Login with SSH-Keys

Troubleshooting
1

Hello,

I wanted to log in to DietPi with SSH keys in the future. With puTTYGen I have already created a pub and private key.

Under nano ~/.ssh/authorized_keys I entered my pub key.
Can I use these keys also with Dropbear or only with OpenSSH?

I wanted to create under

  • sudo nano /etc/ssh/sshd_config
    -RSAAuthentication yes
    -PubkeyAuthentication yes
    -but found only PubkeyAuthentication

Likewise I wanted to enter
-PasswordAuthentication no
-Execute UsePAM no

Does this also work with Dropbear, or would you rather use OpenSSH directly?

Thanks

2

That’s right. It will work with both.

PubkeyAuthentication yes is the default value even when commented. The other one with RSA is not found in the default config, but it is not needed.

In dropbear you’ll have to edit the /etc/default/dropbear and pass all these options as extra arguments.

3

Thanks trendy

What is the correct command for disable the root login?
dropbear -g

sudo nano /etc/default/dropbear
RootPasswordAuth=0 from: https://openwrt.org/docs/guide-user/base-system/dropbear
or
PasswordAuthentication no

Greetings :slight_smile:

4

you should adjust /etc/default/dropbear and change DROPBEAR_EXTRA_ARGS=-g -w. Restart service afterwards.

https://linux.die.net/man/8/dropbear

5

Thanks, after changing the dropbear file I can no longer log on to the raspberry with ssh. Must probably connect monitor/keyboard again and change the config. (Connection refused with putty)

Basically my login works via ssh key file

6

could you check if dropbear is still running once connected locally?

7

2021-09-16 08_35_29-IMG_20210916_083315.jpg - IrfanView (Zoom_ 1553 x 1165).jpg
2021-09-16 08_35_29-IMG_20210916_083315.jpg - IrfanView (Zoom_ 1553 x 1165).jpg1374×1089 387 KB

8

Pls remove -w option and restart the service

9

Thank you Joulinar
SSH works again, should be fine nowm can’t enter my password :slight_smile:
2021-09-16 09_19_02-192.168.176.30 - PuTTY.png

10

Most likely you still have -g option which doesn’t allow the root to login with password. Either remove that option or login first as dietpi.

11

In fact, I can still log in with user dietpi and the password, not with root.

Also here is DROPBEAR_EXTRA_ARGS=-gentered.
Should I log in first with dietpi and there
DROPBEAR_EXTRA_ARGS=-g?

Doesn’t it make sense to disable the password for both logins if I only log in with an ssh key? Thanks

12

Just have a look to the man page I linked above. There you have all possible options. Just use -s options instead of -g if you like to disable password login for all user.

13

It makes sense, but first you need to make sure you can login with ssh keys before disabling password login globally to avoid getting locked out.

14

trendy Joulinar

Done. Both passwords disabled, SSH-Key is working :slight_smile:
Thanks! learnt alot again! :slight_smile:

15

Hello. I want to use shh keys login to my DietPi from 2 laptops and one smartphone. As I understand I have to generate private keys and public keys on each device and copy public keys to DietPi? Do I have to generate also in DietPi? What if I will have to login one time from some other computer?
Regards,
Przemko

16

just creating and using keys will not automatically disable user/password login. Means you can loin from every other system still. Disabling password setting is something that would need to be done in addition if required.

17

Thanks for answer. I think I will not use another computers if I will use smartphone. Can You tell me how to disable password login to DietPi? Only to login with keys?
Regards.

18

depends on your SSH server. Both Dropbear and OpenSSH working differently.

19

I use openssh. I make first step and generate keys on smartphone in juiceSSH app. I mkdir ~/.ssh and file authorised_keys. Copy public key here.

20

Maybe this guide could help a little bit. https://upcloud.com/community/tutorials/use-ssh-keys-authentication/

Probably not all sections are needed