Using Public Keys With Dropbear SSH Client

I ran into a little bit of a hiccup getting my OpenWRT NSLU2 device to automatically rsync to a remote host. It turns out that the dropbear ssh client works a bit differently when attempting to use key based authentication. In order to rsync files from a remote host using a cron script, this is critical. I found plenty of examples on setting up key based authentication using dropbear as the HOST, but not as the CLIENT. Here’s how I did it:

This assumes that the OpenWRT device is named ‘nas’ and the remote machine is ‘webhost’. The goal is to allow ‘nas’ to authenticate to ‘webhost’ using a key instead of a password.

First, generate your identity key on ‘nas’

dropbearkey -t rsa -f ~/.ssh/id_rsa

Since dropbear stores its keys in different format, it needs to be converted for a standard SSH server:

dropbearkey -y -f ~/.ssh/id_rsa | grep “^ssh-rsa ” >> authorized_keys

Now copy or (concatenate) ‘authorized_keys’ to ~/.ssh on ‘webhost’. Ensure that permissions on this file are set to 600.
You should now be able to ssh without a password.

root@nas:~# ssh user@webhost -i ~/.ssh/id_rsa

Notice that you need to explicitly specify the identity file on the command line. Dropbear does not automatically look for it like OpenSSH does.

Now that ssh works, I can easily perform an automated rsync:

rsync -avz -e “ssh -i /root/.ssh/id_rsa” user@webhost:some-file-there.txt some-file-here.txt

Hope that helps!

This entry was posted in Networking. Bookmark the permalink.

14 Responses to Using Public Keys With Dropbear SSH Client

  1. Anthony Kamau says:

    Interesting article; I learnt a whole lot from it.

    However, I’d like to suggest that you replace ‘ssh’ with ‘dbclient’ being that ESXi does not have the ‘ssh’ command. It could be that you have created a symbolic link to ‘dbclient’ named ‘ssh’ but for completeness, best to specify the default executable used by ESXi.


  2. Christian Meißner says:

    Nice tutorial. This was the ONLY article explaining the use of dropbear as a client i found via Google. Thanks Guy!

  3. btammaster says:

    Worked on the first try – I am using an Android smart phone to SSH via wireless into a server.
    Thank you thank you!

  4. Pingback: SSH and GIT on Android with Terminal IDE

  5. Allen says:

    “explicitly specify the identity file on the command line” nice tip. was scratching my head on this one for some time before finding your article.

  6. Delbert says:

    Thanks for this post! I was lost with ssh and rsync FROM my OpenWRT computer to the
    outside world. Everything else I found only talked about going TO the OpenWRT computer
    from the outside world:) Dropbear is supposed to take less memory but it is a bit of a pain
    in that it is an incomplete clone of OpenSSH. Small details are often when hangs us up,
    not the big picture:-)

  7. Boozeman says:

    Nice tutorial! This is the yet only one that explains use of dropbear as a client.

  8. Pingback: Kian Ryan » SSH on Android

  9. Guest says:

    This really helped!!!

  10. Pingback: Finally got a keyboard case for the Galaxy Tab 10.1 « alaya:techne

  11. bazoo says:

    Thank you works great on dreambox 500s 🙂

  12. Pingback: Owncloud upload via rsync from openwrt – Sprinternet Blog

  13. Robert says:

    I needed this to automatically copy files from my vu+ linux reciever. Works great! Thank you!

  14. km65 says:

    Really nice tutorial! Thanks.
    The only thing on DD-WRT is that the created id_rsa key will be deleted on every reboot of dd-wrt router, because the .ssh dir is on tmp dir.
    Is there any solution?
    Thanks so far.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s