user@PC:~$ telnet 192.168.1.1
telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
BusyBox v1.15.3 (2010-04-06 04:08:20 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
Backfire (10.03, r20728) --------------------------
* 1/3 shot Kahlua In a shot glass, layer Kahlua
* 1/3 shot Bailey's on the bottom, then Bailey's,
* 1/3 shot Vodka then Vodka.
---------------------------------------------------
root@OpenWrt:/# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@OpenWrt:/# Connection closed by foreign host.
user@PC:~$ ssh root@192.168.1.1
root@192.168.1.1's password:
BusyBox v1.15.3 (2010-04-06 04:08:20 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
Backfire (10.03, r20728) --------------------------
* 1/3 shot Kahlua In a shot glass, layer Kahlua
* 1/3 shot Bailey's on the bottom, then Bailey's,
* 1/3 shot Vodka then Vodka.
---------------------------------------------------
root@OpenWrt:~#
Edit /etc/config/firewall
:
<snip> config rule option proto tcp option src wan option dest_port 22 option target ACCEPT <snip>
Create a keypair, and copy it to the router:
user@PC:~$ ssh-keygen -t dsa -f ~/.ssh/id_dsa_for_router
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jurjen/.ssh/id_dsa_for_router.
Your public key has been saved in /home/jurjen/.ssh/id_dsa_for_router.pub.
The key fingerprint is:
f2:6d:f6:95:97:74:ef:d8:2c:ff:07:d6:7e:ef:37:55 jurjen@stalin
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| |
| E|
| . S oo|
| o . +.*|
| . + .o++|
| o . ..B=|
| . .+/|
+-----------------+
user@PC:~$ ssh-copy-id -i ~/.ssh/id_dsa_for_router.pub root@10.0.43.44
root@10.0.43.44's password:
sh: /usr/X11R6/bin/xauth: not found
Now try logging into the machine, with "ssh 'root@10.0.34.44'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
... then on the router, move /root/.ssh/authorized_keys
to /etc/dropbear
, and disable password authentication in /etc/configure/dropbear
:
root@OpenWrt:~# mv ~/.ssh/authorized_keys /etc/dropbear
root@OpenWrt:~# rm -rf ~/.ssh
root@OpenWrt:~# cat /etc/config/dropbear
config 'dropbear'
option 'Port' '22'
option 'PasswordAuth' 'off'
root@OpenWrt:~#
... don't log out yet! and try the connection:
user@PC:~$ ssh -i ~/.ssh/id_dsa_for_router root@10.0.43.44
Enter passphrase for key '/home/jurjen/.ssh/id_dsa_for_router':
sh: /usr/X11R6/bin/xauth: not found
BusyBox v1.15.3 (2010-04-06 04:08:20 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
Backfire (10.03, r20728) --------------------------
* 1/3 shot Kahlua In a shot glass, layer Kahlua
* 1/3 shot Bailey's on the bottom, then Bailey's,
* 1/3 shot Vodka then Vodka.
---------------------------------------------------
Note | |
---|---|
If you did log out, and cannot get back in, you still have the web interface to re-enable password authentication for SSH or reset the password entirely. |