12 replies to this topic

[bixofe8810]

Hi,

I am trying to passwordless connect _from_ my solo2 receiver (latest openpli 8.1) to my local network host.

I have no problems connecting _to_ my receiver passwordless.

Problem is every time it asks for password:
i.e. solo2_root# ssh name@hostname

All attempts require password being typed in.
I tried generating new priv/pub keys etc, copying them to target known_hosts etc without success.

Does anyone know whether this can be achieved ?

Thank you.
Bixo

[catastrofus]

What os runs your "local network host"?

[bixofe8810]

Hi,

 

Thank you for response.

 

My local host is running linux ( latest mint flavour ).

I have no issues ssh to solo from it.

 

But the other way round it always asks for password.

 

I have added the solo pub key to target authorized_keys file.

The known hosts is also updated on target .,

 

Yet , I do not have luck so far.

Trying many different combiunations of what I know ... not yet :-(

[bixofe8810]

somethign like that:

 

# dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

 

#

added the output to  authorized_keys on target machine

[catastrofus]

Why not using the standard /home/root/.ssh dir for your keys?

[bixofe8810]

Hi,

 

I tried putting keys in:

 /home/root/.ssh

/etc/dropbear/

 

Created new user X and generated new keys for him, added keys to authorised on target.

No luck connecting passwordless to target from solo.

 

Clueless now.

Bixo

[catastrofus]

I think you have a permission problem with your keypair. Normally you create them in the /home/root/.ssh directory (id_rsa & id_rsa.pub) and this directory should have a permission of 700

Your private key (id_rsa) must have the 600 permission, your public key (id_rsa.pub) the 644 permission.

[bixofe8810]

Hi Catastrofus,

 

 

I have:

 

root@vusolo2:~# pwd
/home/root

 

drwx------    2 root     root           440 Feb  8 09:48 .ssh

 

root@vusolo2:~/.ssh# pwd
/home/root/.ssh

root@vusolo2:~/.ssh# ls -l
-rw-r--r--    1 root     root           564 Feb  7 15:19 authorized_keys
-rw-------    1 root     root           805 Feb  8 09:46 id_rsa
-rw-r--r--    1 root     root           394 Feb  8 09:48 id_rsa.pub
-rw-r--r--    1 root     root           341 Feb  7 15:08 known_hosts

[catastrofus]

According to 'ssh -h' on an openpli box, the default keypair is (apparently) named id_dropbear instead of id_rsa:

 

root@idefix:~# ssh -h
Dropbear SSH client v2019.78 https://matt.ucc.asn...r/dropbear.html
Usage: ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
-p <remoteport>
-l <username>
-t    Allocate a pty
-T    Don't allocate a pty
-N    Don't run a remote command
-f    Run in background after auth
-y    Always accept remote host key if unknown
-y -y Don't perform any remote host key checking (caution)
-s    Request a subsystem (use by external sftp)
-o option     Set option in OpenSSH-like format ('-o help' to list options)
-i <identityfile>   (multiple allowed, default .ssh/id_dropbear)
-A    Enable agent auth forwarding
-L <[listenaddress:]listenport:remotehost:remoteport> Local port forwarding
-g    Allow remote hosts to connect to forwarded ports
-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0)
-I <idle_timeout>  (0 is never, default 0)
-B <endhost:endport> Netcat-alike forwarding
-J <proxy_program> Use program pipe rather than TCP connection
-c <cipher list> Specify preferred ciphers ('-c help' to list options)
-m <MAC list> Specify preferred MACs for packet verification (or '-m help')
-b    [bind_address][:bind_port]
-V    Version
root@idefix:~#

 

 

Edited by catastrofus, 8 February 2022 - 12:37.

[Pr2]

Hi,

 

There is no several user on the STB only root exist (except if you create another).

So connect with root on the STB then.

cd
mkdir .ssh
cd .ssh
vi authorized_keys

There paste the id_rsa public key (ed25519 are not supported I think so use RSA)

Save your change and disconnect from vi.  ESC wq!

Disconnect from your STB.

On your PC in the .ssh folder place the private part of your RSA key.
chmod 600 id_rsa

Then simply use:

ssh root@IP_OF_YOUR_STB

And you will connect without password prompt.

[bixofe8810]

Hi catastrofus,

 

I renamed my id_rsa to id_dropbear and id_rsa.pub to id_dropbear.pub

 

AND IT WORKS !!!!!!  you soved it.

 

Now I can do passwordless connections from both sides of my solo2.

 

I am so grateful for your help . Thank you. Thank you very much !

In the future I'll make sure to take more notice with the help of "-h" flags.

 

Best regards,

Bixo

[littlesat]

FYI...

http://www.milosoftw...p?body=dropbear

[catastrofus]

Not valid for this situation.