Unable to login into router using passwordless connection to dropbear

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Copy local ssh key to router with:
  copy cat $HOME/.ssh/id_dsa.pub | ssh -o PreferredAuthentications=password admin@192.168.1.1 "cat - >> ~/authorized_keys"
2. login into router (using password method) and put key into place:
  ssh -o PreferredAuthentications=password admin@192.168.1.1
  mv authorized_keys /usr/local/root/.ssh/authorized_keys
  rm /usr/local/etc/dropbear/*
  flashfs save && flashfs commit && flashfs enable && reboot

3. from local computer try to login... and get a failure message:
  ssh admin@192.168.1.1 # gives "Permission denied (publickey,password"
  ssh admin@192.168.1.1 -i $HOME/.ssh/id_dsa.pub # also gives "Permission denied (publickey,password"

What is the expected output? What do you see instead?
  - Login into router dropbox ssh server.
  - Instead it gives: "Permission denied (publickey,password)."

What version of the product are you using?
WL500gp-1.9.2.7-d-r2174.trx

Please provide any additional information below.
  - after reboot the firmware correctly recreated a set of 4 new files at /usr/local/root/.ssh/.
  - Before switching to WL500gp-1.9.2.7-d-* firmware I was able to login passwordless (into either Oleg's firmware, or koppel.cz 3G USB Modem patched Oleg's firmware).

Original issue reported on code.google.com by an...@e-healthexpert.org on 14 Oct 2010 at 11:33

[GoogleCodeExporter]

It works for me, you something doing wrong. Correct sequence is

On client PC
 ssh-keygen -t dsa

On router
 mkdir /tmp/local/root/.ssh
 cat $HOME/.ssh/id_dsa.pub | ssh admin@192.168.1.1 "cat - >> /usr/local/root/.ssh/authorized_keys"
 chmod 0600 /usr/local/root/.ssh/authorized_keys
 flashfs save && flashfs commit

ssh -o PasswordAuthentication=no -i $HOME/.ssh/id_dsa admin@192.168.1.1

Original comment by lly.dev on 14 Oct 2010 at 1:31

• Changed state: Invalid
• Added labels: Type-Support
• Removed labels: Type-Defect

[GoogleCodeExporter]

I tried again, this time from an Ubuntu 10.10 machine:
 1. In the Ubuntu machine: rm -fr ~/.ssh ; mkdir ~/.ssh ; ssh-keygen -t dsa
 2. cat $HOME/.ssh/id_dsa.pub | ssh -o PreferredAuthentications=password admin@192.168.1.1 "cat - > /tmp/local/root/.ssh/authorized_keys"
 3. ssh -o PreferredAuthentications=password admin@192.168.1.1 and check that all is ok, save, commit, reboot ...
 4. ssh -o PreferredAuthentications=publickey admin@192.168.1.1
Result: Permission denied (publickey,password).

Tried with a twin router, but this one still with the Oleg/koppel.cz firmware: 
the same procedure gives a clean publickey login at first attempt.

There must be something else. This WL500gp-1.9.2.7-d firmware must be assuming 
some kind of ssh configuration from the connecting computer, or some previous 
specific configuration made at the web interface.

Original comment by an...@e-healthexpert.org on 17 Oct 2010 at 11:57

[GoogleCodeExporter]

Sorry, I can't reproduce problem.

It might be some dropbear or your desktop issue.

Original comment by lly.dev on 17 Oct 2010 at 1:05

[GoogleCodeExporter]

It is working now.

It did need a "Restore" at "System Setup -> Factory Default".
After that, by following the above described procedure I was able to do a 
publickey login again.

Your firmware feels stable and fast and the web gui is more logical than the 
older "oleg+koppel.cz" firmware that I was used to.

Congratulations and keep up the good work!

Original comment by an...@e-healthexpert.org on 17 Oct 2010 at 4:31

[GoogleCodeExporter]

Thanks for the great response, it's very important to us.

Original comment by v...@orient-96.ru on 17 Oct 2010 at 4:51

[GoogleCodeExporter]

You are very welcome.

BTW, this is the one line command that I am now using to send the ssh key to 
the router:
  cat ~/.ssh/id_dsa.pub | ssh -o PreferredAuthentications=password admin@192.168.1.1 "cat - >authorized_keys;chmod 0600 authorized_keys;mkdir /tmp/local/root/.ssh;mv authorized_keys /tmp/local/root/.ssh/authorized_keys;/sbin/flashfs save && /sbin/flashfs commit"

After that, to access the router it is just a matter of issuing a:
  ssh admin@192.168.1.1

Original comment by an...@e-healthexpert.org on 21 Oct 2010 at 10:40