Changes

'''Secure Shell''' ('''SSH''') is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.

'''Secure Shell''' ('''SSH''') is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.

Typically an SSH login involves specifying a user name, IP address or hostname and the password for the user. When you login to a certain IP address/hostname, the system generates a public/private rsa key pair between the two parties. There is a possibility to login to via SSH using only this type'''key''' with the help of the '''dropbear''' service, thus, eliminating the password step. This article provides instructions on how to set up public key authentication for logging in to a RUTxxx router via SSH using a Windows OS. For the Linux guide, click '''[[SSH public key authentication (Linux)|here]]'''.

Typically an SSH login involves specifying a user name, IP address or hostname and the password for the user. When you login to a certain IP address/hostname, the system generates a public/private RSA key pair between the two parties. There is a possibility to login to via SSH using only that type of '''key''' with the help of the '''dropbear''' service, thus, eliminating the password step. This article provides instructions on how to set up public key authentication for logging in to a RUTxxx router via SSH using a Windows OS. For the Linux guide, click '''[[SSH RSA key authentication (Linux)|here]]'''.

==Prerequisites==

==Prerequisites==

</li>

</li>

<li>

<li>

If you're using SSH remotely, don't forget to use the router's public IP address when logging in and enable remote SSH access on the router. You can do that by logging in to router's WebUI and navigating to '''System → Administration → Access Control'''. When there, place a check mark next to the "Remote SSH access field" and click "Save":

If you're using SSH remotely, don't forget to use the router's public IP address when logging in and enable remote SSH access on the router. You can do that by issuing the following commands:

[[File:How to enable remote ssh access.png]]

uci set firewall.@rule[5].enabled=1

/etc/init.d/firewall restart

</li>

</li>

</ul>

</ul>

<pre>

<pre>

uci set dropbear.@dropbear[0].PasswordAuth=off

uci set dropbear.@dropbear[0].PasswordAuth=off

uci commit dropbear

uci commit

/etc/init.d/dropbear restart

/etc/init.d/dropbear restart

</pre>

</pre>

<pre>

<pre>

uci set dropbear.@dropbear[0].RootPasswordAuth=off

uci set dropbear.@dropbear[0].RootPasswordAuth=off

uci commit dropbear

uci commit

/etc/init.d/dropbear restart

/etc/init.d/dropbear restart

</pre>

</pre>

<pre>

<pre>

uci set dropbear.@dropbear[0].PasswordAuth=on #### use uci set dropbear.@dropbear[0].RootPasswordAuth=on instead if you had only disabled password authentication for root

uci set dropbear.@dropbear[0].PasswordAuth=on #### use uci set dropbear.@dropbear[0].RootPasswordAuth=on instead if you had only disabled password authentication for root

uci commit dropbear

uci commit

/etc/init.d/dropbear restart

/etc/init.d/dropbear restart

</pre>

</pre>

==See also==

==See also==

* [[SSH public key authentication (Linux)]] - the same guide but aimed at Linux users

* [[SSH RSA key authentication (Linux)]] - the same guide but aimed at Linux users

* [[Command line interfaces]] - descriptions and instruction for all types of command line interfaces supported by RUTxxx devices

* [[Command line interfaces]] - descriptions and instruction for all types of command line interfaces supported by RUTxxx devices

* https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html - PuTTY downloads page

* https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html - PuTTY downloads page