Dropbear Public Key Authentication

Good day, I tried to log in with a public/private key (I use SSH dropbear) by following these steps:

ssh-copy-id dietpi@ipserver

In this case I throw a permission error because I have disabled access to ssh with root user, so I had to re-enable the root user to ssh and run the command in mention

ssh-copy-id root@ipserver

The authorized key is placed in /etc/dropbear/authorized_keys

after copying /etc/dropbear/authorized_keys to /home/dietpi/.ssh/authorized_keys that is my user, since I want to use it in a specific user not at root, as it will be disabled later

later switch permits

chmod 700 /etc/dropbear
chmod 600 /etc/dropbear/authorized_keys

However, SSH access doesn’t work through the public/private key, you could help me please if I’m doing something wrong, thank you and greetings

How do you connect via ssh? What client to you use?

Hi, thanks for answer, I’m using cygwin64, But the problem is that he doesn’t ask me for the private public key, he just asks me for the password and lets me in without problems. Regards

I never used cygwin but is there a point within client configuration where you can specify the privat SSH key to be used? At least this is how it works within Putty.

I am also using non-root user to login.
Public keys are stored in ~/.ssh/authorized_keys

Thank you for answering, you could confirm to me if the way I mention is the right way to start session? And you could explain to me how you connect with your private public keys, thank you.

Do a ls -la to verify that the permissions are good.
Then you need to specify where the private key is on the ssh client. By default they are in the same folder.

Location should be correct. Personally, I use Putty SSH client. There I can specify user and privat key file to be used.

Important to have correct permissions.

chmod 700 /home/dietpi/.ssh
chmod 600 /home/dietpi/.ssh/authorized_keys
Jan 17 18:05:04 DietPiProd dropbear[27309]: Pubkey auth succeeded for 'dietpi' with key sha1!! a7:x from 192.168.0.x

Think it generates bad the keys I’m a little lost, I attach the catches the way I try to connect and permits, if you see any mistake I’ll appreciate your feedback.

How I try to connect with private key :

$ ssh -i id_rsa dietpi@
dietpi@'s password:

sudo chown dietpi:dietpi /home/dietpi/.ssh/authorized_keys

With this change you automatically connect to the dietpi user, but using the traditional method, is it normal? If I use another ssh client requests password that I guess is correct, I hope your feedback.

The whole point is to let the owner of the private key without password. The rest login by entering the password.

I understand that part, but my doubt is if it is normal to log in without specifying the key, as I show in the video or what I did wrong, thanks and greetings

where is the private key located? Within the same client directory you start the SSH session from?

From man ssh

 -i identity_file
         Selects a file from which the identity (private key) for public
         key authentication is read.  The default is ~/.ssh/id_dsa,
         ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
         ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa.  Identity files may also
         be specified on a per-host basis in the configuration file.  It
         is possible to have multiple -i options (and multiple identities
         specified in configuration files).  If no certificates have been
         explicitly specified by the CertificateFile directive, ssh will
         also try to load certificate information from the filename ob‐
         tained by appending -cert.pub to identity filenames.

So if your private key is found in there and matches, you’re good to go.


A known bug in ssh-copy-id btw: [ssh-copy-id] Do not treat Dropbear special by MichaIng · Pull Request #250 · openssh/openssh-portable · GitHub

This is the commit which broke it (“as in OpenWRT” means special handling for non-default Dropbear usage…): git.hands.com Git - ssh-copy-id.git/commit

Sadly Philip is not answering my emails.

I think, if this is the route:

ksl6s@PC-DESKTOPL-BETO ~/.ssh
$ pwd

ksl6s@PC-DESKTOPL-BETO ~/.ssh
$ ls
id_rsa  id_rsa.pub  known_hosts  known_hosts.old

Thanks to everyone it seems to be a matter of permission and my ignorance of how the connection ssh works through private keys, greetings and thanks again