2011-02-21 16:30:18     ssh rsa question

Document created by Aaronwu Employee on Aug 26, 2013
Version 1Show Document
  • View in full screen mode

2011-02-21 16:30:18     ssh rsa question

Oliver Svenson (GERMANY)

Message: 98309   


Hello everybody,


I have some problems with ssh and rsa key. It's basically the same problem than this one




But this thread doesn't provide a solution at all.


I check out the dropbear directory and read the README. After a few hours without success I decided to ask you for some more practical information.




The Problem:


I want to execute a command on the blackfin board from a Windows PC using ssh from a shell or PuTTy.


Blackfin is the ssh server, PC is client. User on Blackfin (uclinux) side is root


1. On uclinux side (server) I have to use the id_rsa.pub (public) key, right?


2. Where do I have to but the id_rsa.pub key? That means which directory (path)? Is it /root/.ssh or /etc/ssh or /etc/dropbear or anything else?


3. Do I really have to convert the id_rsa.pub key to dropbear format?


4. Do I need the file 'authorized_keys' and where (path)?




Thanks in advance




2011-02-21 16:50:37     Re: ssh rsa question

Mike Frysinger (UNITED STATES)

Message: 98310   


key conversion is not needed in this situation.  simply place the *contents* of your pub key into the user's ~/.ssh/authorized_keys.




2011-02-21 17:01:29     Re: ssh rsa question

Oliver Svenson (GERMANY)

Message: 98311   


Okay, no conversion.


But I want to login as root, so there is no standard home directory. Where do i have to place the key?


Is it 'root/.ssh/' ?




2011-02-21 17:05:33     Re: ssh rsa question

Mike Frysinger (UNITED STATES)

Message: 98312   


you must make sure the home directory registered in /etc/passwd exists.  dropbear doesnt special case anything, so it doesnt care if you're logging in as "root" or "foo" or "monkey" ... your /etc/passwd must match reality.




2011-02-21 17:10:58     Re: ssh rsa question

Oliver Svenson (GERMANY)

Message: 98313   


Okay, I see. I'll check this.


And what about the 'dropbear_rsa_host_key'?


I'm not shure if this is needed in addition or not.


Sorry for the question but the description in dropbear README is a little bit confusing.




2011-02-21 17:39:28     Re: ssh rsa question

Mike Frysinger (UNITED STATES)

Message: 98314   


the dropbear server always needs its own set of keys.  these are the "server keys" and are used to encrypt all traffic.


the keys you are talking about to automate login are the "client keys".  these are only used to authenticate your identity.


obviously you dont want to let the private server keys get exposed as then anyone can decrypt your traffic ... might as well use telnet at that point.


exposing the private client keys "merely" gets you access to users who have authorized them.




2011-02-21 17:53:13     Re: ssh rsa question

Oliver Svenson (GERMANY)

Message: 98315   


I'll have a look at it tomorrow. It's 11:45pm here and should get some sleep.


Thank you so far.




2011-02-22 04:32:54     Re: ssh rsa question

Oliver Svenson (GERMANY)

Message: 98330   


Hello again,


after a few hours of sleep I'm happy to tell you that it is working now.


The home directory for user root  was /tmp


I don't know why, but '/tmp' is allways cleared after restarting the blackfin uclinux board. That didn't work.


So I changed the home directory for user root in the file '/etc/passwd' from '/tmp' to '/root'


In addition I created the directory '/root' and the sub directory '/root/.ssh' on the host.


On the PC I gererated the rsa key pair with 'ssh-keygen -t rsa'. The private key 'id_rsa' had to move to the users home directory in sub directory .ssh (for example C:\Dokumente und Einstellungen\svenson\.ssh)


A copy of the public key 'id_rsa.pub' was moved to the users home on the host (remember this is changed to /root for root).


So in the end there is a directory '/root/.ssh' on the host containing the public key 'id_rsa.pub' renamed to 'authorized_keys' and a '.ssh' directory in the users home containig the private key 'id_rsa'.


The public key is NOT converted the dropbear format (only needed for ssh client)




With your help I could manage to login without typing a password. Here is a copy of the dos box output.


C:\Dokumente und Einstellungen\svenson\.ssh>ssh root@



BusyBox v1.12.4 (2010-11-15 13:05:46 UTC) built-in shell (msh)

Enter 'help' for a list of built-in commands.




I wrote this summary for anyone that has the same problem and I hope this will save your precious time.


Thank you very much for helping