I ran into a little bit of a hiccup getting my OpenWRT NSLU2 device to automatically rsync to a remote host. It turns out that the dropbear ssh client works a bit differently when attempting to use key based authentication. In order to rsync files from a remote host using a cron script, this is critical. I found plenty of examples on setting up key based authentication using dropbear as the HOST, but not as the CLIENT. Here’s how I did it:
This assumes that the OpenWRT device is named ‘nas’ and the remote machine is ‘webhost’. The goal is to allow ‘nas’ to authenticate to ‘webhost’ using a key instead of a password.
First, generate your identity key on ‘nas’
dropbearkey -t rsa -f ~/.ssh/id_rsa
Since dropbear stores its keys in different format, it needs to be converted for a standard SSH server:
dropbearkey -y -f ~/.ssh/id_rsa | grep “^ssh-rsa ” >> authorized_keys
Now copy or (concatenate) ‘authorized_keys’ to ~/.ssh on ‘webhost’. Ensure that permissions on this file are set to 600.
You should now be able to ssh without a password.
root@nas:~# ssh user@webhost -i ~/.ssh/id_rsa
Notice that you need to explicitly specify the identity file on the command line. Dropbear does not automatically look for it like OpenSSH does.
Now that ssh works, I can easily perform an automated rsync:
rsync -avz -e “ssh -i /root/.ssh/id_rsa” user@webhost:some-file-there.txt some-file-here.txt
Hope that helps!
yorkspace.com 
Interesting article; I learnt a whole lot from it.
However, I’d like to suggest that you replace ‘ssh’ with ‘dbclient’ being that ESXi does not have the ‘ssh’ command. It could be that you have created a symbolic link to ‘dbclient’ named ‘ssh’ but for completeness, best to specify the default executable used by ESXi.
Cheers,
Anthony.
Nice tutorial. This was the ONLY article explaining the use of dropbear as a client i found via Google. Thanks Guy!
Worked on the first try – I am using an Android smart phone to SSH via wireless into a server.
Thank you thank you!
Pingback: SSH and GIT on Android with Terminal IDE
“explicitly specify the identity file on the command line” nice tip. was scratching my head on this one for some time before finding your article.
Thanks for this post! I was lost with ssh and rsync FROM my OpenWRT computer to the
outside world. Everything else I found only talked about going TO the OpenWRT computer
from the outside world:) Dropbear is supposed to take less memory but it is a bit of a pain
in that it is an incomplete clone of OpenSSH. Small details are often when hangs us up,
not the big picture:-)
Nice tutorial! This is the yet only one that explains use of dropbear as a client.
Pingback: Kian Ryan » SSH on Android
This really helped!!!
Pingback: Finally got a keyboard case for the Galaxy Tab 10.1 « alaya:techne
Thank you works great on dreambox 500s 🙂
Pingback: Owncloud upload via rsync from openwrt – Sprinternet Blog
I needed this to automatically copy files from my vu+ linux reciever. Works great! Thank you!
Really nice tutorial! Thanks.
The only thing on DD-WRT is that the created id_rsa key will be deleted on every reboot of dd-wrt router, because the .ssh dir is on tmp dir.
Is there any solution?
Thanks so far.
1.5 year later, here’s a possible answer 🙂
https://forum.openwrt.org/viewtopic.php?pid=22876#p22876
It’s never too late!
All of this should be written in the OpenWRT wiki actually. I don’t mind doing it if the op is ok!
There I see some naming convention problems. Dropbear does not generate/use openssh private key “id_rsa”. This make many trouble in technical forums. Therefore:
To generate private key for dropbear:
dropbearkey -t rsa -f ~/.ssh/dropbear_priv_rsa
To extract and insert public key to dropbear server:
dropbearkey -y -f ~/.ssh/dropbear_priv_rsa | grep “^ssh-rsa ” >> authorized_keys
To connect using ssh key authentication from dropbear client to dropbear server:
ssh -i ~/.ssh/dropbear_priv_rsa user@webhost
To produce priivate key for connection from openssh client to dropbear server:
dropbearconvert dropbear openssh ~/.ssh/dropbear_priv_rsa ~/.ssh/id_rsa.
To connection from openssh client to dropbear server:
ssh -i ~/.ssh/id_rsa user@webhost
By the way, if you’re running the dropbear server, it has a forwarding agent that will also automatically use a key. It just isn’t ‘~/.ssh/id_rsa’ by default. If you generate the key into ~/.ssh/id_dropbear (or copy it there) it will automatically use that if not otherwise changed via command line switch.
Still working eight years after posting. This was really helpful; thanks.
I am using a Satellite receiver (Dreambox) as my client and found a complication with this line:-
dropbearkey -y -f ~/.ssh/id_rsa | grep “^ssh-rsa ” >> authorized_keys
Changing the key format didn’t appear necessary.
After running:-
dropbearkey -t rsa -f ~/.ssh/id_rsa
the display showed the public-key part of the key on the screen.
I copied this – omitting the finger print line. I then directly placed it as a line in ‘authorized_keys’ on my remote server by hand.
Everything then worked fine.
Pingback: Resolved: Does Dropbear know what a ~/.ssh/config file is? - Resolved Problem