What's new

SSH by Authorized Keys without username and password Asus Router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

alBer

New Around Here
Hello how are you? This is my first question on the forums.
I have a RT-AC87U router with Merlin Firmware 384.13_10
I have the Jffs partition formatted, with scripts
I have Skynet installed and working fine (and with Secure Mode Disabled)

I have been trying to configure access via SSH for some time but with access keys without using username and password.

I have tried everything I saw here in the forums, and what I could read.

I access by SSH without problems with username and password.
But if I want to access using the keys it doesn't work.

I have generated keys and tested with ssh-keygen on a linux machine, with puttygen on Windows and on another linux machine, and I have even generated with dropbear on the router itself.

It always comes down to the same thing, generating a key (I've always used RSA 2048 or 1024) without a phrase key. I put the public key in the router's WEB interface in Authorized Keys and in the program I use to connect (Putty or Remmina) I configure that for authentication it uses the file with the private key.

But using the keys the connection does not work.
In Putty it tells me that the server has rejected our key, in Remmina it insists on asking for a phrase key and I give it enter and then it says Null, and in the router log apparently for dropbear it waits for a user to arrive who doesn't arrive

I already checked that the contents of /home/root/.ssh/authorized_keys and what is in the web interface of the router are the same.
Also remove the trailing newline just in case.

What else can I do?

If you need to copy something that the registry says.
 
Hello how are you? This is my first question on the forums.
I have a RT-AC87U router with Merlin Firmware 384.13_10
I have the Jffs partition formatted, with scripts
I have Skynet installed and working fine (and with Secure Mode Disabled)

I have been trying to configure access via SSH for some time but with access keys without using username and password.

I have tried everything I saw here in the forums, and what I could read.

I access by SSH without problems with username and password.
But if I want to access using the keys it doesn't work.

I have generated keys and tested with ssh-keygen on a linux machine, with puttygen on Windows and on another linux machine, and I have even generated with dropbear on the router itself.

It always comes down to the same thing, generating a key (I've always used RSA 2048 or 1024) without a phrase key. I put the public key in the router's WEB interface in Authorized Keys and in the program I use to connect (Putty or Remmina) I configure that for authentication it uses the file with the private key.

But using the keys the connection does not work.
In Putty it tells me that the server has rejected our key, in Remmina it insists on asking for a phrase key and I give it enter and then it says Null, and in the router log apparently for dropbear it waits for a user to arrive who doesn't arrive

I already checked that the contents of /home/root/.ssh/authorized_keys and what is in the web interface of the router are the same.
Also remove the trailing newline just in case.

What else can I do?

If you need to copy something that the registry says.
https://linuxize.com/post/how-to-setup-passwordless-ssh-login/

This is what I just used to do this. Maybe it will help you?
 
The other thing I would add is that the public key is all one line, no new line or carriage return characters in it. Sometimes copy/paste tries to be too clever and inserts some.
 
I have’t used PuTTY in a while (at home) but make sure you are using the OpenSSH format (shown in the PuTTYgen window) and not the native putty file format.
 
Hi everybody how are you? Thank you very much everyone for your answers.

I honestly don't know what I did differently from other times but it was solved.
I tell you what I did.
On Windows with PuttyGen generate an RSA key. The public key was pasted in the router's WEBUI and the private key was saved in putty format which I used in Putty and it worked.
I also export that key from Puttygen in OpenSSH format and use it in other SSH connection programs and it works.

I honestly don't know why it worked this time. This time I did everything in Windows. Generate with PuttyGen, export the key and paste it into the WebUI.
When I pasted the key into the WebUI I deleted some characters in the first 2 or 3 lines just in case there was a return character and I wrote them again (but not in all the lines, so it shouldn't be that)

Thank you all for your suggestions and help.
 
I am trying and it fails.
Maybe I am confused.
I want to connect to the router from a macbook.
Where should I run the keygen ? Is it the same to run it with dropbearkey or ssh-keygen ?
 
I am trying and it fails.
Maybe I am confused.
I want to connect to the router from a macbook.
Where should I run the keygen ? Is it the same to run it with dropbearkey or ssh-keygen ?

ssh-keygen, "...ssh-keygen is a standard component of the Secure Shell (SSH) protocol suite found on Unix, Unix-like and Microsoft Windows computer systems...".

You can run on any device to generate the keys (public and private).

Example:


Public Key --> you must put on the device you want to connect

Private Key --> you must put it on the device from which you are going to connect

Note: It is recommended to keep the keys in a safe place. To increase security, it is also recommended to use a passphrase in the Private Key.

If you use puttyGEN, it will generate the .PPK keys. For UNIX/Linux environment you must export them to OpenSSH.

1685807527910.png
 
I followed exactly the video. generating the key on my macbook and sending it to the routeur and it is not working. still asking me a pass.

EDIT : It is working after puting the pub key into the merlin GUI.
 
Last edited:
I followed exactly the video. generating the key on my macbook and sending it to the routeur and it is not working. still asking me a pass.

EDIT : It is working after puting the pub key into the merlin GUI.
That interesting.
I tried awhile ago, but when the pub key is stored in the standard place ($HOME/.ssh) it will be removed upon router reboot.
So where exactly in the GUI have you written your pub key ? May you provide a screenshot?
 
That interesting.
I tried awhile ago, but when the pub key is stored in the standard place ($HOME/.ssh) it will be removed upon router reboot.
So where exactly in the GUI have you written your pub key ? May you provide a screenshot?
Usually in "administration -> system", then scroll down to the service section. Paste your key in "authorized keys". Also suggest you make sure ssh is on for LAN only.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top