What's new

SSH with Keys

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

100%. Upon looking closer, its says "MACUSER@192.168.1.1". If I'm correct, isn't it trying to log onto the router user my Mac name? Shouldn't this be set to say admin? Will give it a try...
Yes. You’ve certainly found one problem!
 
Did you already generate the key and then move it to the Mac? If so, you'll need to put the key into the "Authorized Keys" box on the web interface.

Generated on the Mac, and the copied and pasted like for like to the authorised key part on the web interface.

Yes. You’ve certainly found one problem!

Trouble is it keeps switching from operation timed out, to enter a password and to permission denied! Currently I'm back to operation timed out after switched the config file from 'User root' to 'User admin'. Switched it back to root but still saying operation timed out now. Will play about with Allow Password Login as it's currently on at the moment...

EDIT 1: After clearing the 'config' file and copying the following:

Host 192.168.1.1
IdentityFile ~/.ssh/tomato
User root

saving it, it's now giving me permission denied (publickey). Seem to be going around in circles here.

EDIT 2:

I'm finally in after several hours! Not sure what the reasoning behind it was but these are my settings in case anyone has similar...


Enable SSH - LAN Only
Allow SSH Port Forwarding - No
SSH Port
* Using a different port than the default port 22 is recommended to avoid port scan attacks.
Allow Password Login - Yes
Enable SSH Brute Force Protection - Yes
Authorized Key - ssh-rsa XXXXXXX (example)

Inside the .ssh folder, I have 'config' setup like the following:

Host 192.168.1.1
IdentityFile ~/.ssh/tomato
User admin

I then use the command 'ssh admin@192.168.1.1' and then enter your current router password.
 
Last edited:
Then log in with ssh admin@192.168.1.1


Sent from my iPhone using Tapatalk
 
When you copied the key to the interface, did you include with the key the "ssh-rsa" part at the beginning and your login "xyz@xyzcomputer" at the end?
 
When you copied the key to the interface, did you include with the key the "ssh-rsa" part at the beginning and your login "xyz@xyzcomputer" at the end?

Yes and no. I included the sssh-rsa. I edited the .pub when it was first created and removed the 'xyz@xyzcomputer', with the last two characters being ==, then I saved it and copied into the authorisation key box.
 
Also, in that link I sent, it suggests “ssh-copy-id jack@192.168.1.12” which in your case would be ssh-copy-id admin@192.168.1.1
That will work until the next time you reboot the router. But a good quick test to see if key is working before you try putting your public key into the web ui for permanent access.


Sent from my iPhone using Tapatalk
 
Yes and no. I included the sssh-rsa. I edited the .pub when it was first created and removed the 'xyz@xyzcomputer', with the last two characters being ==, then I saved it and copied into the authorisation key box.

Don’t edit it, just paste it all in the box!


Sent from my iPhone using Tapatalk
 
Also, in that link I sent, it suggests “ssh-copy-id jack@192.168.1.12” which in your case would be ssh-copy-id admin@192.168.1.1
That will work until the next time you reboot the router. But a good quick test to see if key is working before you try putting your public key into the web ui for permanent access.


Sent from my iPhone using Tapatalk

Thanks for the info.


Don’t edit it, just paste it all in the box!


Sent from my iPhone using Tapatalk

Probably where I was going wrong in all fairness, but I did it about 9-10 times. I'll remember for next time!
 
  • Like
Reactions: JDB
It should look like this (several rows of letters and numbers):

Code:
ssh-rsa AAAAABBBBBBCCCCC
AAAAAAAAAAAAA
CCCCCCCC123123
AA xyz@xyzcomputer
 
But JDB’s advice still stands: you have to get it working first using username and password access. Only when you know that works, can you then focus your attention on the PKI keys and certs. Until then you’re really thrashing about in the dark, not quite sure where the problem lies.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top