Jump to content


Photo

no way to connect to ssh via authorized_keys


  • Please log in to reply
39 replies to this topic

#1 gspock

  • Senior Member
  • 113 posts

+3
Neutral

Posted 19 March 2021 - 12:21

Hi all,

I can connect with key on other linux machines but I am struggling to have it work on my vuduo4kse

 

1) I have copied the authorized_keys file (chmod 600) in /home/root/.ssh (chmod 700)

2) I connect via the same PuTTy program as for other machines, with pageant running and loaded with key

 

despite that, the vuduo4ksse asks me for the root password (which is not empty).

 

Any idea where to look at ?

 

thx,

GS


VU+ DUO-4K-SE with 1 DBV-C and 1TB Hitachi HDD, OpenPLi 8.3


Re: no way to connect to ssh via authorized_keys #2 littlesat

  • PLi® Core member
  • 57,154 posts

+698
Excellent

Posted 19 March 2021 - 12:48

I know it is in dutch ... unless this I still hope this helps...
http://www.milosoftw...p?body=dropbear

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: no way to connect to ssh via authorized_keys #3 SpaceRat

  • Senior Member
  • 1,030 posts

+65
Good

Posted 19 March 2021 - 13:03

Make sure not only the folder (/home/root/.ssh) is chmodded to 700, but also the authorized_keys file itself gets chmodded to 600.

 

My /etc/defaults/dropbear reads

DROPBEAR_EXTRA_ARGS="-s"

btw.

 

Also be aware that OpenPLi creates extremely weak host keys in order to speed up the first boot by several milliseconds  :D


Edited by SpaceRat, 19 March 2021 - 13:04.

1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390

Re: no way to connect to ssh via authorized_keys #4 WanWizard

  • PLi® Core member
  • 70,491 posts

+1,810
Excellent

Posted 19 March 2021 - 13:14

Also be aware that OpenPLi creates extremely weak host keys in order to speed up the first boot by several milliseconds  :D

 

Since when is "ecdsa-sha2-nistp521" extremely weak?


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: no way to connect to ssh via authorized_keys #5 gspock

  • Senior Member
  • 113 posts

+3
Neutral

Posted 19 March 2021 - 14:25

I know it is in dutch ... unless this I still hope this helps...
http://www.milosoftw...p?body=dropbear

Thanks, this is pretty much the same I followed ...


VU+ DUO-4K-SE with 1 DBV-C and 1TB Hitachi HDD, OpenPLi 8.3


Re: no way to connect to ssh via authorized_keys #6 gspock

  • Senior Member
  • 113 posts

+3
Neutral

Posted 19 March 2021 - 14:26

but also the authorized_keys file itself gets chmodded to 600.



Yes, that is the case as stated in OP ...


Edited by gspock, 19 March 2021 - 14:26.

VU+ DUO-4K-SE with 1 DBV-C and 1TB Hitachi HDD, OpenPLi 8.3


Re: no way to connect to ssh via authorized_keys #7 gspock

  • Senior Member
  • 113 posts

+3
Neutral

Posted 19 March 2021 - 14:30

.. found the issue:

 

key ed25519 is not working, I needed to add an rsa 2048 key and it then connects OK .... :o


Edited by gspock, 19 March 2021 - 14:38.

VU+ DUO-4K-SE with 1 DBV-C and 1TB Hitachi HDD, OpenPLi 8.3


Re: no way to connect to ssh via authorized_keys #8 WanWizard

  • PLi® Core member
  • 70,491 posts

+1,810
Excellent

Posted 19 March 2021 - 14:43

The dropbear source has support for ed25519 since 2020, but the version in the OE used in OpenPLi 8 seems to be from late 2019...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: no way to connect to ssh via authorized_keys #9 gspock

  • Senior Member
  • 113 posts

+3
Neutral

Posted 19 March 2021 - 14:46

The dropbear source has support for ed25519 since 2020, but the version in the OE used in OpenPLi 8 seems to be from late 2019...

Thank you for your feedback, this behavior is somewhat logic then ...

Cheers


VU+ DUO-4K-SE with 1 DBV-C and 1TB Hitachi HDD, OpenPLi 8.3


Re: no way to connect to ssh via authorized_keys #10 Pr2

  • PLi® Contributor
  • 6,181 posts

+261
Excellent

Posted 26 July 2021 - 11:51

I have faced the same problem.

 

The solution was to edit the /etc/defaults/dropbear and comment out the line (or delete):

 

I don't know why on the VU+ Duo 4K (i don't have a SE) the root login is disallowed (-w option) while it is allowed on the other model/brand. Is this parameter different per box image?

 

DROPBEAR_EXTRA_ARGS="-w"
 

NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: no way to connect to ssh via authorized_keys #11 littlesat

  • PLi® Core member
  • 57,154 posts

+698
Excellent

Posted 26 July 2021 - 11:56

Howto in English

http://www.milosoftw...p?body=dropbear


WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: no way to connect to ssh via authorized_keys #12 Pr2

  • PLi® Contributor
  • 6,181 posts

+261
Excellent

Posted 26 July 2021 - 11:59

OK but the point here is why the root ssh is disallowed on the VU+ Duo4K while it is allowed by default on the other boxes?

We should have the same default parameters on every image and not have specific parameter this is really confusing that I can ssh to all my box by default except to the Duo4K.


NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: no way to connect to ssh via authorized_keys #13 WanWizard

  • PLi® Core member
  • 70,491 posts

+1,810
Excellent

Posted 26 July 2021 - 14:35

It isn't, I have no problem with a root login on my Duo 4K, and never have had.

 

As long as root has a password, dropbear works fine. Dropbear does not work if root has no password (the default in the image), and that is done on purpose.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: no way to connect to ssh via authorized_keys #14 Pr2

  • PLi® Contributor
  • 6,181 posts

+261
Excellent

Posted 26 July 2021 - 16:47

Next time I perform a fresh flash of my VU+ Duo4K I will check this default value. I don't remember having change it.


NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: no way to connect to ssh via authorized_keys #15 WanWizard

  • PLi® Core member
  • 70,491 posts

+1,810
Excellent

Posted 26 July 2021 - 17:52

None of your boxes have a password?

 

Note, there is a difference between no password and a blank password. If you get a password prompt, there is a password set.

 

This is done to prevent SSH accesses to the box for those who have connected the box to the internet while not having set a root password.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: no way to connect to ssh via authorized_keys #16 Pr2

  • PLi® Contributor
  • 6,181 posts

+261
Excellent

Posted 27 July 2021 - 08:05

All my box have password, I can connect with SSH to all my box too.
I can connect to the Duo4K since I change the dropbear value, on the other box this was working out of the box.

NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: no way to connect to ssh via authorized_keys #17 WanWizard

  • PLi® Core member
  • 70,491 posts

+1,810
Excellent

Posted 27 July 2021 - 14:32

Restored an old /etc/dropbear/dropbear_rsa_host_key?

 

The one used before is marked 'non-secure' by the current software versions, and on most linux distro's no longer accepted.

 

It should be

root@vuduo4k:~# strings /etc/dropbear/dropbear_rsa_host_key 
ecdsa-sha2-nistp521

if it says something else, you've found your culprit.
 


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: no way to connect to ssh via authorized_keys #18 FRAP

  • Senior Member
  • 331 posts

+23
Neutral

Posted 27 July 2021 - 16:37

What could be stolen from the box? Is it hiding gold and diamonds?:) Apart from the emulator and the playlist, there's nothing else to steal.:))


Alcohol for wimps. Strong people enjoy depression.


Re: no way to connect to ssh via authorized_keys #19 ccs

  • Senior Member
  • 229 posts

+7
Neutral

Posted 27 July 2021 - 16:55

... it's connected to your home network, so there's plenty more to compromise.


test


Re: no way to connect to ssh via authorized_keys #20 SpaceRat

  • Senior Member
  • 1,030 posts

+65
Good

Posted 27 July 2021 - 16:59

What could be stolen from the box? Is it hiding gold and diamonds? :) Apart from the emulator and the playlist, there's nothing else to steal. :))

[ ] You have understood networking.

 

The box could serve as a zombie inside a botnet and/or be abused to attack the rest of the network.

It is very unlikely for Joe Average to have his home network split up into networks for "secure" devices and "insecure" devices separated from each other.

The box could trace any network packet passing by, even if not designared for the box but from e.g. your tablet to your online banking.

 

For botnets, see:

https://en.wikipedia...Mirai_(malware)


Edited by SpaceRat, 27 July 2021 - 17:03.

1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users