This is a simple howto on generating keys. For this post, we'll simply create a one way auto-login no passphrase key pair for use between one of our systems and our router. However, we won't allow the router to autologin to the hosts. First step in this is to generate the keys however do check if you already have an id_rsa and id_rsa.pub files so you don't overwrite them:
[root@mbpc .ssh]# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): id_rsa-dd-wrt
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+–[ RSA 4096]—-+
| E |
| . + S |
| + |
| . . |
| . . . . |
| . + o . . . |
| . o = + o |
| . . . = B + . |
| . A . + + . |
You have new mail in /var/spool/mail/root
This will create the two files:
[root@mbpc .ssh]# ls -altri id_rsa*
394155 -rw——-. 1 root root 3243 Jul 28 10:05 id_rsa
394162 -rw-r–r–. 1 root root 731 Jul 28 10:05 id_rsa.pub
Next, you'll want to copy the key in id_rsa.pub to the authorized_keys file on the DD-WRT router's ~/.ssh folder. This is how it should look like:
root@DD-WRT-INTERNET:~/.ssh# ls -altri authorized_keys
2185117 -rw——- 1 root root 731 Jul 28 16:20 authorized_keys
Don't forget. The authorized_keys file permissions need to be 600 otherwise trouble will follow. Next, test the configuration:
[root@mbpc .ssh]# ssh 192.168.0.1
DD-WRT v24-sp2 std (c) 2010 NewMedia-NET GmbH
Release: 08/07/10 (SVN revision: 14896)
____ ___ __ ______ _____ ____ _ _
| _ \| _ \ \ \ / / _ \_ _| __ _|___ \| || |
|| | || ||____\ \ /\ / /| |_) || | \ \ / / __) | || |_
||_| ||_||_____\ V V / | _ < | | \ V / / __/|__ _|
|___/|___/ \_/\_/ |_| \_\|_| \_/ |_____| |_|
BusyBox v1.13.4 (2010-08-07 06:53:22 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
And this configured your passless entry towards the DD-WRT router. To do this in reverse, which we won't, you'd generate the keys on the DD-WRT (the target) then copy the keys into the corresponding authorized_keys file on the source. Basically in reverse.