Using Public Keys With Dropbear SSH Client
I ran into a little bit of a hiccup getting my OpenWRT NSLU2 device to automatically rsync to a remote host. It turns out that the dropbear ssh client works a bit differently when attempting to use key based authentication. In order to rsync files from a remote host using a cron script, this is critical. I found plenty of examples on setting up key based authentication using dropbear as the HOST, but not as the CLIENT. Here’s how I did it:
This assumes that the OpenWRT device is named ‘nas’ and the remote machine is ‘webhost’. The goal is to allow ‘nas’ to authenticate to ‘webhost’ using a key instead of a password.
First, generate your identity key on ‘nas’
dropbearkey -t rsa -f ~/.ssh/id_rsa
Since dropbear stores its keys in different format, it needs to be converted for a standard SSH server:
dropbearkey -y -f ~/.ssh/id_rsa | grep “^ssh-rsa ” >> authorized_keys
Now copy or (concatenate) ‘authorized_keys’ to ~/.ssh on ‘webhost’. Ensure that permissions on this file are set to 600.
You should now be able to ssh without a password.
root@nas:~# ssh user@webhost -i ~/.ssh/id_rsa
Notice that you need to explicitly specify the identity file on the command line. Dropbear does not automatically look for it like OpenSSH does.
Now that ssh works, I can easily perform an automated rsync:
rsync -avz -e “ssh -i /root/.ssh/id_rsa” user@webhost:some-file-there.txt some-file-here.txt
Hope that helps!