I have switched back to dropbear from openssh. I had given up on dropbear for some time because I could not get some things to work. Well, now I have sorted out what went wrong:
1. On the Nanonotes, I used dropbearkey -t rsa -f /root/.ssh/id_rsa > nn_pub_key to generate the keys for ssh. In the first attempt, I had just used the keys generated by openssh and could not get dropbear to work. However, I may have had other errors in my usage. We need to redirect the output from the command to a file because "dropbearkey" writes the public key to standard output. If you goof that up somehow, dropbearkey can create the public key from the private key, which I placed in /root/.ssh/id_rsa, the place that openssh uses. Just run: dropbearkey -y -f /root/.ssh/id_rsa | grep "^ssh-rsa" > nn_pub_key Then set up copies of "authorized_keys" on each machine as needed. Please consult the Web for how to do that-lots of info exits for that setup on the web. I searched for the individual words: "public private ssh key password" and got lots of hits:) Pick the one that makes sense in your case and perhaps for your desktop Linux distribution or even some MSW strain. 2. One important item: dropbear does not look for the authorized_keys file where openssh places it. Openssh looks for it in /root/.ssh. Dropbear looks for it in /etc/dropbear. So what I do is place a link in /etc/dropbear to /root/.ssh/authorized_keys. Execute in /etc/dropbear ln -s /root/.ssh/authorized_keys authorized_keys and both openssh and dropbear will be happy:) 3. A copy of the public key from every machine on your LAN should be placed in the authorized_keys file, given that you might want to use scp or ssh on or to each machine. Once this is done, ssh and scp from openssh will work. Both look in the home directory under .ssh for the copy of authorized_keys and for the private key. However, dropbear DOES NOT do that. You must give the location of the private key in the command line every time, or create a script that does it for you! It took quite some searching to find this. OpenWRT is used on routers. Almost every web page gave good information on what had to be done to ssh, using openssh, TO the router running OpenWRT. However, my problems were using ssh from dropbear FROM the "router", my Nanonote. Every time I used ssh or scp on a Nanonote to go elsewhere, I got a request for the password on the destination machine! I finally found http://yorkspace.wordpress.com/2009/04/08/using-public-keys-with-dropbear-ssh-client/ which solved the problem and told me that dropbear does not have a default location for the private key. So to ssh to some other machine from one of my Nanonotes on my LAN I use: ssh -i /root/.ssh/id_rsa i7 if I want to ssh to my desktop. More typically I would be doing scp from the Nanonote since there is little point in sshing to my desktop because the desktop has a much better keyboard than does the tiny Nanonote:) To do a copy of the file, vi.help, from the Nanonote to i7, I use: scp -i /root/.ssh/id_rsa vi.help i7:/root and I don't have to type i7's eight-character password on the tiny keys of the Nanonote! Using ssh with rsync, which I have implemented to back up my Nanonotes to my desktop machine, requires using a special format. See the above referenced web page for more information. The same goes for using git. One must always tell ssh or scp from dropbear where to find the private key of the source machine, that is, the one on which the ssh or scp command is issued. Dropbear, with these changes then works well on the Nanonote. It is really unclear, but I think dropbear has about half the memory footprint of openssh. As always, assigning memory to a process under Linux is a bit of a challenge. On one test of a transfer of a large ASCII file, I found that dropbear is also about 30% slower than openssh. However, given the small memory on the Nanonote, I have opted for smaller memory, at least for now. In time, dropbear may get faster, because it appears to be "young" compared to openssh:) Hope this helps someone else--I spent hours solving what turned out to have a simple solution. Happens a lot in the land of hardware and software, doesn't it? Delbert _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
