569
edits
Changes
SSH RSA key authentication (Linux) (view source)
Revision as of 14:40, 2 August 2023
, 14:40, 2 August 2023no edit summary
<pre>
<pre>
ssh-keygen
ssh-keygen
</pre>
</pre>When prompted, enter the file name, for example '''rsa_key'''. Two file will then be generated: '''rsa_key''' (private) and '''rsa_key.pub''' (public).
</li>
</li>
----
----
Next, we'll have to add the key to your RUTxxx router. Simply execute this command via a Terminal (replace the IP address with your router's IP):
Next, we'll have to add the key to your RUTxxx router. Simply execute this command via a Terminal (replace the IP address with your router's IP):
<pre>
<pre>
ssh-copy-id [email protected]
ssh-copy-id -i rsa_key.pub [email protected]
</pre>
</pre>
</li>
</li>
----
----
<li>
<li>
At this point, the configuration is complete. To test it, terminate your current SSH connection (you can do so by executing the ''exit'' command) and try logging in again - if everything is in order, the router should no longer require a password when connecting via SSH.
At this point, the configuration is complete. To test it, terminate your current SSH connection (you can do so by executing the ''exit'' command) and try logging in again - if everything is in order, the router should no longer require a password when connecting via SSH when using the command:<pre>
</li>
ssh -i rsa_key [email protected].1
</pre></li>
----
----
<li>
<li>
</li>
</li>
<li>
<li>
If you're using SSH remotely, don't forget to use the router's public IP address when logging in and enable remote SSH access on the router. You can do that by logging in to router's WebUI and navigating to '''System → Administration → Access Control'''. When there, place a check mark next to the "Remote SSH access field" and click "Save":
If you're using SSH remotely, don't forget to use the router's public IP address when logging in and enable remote SSH access on the router. You can do that by issuing the following commands:
[[File:How to enable remote ssh access.png]]
<pre>
uci set firewall.@rule[5].enabled=1
uci commit
/etc/init.d/firewall restart
</pre>
</li>
</li>
</ul>
</ul>
<pre>
<pre>
uci set dropbear.@dropbear[0].PasswordAuth=off
uci set dropbear.@dropbear[0].PasswordAuth=off
uci commit dropbear
uci commit
/etc/init.d/dropbear restart
/etc/init.d/dropbear restart
</pre>
</pre>
<pre>
<pre>
uci set dropbear.@dropbear[0].RootPasswordAuth=off
uci set dropbear.@dropbear[0].RootPasswordAuth=off
uci commit dropbear
uci commit
/etc/init.d/dropbear restart
/etc/init.d/dropbear restart
</pre>
</pre>
<pre>
<pre>
uci set dropbear.@dropbear[0].PasswordAuth=on #### use uci set dropbear.@dropbear[0].RootPasswordAuth=on instead if you had only disabled password authentication for root
uci set dropbear.@dropbear[0].PasswordAuth=on #### use uci set dropbear.@dropbear[0].RootPasswordAuth=on instead if you had only disabled password authentication for root
uci commit dropbear
uci commit
/etc/init.d/dropbear restart
/etc/init.d/dropbear restart
</pre>
</pre>
* [[SSH RSA key authentication (Windows)]] - the same guide but aimed at Windows users
* [[SSH RSA key authentication (Windows)]] - the same guide but aimed at Windows users
* [[Command line interfaces]] - descriptions and instruction for all types of command line interfaces supported by RUTxxx devices
* [[Command line interfaces]] - descriptions and instruction for all types of command line interfaces supported by RUTxxx devices
[[Category:Router control and monitoring]]