp://linuxpc@192.168.xx.zz:2222//storage/extSdCard/Movies

Somewhat 1,000 times faster that ye olde MTP links. It is advised to set the permissions on the parent directory to: 0700 for the parent equivalent to: ~/.ssh path.