Header Shadow Image

«
»

Generate or Create SSH Keys Pair

This is a simple howto on generating keys.  For this post, we'll simply create a one way auto-login no passphrase key pair for use between one of our systems and our router.  However, we won't allow the router to autologin to the hosts.  First step in this is to generate the keys however do check if you already have an id_rsa and id_rsa.pub files so you don't overwrite them:

[root@mbpc .ssh]# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): id_rsa-dd-wrt
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
5e:3f:cf:a4:d5:2b:1a:e8:8c:05:f8:8a:04:41:59:23 root@mbpc
The key's randomart image is:
+–[ RSA 4096]—-+
|    E            |
| . + S           |
|  +              |
|   .   .         |
|  .   . . .      |
|   .   + o . . . |
|    .   o = + o  |
|   . . . = B + . |
|    . A . + + .  |
+—————–+
You have new mail in /var/spool/mail/root
[root@mbpc .ssh]#

This will create the two files:

[root@mbpc .ssh]# ls -altri id_rsa*
394155 -rw——-. 1 root root 3243 Jul 28 10:05 id_rsa
394162 -rw-r–r–. 1 root root  731 Jul 28 10:05 id_rsa.pub
[root@mbpc .ssh]#

 

Next, you'll want to copy the key in id_rsa.pub to the authorized_keys file on the DD-WRT router's ~/.ssh folder.  This is how it should look like:

root@DD-WRT-INTERNET:~/.ssh# ls -altri authorized_keys
2185117 -rw——-    1 root     root          731 Jul 28 16:20 authorized_keys
root@DD-WRT-INTERNET:~/.ssh#

 

Don't forget.  The authorized_keys file permissions need to be 600 otherwise trouble will follow.  Next, test the configuration:

[root@mbpc .ssh]# ssh 192.168.0.1
DD-WRT v24-sp2 std (c) 2010 NewMedia-NET GmbH
Release: 08/07/10 (SVN revision: 14896)
==========================================================

 ____  ___    __        ______ _____         ____  _  _
 | _ \| _ \   \ \      / /  _ \_   _| __   _|___ \| || |
 || | || ||____\ \ /\ / /| |_) || |   \ \ / / __) | || |_
 ||_| ||_||_____\ V  V / |  _ < | |    \ V / / __/|__   _|
 |___/|___/      \_/\_/  |_| \_\|_|     \_/ |_____|  |_|

                       DD-WRT v24-sp2
                   http://www.dd-wrt.com

==========================================================


BusyBox v1.13.4 (2010-08-07 06:53:22 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

root@DD-WRT-INTERNET:~#

And this configured your passless entry towards the DD-WRT router.  To do this in reverse, which we won't, you'd generate the keys on the DD-WRT (the target) then copy the keys into the corresponding authorized_keys file on the source.  Basically in reverse.

Cheers,
TK

This entry was posted on Sunday, July 28th, 2013 at 10:34 am and is filed under NIX Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
     
  Copyright © 2003 - 2025 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License

  

0
Would love your thoughts, please comment.x
()
x
The IT Development and Technology Mini Vault | MicroDevSys.com
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.