Support for sk-ed25519 Keys?

[Helipil0t]

I've recently moved all my servers over to using sk-ed25519 with a Yubikey Challenge and Response. Most are running OpenSSH 8.2 or greater which fully supports it. I've seen commits adding support to Dropbear here:

GitHub - mkj/dropbear at matt-sk

Dropbear SSH. Contribute to mkj/dropbear development by creating an account on GitHub.

github.com

Any plans on getting this supported in future builds?
My other options is to figure out how to get OpenSSH going with optware. If anyone has done this successfully I'd be open to getting a few tips.

Thanks!

 

[sfx2000]

My other options is to figure out how to get OpenSSH going with optware.

probably better to get openssh working in the longer term - you'll get better yubi-key community support with openssh

Mucking about with dropbear isn't as much of a hassle with build breaking compared to busybox, but still enough to think twice before doing...

IIRC, ed25519 was merged into the dropbear code base some time back, and OpenWRT did recently pick up for their 21.02 release.

 

[Helipil0t]

I'm having a hell of a time getting openssh going here. I've installed openssh-server via entware, created keys in the proper locations, (group.add gshadow.add passwd.add shadow.add)

It's not recognizing my admin account and asks for password.

Account admin has expired
Could not get shadow information for NOUSER
Failed none for invalid user admin from 192.168.1.85 port 44646 ssh2
debug1: userauth-request for user admin service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:REDACTED [preauth]
debug1: userauth-request for user admin service ssh-connection method keyboard-interactive [preauth]

Anyone have a guide that I could use to get this going? I've done this on a qnap device before with no issues. AsusMerlin not playing well.