Configuration Issues
Matt Johnston
matt at ucc.asn.au
Tue Jun 25 21:20:08 AWST 2019
Hi Kenny,
Is this a modified version of Dropbear? The standard location is /root/.ssh/authorized_keys (or ~/.ssh/authorized_keys for other users), though some distributions change it to /etc/dropbear/authorized_keys
If it isn't printing any message at all I would check that the key in that file is pasted correctly - newlines sometimes cause problems.
The permissions on the parent directory also need to be writable only by the user. By default logging in as root should work.
Cheers,
Matt
> On Tue 25/6/2019, at 12:05 pm, Kenny Koller <kenny at stealthspacecompany.com> wrote:
>
> Hi Matt,
>
> Thanks. The double login thing has gone away though I can't explain why due to a number changes that occurred.
>
> Presently I'm trying to login as root without a password. I use `dbclient root@<ip address> -i ~/.ssh/id_rsa`. This is a private key created by dropbear. On the embedded Linux system I have the public key in /etc/dropbear/authorized_keys. But it continues to prompt me for a password. Running with -F -E simply says that PAM authentication was successful. Permissions on the files in /etc/dropbear are 0600.
>
> Is there a restriction on root?
>
> Thanks,
>
> Kenny
>
>
> From: Matt Johnston <matt at ucc.asn.au>
> Sent: Sunday, June 23, 2019 1:31:52 AM
> To: Kenny Koller
> Cc: dropbear at ucc.asn.au
> Subject: Re: Configuration Issues
>
> Hi Kenny,
>
> I don't think I've seen that problem before. Does Dropbear log anything in /var/log/auth.log or similar?
> Or if logging isn't set up on the system, if you run dropbear -F -E it will log to the console.
> The clock shouldn't make any difference.
>
> Cheers,
> Matt
>
>> On Thu 20/6/2019, at 11:15 am, Kenny Koller <kenny at stealthspacecompany.com <mailto:kenny at stealthspacecompany.com>> wrote:
>>
>> Hi,
>>
>> I'm using Xilinx's 2019.1 Petalinux system which uses Dropbear 2018.76 by default. The target is
>> a Zynq 7000 running Linux.
>>
>> The first issue is that with the open-ssh client the first password attempt fails every time. The
>> second attempt works. This was before I configured any host/login keys. A console login does not
>> have this issue.
>>
>> The second issue is that with the host/login keys in place I continue to be prompted twice when
>> using ssh. With dbclient I am rejected altogether:
>>
>> radsys at radsys-nuc:~$ dbclient root at 10.160.33.150 <mailto:root at 10.160.33.150> -i ~/.ssh/id_rsa
>> root at 10.160.33.150 <mailto:root at 10.160.33.150>'s password:
>> root at 10.160.33.150 <mailto:root at 10.160.33.150>'s password:
>>
>> dbclient: Connection to root at 10.160.33.150 <mailto:root at 10.160.33.150>:22 exited: Error reading: Connection reset by peer
>>
>> My client system is Ubuntu 16.04 with the login (private) key stored as follows. It was generated
>> with dropbearkey:
>>
>> radsys at radsys-nuc:~$ ls -al .ssh
>> drwx------ 2 radsys radsys 4096 Jun 19 19:33 .
>> drwxr-xr-x 35 radsys radsys 4096 Jun 17 19:20 ..
>> -rw------- 1 radsys radsys 805 Jun 19 19:31 id_rsa
>>
>> On the server/embedded side I have the public portion of the private key above in authorized_keys
>> and a host key also generated using dropbearkey.
>>
>> root at radio:~# ls -al /etc/dropbear
>> drwxr-xr-x 2 root root 0 Jun 20 02:25 .
>> drwxr-xr-x 24 root root 0 Jun 20 02:26 ..
>> -rw------- 1 root root 393 Jun 20 02:25 authorized_keys
>> -rw------- 1 root root 805 Jun 20 02:25 dropbear_rsa_host_key
>>
>> Also, my clock is not set correctly on the embedded system. Is this an issue?
>>
>> Help would be greatly appreciated.
>>
>> Thanks,
>>
>> Kenny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20190625/5539d3b6/attachment-0001.htm
More information about the Dropbear
mailing list