Configuration Issues

Matt Johnston matt at ucc.asn.au
Tue Jun 25 21:20:08 AWST 2019


Hi Kenny,

Is this a modified version of Dropbear? The standard location is /root/.ssh/authorized_keys (or ~/.ssh/authorized_keys for other users), though some distributions change it to /etc/dropbear/authorized_keys
If it isn't printing any message at all I would check that the key in that file is pasted correctly - newlines sometimes cause problems.
The permissions on the parent directory also need to be writable only by the user. By default logging in as root should work.

Cheers,
Matt

> On Tue 25/6/2019, at 12:05 pm, Kenny Koller <kenny at stealthspacecompany.com> wrote:
> 
> Hi Matt,
> 
> Thanks. The double login thing has gone away though I can't explain why due to a number changes that occurred.
> 
> Presently I'm trying to login as root without a password. I use `dbclient root@<ip address> -i ~/.ssh/id_rsa`. This is a private key created by dropbear. On the embedded Linux system I have the public key in /etc/dropbear/authorized_keys. But it continues to prompt me for a password. Running with -F -E simply says that PAM authentication was successful. Permissions on the files in /etc/dropbear are 0600.
> 
> Is there a restriction on root?
> 
> Thanks,
> 
> Kenny
> 
> 
> From: Matt Johnston <matt at ucc.asn.au>
> Sent: Sunday, June 23, 2019 1:31:52 AM
> To: Kenny Koller
> Cc: dropbear at ucc.asn.au
> Subject: Re: Configuration Issues
>  
> Hi Kenny,
> 
> I don't think I've seen that problem before. Does Dropbear log anything in /var/log/auth.log or similar? 
> Or if logging isn't set up on the system, if you run dropbear -F -E it will log to the console.
> The clock shouldn't make any difference.
> 
> Cheers,
> Matt
> 
>> On Thu 20/6/2019, at 11:15 am, Kenny Koller <kenny at stealthspacecompany.com <mailto:kenny at stealthspacecompany.com>> wrote:
>> 
>> Hi,
>> 
>> I'm using Xilinx's 2019.1 Petalinux system which uses Dropbear 2018.76 by default. The target is
>> a Zynq 7000 running Linux.
>> 
>> The first issue is that with the open-ssh client the first password attempt fails every time. The
>> second attempt works. This was before I configured any host/login keys. A console login does not
>> have this issue.
>> 
>> The second issue is that with the host/login keys in place I continue to be prompted twice when
>> using ssh. With dbclient I am rejected altogether:
>> 
>> radsys at radsys-nuc:~$ dbclient root at 10.160.33.150 <mailto:root at 10.160.33.150> -i ~/.ssh/id_rsa
>> root at 10.160.33.150 <mailto:root at 10.160.33.150>'s password: 
>> root at 10.160.33.150 <mailto:root at 10.160.33.150>'s password: 
>> 
>> dbclient: Connection to root at 10.160.33.150 <mailto:root at 10.160.33.150>:22 exited: Error reading: Connection reset by peer
>> 
>> My client system is Ubuntu 16.04 with the login (private) key stored as follows. It was generated
>> with dropbearkey:
>> 
>> radsys at radsys-nuc:~$ ls -al .ssh
>> drwx------  2 radsys radsys 4096 Jun 19 19:33 .
>> drwxr-xr-x 35 radsys radsys 4096 Jun 17 19:20 ..
>> -rw-------  1 radsys radsys  805 Jun 19 19:31 id_rsa
>> 
>> On the server/embedded side I have the public portion of the private key above in authorized_keys
>> and a host key also generated using dropbearkey.
>> 
>> root at radio:~# ls -al /etc/dropbear
>> drwxr-xr-x    2 root     root             0 Jun 20 02:25 .
>> drwxr-xr-x   24 root     root             0 Jun 20 02:26 ..
>> -rw-------    1 root     root           393 Jun 20 02:25 authorized_keys
>> -rw-------    1 root     root           805 Jun 20 02:25 dropbear_rsa_host_key
>> 
>> Also, my clock is not set correctly on the embedded system. Is this an issue?
>> 
>> Help would be greatly appreciated.
>> 
>> Thanks,
>> 
>> Kenny

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20190625/5539d3b6/attachment-0001.htm 


More information about the Dropbear mailing list