SSH Daemon on RT-AC68U

[Bruno91]

Hello,

I use an RC-AC68U Asus router under firmware Merlin (v378.55). I recently used, SSH Daemon to connect me to my router remotely.

As SSH client on my laptop, I have Bitvise SSH Client which is very nice to use.

I noticed something strange. Whatever the public key set in the router via the web interface (SSH key authentication). The key fingerprint received by Bitvise (MD5 fingerprint) is always the same. Even more confusing, if I delete the server's public key. I always manage to connect me through Bitvise. The key fingerprint received by Bitvise being always the same.

I see the same phenomenon with an official firmware Asus.

Have you ever seen a similar problem on an ASUS router?

Is there something that I misunderstood in using SSH Daemon ?

Thank you for your answers.

 

[RMerlin]

Authentication key and encryption keys are different. The first one is totally optional, which is why you get a fingerprint even if you are authenticating using a password.

 

[Bruno91]

I understood your comments.
So, I modified the settings of SSH Daemon in the Asus router to authenticate me with a public key:

- Enable SSH: Yes
- Allow SSH Port Forwarding: Yes
- SSH service port: 22 (default)
- Allow SSH password login: No
- Enable SSH Brute Force Protection: No
- SSH Authentication key: « public key generated by Bitvise» in OpenSSH format (Standard SSH2 format does not work here ?)

In the SSH client (Bitvise) I chose the public key authentication method, passphrase not specified.

When the connection (the first time), the SSH client asks me if I accept the host key of server. The parameter sent by the server does not match the key generated by Bitvise entered in the router:

- Host key algorithm: RSA, size: 2048 bits (generated key: RSA, size: 3072 bits)
- MD5 Fingerprint 42:38:d9:e3:07:35:89…….. (MD5 Fingerprint of the generated key :33:77:7d:8d:fd:cb:50…….)

If I accept, authentication continues with the request for the passphrase. Once the input sentence, the connection is established.

If I manually change a character of the public key of the router, it is impossible to connect

So I guess there's a bug in Bitvise.

I'll stay like this for now and try to find additional information on the web,

Thank’s

 

[RMerlin]

I understood your comments.
So, I modified the settings of SSH Daemon in the Asus router to authenticate me with a public key:

- Enable SSH: Yes
- Allow SSH Port Forwarding: Yes
- SSH service port: 22 (default)
- Allow SSH password login: No
- Enable SSH Brute Force Protection: No
- SSH Authentication key: « public key generated by Bitvise» in OpenSSH format (Standard SSH2 format does not work here ?)

In the SSH client (Bitvise) I chose the public key authentication method, passphrase not specified.

When the connection (the first time), the SSH client asks me if I accept the host key of server. The parameter sent by the server does not match the key generated by Bitvise entered in the router:

Please re-read my explanation. You are getting the signature to the ENCRYPTION key, not the authentication key you entered. This is perfectly normal.

 

[Bruno91]

Ok, RMerlin thank you so everything is perfectly normal. I start on the subject and I like to understand what I do.