Header Shadow Image


Generate or Create SSH Keys Pair

This is a simple howto on generating keys.  For this post, we'll simply create a one way auto-login no passphrase key pair for use between one of our systems and our router.  However, we won't allow the router to autologin to the hosts.  First step in this is to generate the keys however do check if you already have an id_rsa and id_rsa.pub files so you don't overwrite them:

[root@mbpc .ssh]# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): id_rsa-dd-wrt
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
5e:3f:cf:a4:d5:2b:1a:e8:8c:05:f8:8a:04:41:59:23 root@mbpc
The key's randomart image is:
+–[ RSA 4096]—-+
|    E            |
| . + S           |
|  +              |
|   .   .         |
|  .   . . .      |
|   .   + o . . . |
|    .   o = + o  |
|   . . . = B + . |
|    . A . + + .  |
+—————–+
You have new mail in /var/spool/mail/root
[root@mbpc .ssh]#

This will create the two files:

[root@mbpc .ssh]# ls -altri id_rsa*
394155 -rw——-. 1 root root 3243 Jul 28 10:05 id_rsa
394162 -rw-r–r–. 1 root root  731 Jul 28 10:05 id_rsa.pub
[root@mbpc .ssh]#

 

Next, you'll want to copy the key in id_rsa.pub to the authorized_keys file on the DD-WRT router's ~/.ssh folder.  This is how it should look like:

root@DD-WRT-INTERNET:~/.ssh# ls -altri authorized_keys
2185117 -rw——-    1 root     root          731 Jul 28 16:20 authorized_keys
root@DD-WRT-INTERNET:~/.ssh#

 

Don't forget.  The authorized_keys file permissions need to be 600 otherwise trouble will follow.  Next, test the configuration:

[root@mbpc .ssh]# ssh 192.168.0.1
DD-WRT v24-sp2 std (c) 2010 NewMedia-NET GmbH
Release: 08/07/10 (SVN revision: 14896)
==========================================================

 ____  ___    __        ______ _____         ____  _  _
 | _ \| _ \   \ \      / /  _ \_   _| __   _|___ \| || |
 || | || ||____\ \ /\ / /| |_) || |   \ \ / / __) | || |_
 ||_| ||_||_____\ V  V / |  _ < | |    \ V / / __/|__   _|
 |___/|___/      \_/\_/  |_| \_\|_|     \_/ |_____|  |_|

                       DD-WRT v24-sp2
                   http://www.dd-wrt.com

==========================================================


BusyBox v1.13.4 (2010-08-07 06:53:22 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

root@DD-WRT-INTERNET:~#

And this configured your passless entry towards the DD-WRT router.  To do this in reverse, which we won't, you'd generate the keys on the DD-WRT (the target) then copy the keys into the corresponding authorized_keys file on the source.  Basically in reverse.

Cheers,
TK

Leave a Reply

You must be logged in to post a comment.


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License