what is dropbear_ed25519_host_key in the ssh folder?
johnvpr opened this issue · 2 comments
Found this file in my ssh folder:
what is this file?
Thanks
It's the host key generated by the ssh server. It's used to validate communication with clients.
I was able to ssh into the camera just fine before this file showed up, but now I'm getting permission denied errors. I can't seem to find how to generate a public key using dropbear? Advice would be appreciated.
For prosperity's sake (and assuming this actually works)
I had to install dropbear on my pc and then spent an hour figuring out how to generate a public key with dropbear
dropbearkey -t ed25519 -f /media/../WYZA/wz_mini/etc/ssh/dropbear_ed25519_host_key -y >> /media/../WYZA/wz_mini/etc/ssh/authorized_keys
Except I'm guessing I need to remove the Public key portion is: and Fingerprint: sha1!! lines in the authorized keys file.
Why the hell am I doing any of this? I don't understand the utility of creating new key that disables the original key that you have to jump through all of these hoops just to get working again. Can't dropbear just use the original SSH key? Or if not, automatically populate the public key to be placed on my machine so I'm not having to do.... this. I've had to swap my microsd card back and forth 12 times. I'll live, but..... why is it like this?
Nope. Didn't work. Feeling frustrated.
Here's what phind has to say on the subject:
how do I make a public ssh key for dropbear_ed25519_host_key
Answer | Phind V9 Model
To generate a public SSH key for dropbear_ed25519_host_key, you would follow these steps:
Generate a new Ed25519 key pair using the ssh-keygen utility. The -t option specifies the type of key to create, and in this case, you want an Ed25519 key. Here is the command you would use:
ssh-keygen -t ed25519
After running this command, you will be prompted to provide a file path where the key should be stored. If you press enter without typing anything, the key will be saved in the default location (~/.ssh/id_ed25519). You will also be asked to enter a passphrase for the key, but you can just press enter to skip this step and create a key without a passphrase 5.
Once the key pair is generated, you can find the public key in the .pub file at the same location. For example, if you chose the default location, the public key will be located at ~/.ssh/id_ed25519.pub.
Now, you need to copy this public key to the dropbear_ed25519_host_key file. You can do this with the cp command:
cp ~/.ssh/id_ed25519.pub /path/to/dropbear_ed25519_host_key
Replace /path/to/ with the actual path where the dropbear_ed25519_host_key file is located.
Please note that the exact location of the dropbear_ed25519_host_key file depends on your specific setup and configuration.
Remember to always keep your private key (~/.ssh/id_ed25519) secret and secure.
Sources
1
favicon-openwrt.orgopenwrt.org > docs > guide-user > security > dropbear.public-key.auth
[OpenWrt Wiki] Dropbear key-based authentication
User guide Security Dropbear key-based authentication Dropbear key-based authentication This article relies on the following: Accessing web interface / command-..
2
favicon-forum.openwrt.orgforum.openwrt.org > t > solved-dropbear-and-ed25519-keys-resolved-in-21-02 > 23539
[SOLVED] Dropbear and ed25519 keys - Resolved in 21.02
+1289 -946 rugk August 21, 2020, 9:38am 6 Yeah, awesome! Also looking for that and dropbear even in OpenWRT 19.07 does not seem to support..
3
favicon-serverfault.comserverfault.com > questions > 910973 > how-to-set-up-authorized-keys-for-dropbear-local-to-openssh-remote
ssh - How to set up authorized keys for dropbear local to openssh ...
How to set up authorized keys for dropbear local to openssh remote..
4
favicon-superuser.comsuperuser.com > questions > 1716768 > ssh-with-dropbear-permission-denied-publickey
SSH with Dropbear: "Permission denied (publickey)"
on my server, and then running the following command on my client machine from a different network: ssh -o "HostKeyAlgorithms ssh-rsa" -p root@ -vvv,..
5
favicon-www.unixtutorial.orgwww.unixtutorial.org > how-to-generate-ed25519-ssh-key
How To Generate ed25519 SSH Key - Unix Tutorial
Here’s the command to generate an ed25519 SSH key: greys@mcfly:~ $ ssh-keygen -t ed25519 -C "gleb@reys.net" Generating public/private ed25519 key pair...
that replaces the host key.
Answer | Phind V9 Model
Creating a public SSH key for dropbear_ed25519_host_key involves generating a new Ed25519 key pair and then converting it to a format that Dropbear can understand. Here's how you can do it:
First, generate a new Ed25519 key pair using the ssh-keygen utility. The -t option specifies the type of key to create, and in this case, you want an Ed25519 key. Run the following command:
ssh-keygen -t ed25519
After running this command, you will be prompted to provide a file path where the key should be stored. If you press enter without typing anything, the key will be saved in the default location (~/.ssh/id_ed25519). You will also be asked to enter a passphrase for the key, but you can just press enter to skip this step and create a key without a passphrase 2.
Convert the newly generated OpenSSH key to a format that Dropbear can understand. This can be done using the dropbearconvert utility. Run the following commands:
convert the OpenSSH key to PEM format
ssh-keygen -p -f ~/.ssh/id_ed25519 -m pem
convert the PEM key to Dropbear format
dropbearconvert openssh dropbear ~/.ssh/id_ed25519 dropbear_ed25519_host_key
These commands first convert the OpenSSH key to PEM format, and then convert the PEM key to Dropbear format 3.
Now, you have a new dropbear_ed25519_host_key file that you can use. Remember to securely store your private key (~/.ssh/id_ed25519), and distribute the dropbear_ed25519_host_key file to clients that need to connect to your server.
Sources
1
favicon-forum.openwrt.orgforum.openwrt.org > t > solved-dropbear-and-ed25519-keys-resolved-in-21-02 > 23539
[SOLVED] Dropbear and ed25519 keys - Resolved in 21.02
No, it's not possible. dropbear itself doesn't support ed25519 keys. I think long term plan is to support them but I guess it wasn't a..
2
favicon-serverfault.comserverfault.com > questions > 910973 > how-to-set-up-authorized-keys-for-dropbear-local-to-openssh-remote
ssh - How to set up authorized keys for dropbear local ... - Server Fault
How to set up authorized keys for dropbear local to openssh remote..
3
favicon-www.snbforums.comwww.snbforums.com > threads > replace-dropbear-ssh-with-openssh.84590
Replace Dropbear SSH with OpenSSH. | SNBForums
#1 Has anyone replaced the built in Dropbear SSH with OpenSSH? I would like to do this because of this bug that still has not..
4
favicon-stackoverflow.comstackoverflow.com > questions > 65876442 > how-to-connect-ssh-key-and-fix-bad-configuration-option-ssh-ed25519
How to connect SSH Key and fix bad configuration option ssh-ed25519?
Luckily, there’s a simple enough fix: just add the IgnoreUnknown directive into .ssh/config right above the " UseKeychain yes ", and it will be ignored..
5
favicon-stackoverflow.comstackoverflow.com > questions > 70766337 > git-bash-shows-me-the-ed25519-key-instead-of-the-rsa-key-fingerprint
Git bash shows me the ed25519 key instead of the rsa key fingerprint
- ED25519 key fingerprint is... This is not related to your id_rsa / id_rsa.pub key pair. It is related to the remote host ( github.com)..
this is a terrible way of doing this
Answer | Phind V9 Model
Apologies for the confusion earlier. If you want to generate a public SSH key specifically for dropbear_ed25519_host_key, you can use the dropbearkey utility that comes with Dropbear. Here's how:
Use the dropbearkey utility to generate a new Ed25519 key pair. The -t option specifies the type of key to create, and -f specifies the file name for the key. Run the following command:
dropbearkey -t ed25519 -f ~/.ssh/dropbear_ed25519_host_key
This command will generate a new Ed25519 key pair and save it to the ~/.ssh/dropbear_ed25519_host_key file 1.
Now, you can extract the public key from the private key file using the -y option of dropbearkey:
dropbearkey -y -f ~/.ssh/dropbear_ed25519_host_key > ~/.ssh/dropbear_ed25519_host_key.pub
This command will write the public key to the ~/.ssh/dropbear_ed25519_host_key.pub file 3.
Remember to replace ~/.ssh/dropbear_ed25519_host_key with the actual path where you want to store the private key. Always keep your private key secret and secure.
I can't be the only person having this problem. And it would do a lot to reaffirm my faith in some kind of teleology in the universe to know there's a reason for whatever this is, that it was done intentionally for great reasons I just don't quite understand yet.