yorkspace.com

I ran into a little bit of a hiccup getting my OpenWRT NSLU2 device to automatically rsync to a remote host. It turns out that the dropbear ssh client works a bit differently when attempting to use key based authentication. In order to rsync files from a remote host using a cron script, this is critical. I found plenty of examples on setting up key based authentication using dropbear as the HOST, but not as the CLIENT. Here’s how I did it:

This assumes that the OpenWRT device is named ‘nas’ and the remote machine is ‘webhost’. The goal is to allow ‘nas’ to authenticate to ‘webhost’ using a key instead of a password.

First, generate your identity key on ‘nas’

dropbearkey -t rsa -f ~/.ssh/id_rsa

Since dropbear stores its keys in different format, it needs to be converted for a standard SSH server:

dropbearkey -y -f ~/.ssh/id_rsa | grep “^ssh-rsa ” >> authorized_keys

Now copy or (concatenate) ‘authorized_keys’ to ~/.ssh on ‘webhost’. Ensure that permissions on this file are set to 600.
You should now be able to ssh without a password.

root@nas:~# ssh user@webhost -i ~/.ssh/id_rsa

Notice that you need to explicitly specify the identity file on the command line. Dropbear does not automatically look for it like OpenSSH does.

Now that ssh works, I can easily perform an automated rsync:

rsync -avz -e “ssh -i /root/.ssh/id_rsa” user@webhost:some-file-there.txt some-file-here.txt

Hope that helps!

This entry was posted on Wednesday, April 8th, 2009 at 9:08 pm and is filed under Networking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.