FreshTomato Wiki

User Tools

Site Tools

Trace:
router_to_router_ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
router_to_router_ssh [2021/09/22 01:44] – [Example] hogwildrouter_to_router_ssh [2023/05/23 15:23] – -condense, clarity, formatting hogwild
Line 1: Line 1:
-====== Enable Password-less” Router-to-Router SSH Encryption ======+====== Enable Password-less Router-to-Router SSH Encryption ======
  
 ===== Overview ===== ===== Overview =====
  
-FreshTomato includes [[https://matt.ucc.asn.au/dropbear/dropbear.html|Dropbear]], an SSH client/server program. Dropbear can generate KeyPair that offers password-less connections. A command is run on the primary router which generates a public key.  That Public Key must then be pasted into the secondary router’s //Authorized Keys //field, in the SSH Daemon section of the Administration/[[:admin_access|Admin Access]] menu.\\ +FreshTomato includes [[https://matt.ucc.asn.au/dropbear/dropbear.html|Dropbear]], an SSH client/server program. Dropbear can generate an encryption KeyPair that offers password-less connections. A command is run on the primary router which generates a public key.  That Public Key must then be pasted into the secondary router’s //Authorized Keys //field, in the SSH Daemon section of the [[:admin_access|Admin Access]] menu.\\  \\ This setup allows a primary router(the "SSH Client"to control secondary router (the "SSH Host"), from the command-line. 
-\\ + 
-This allows command-line management of the secondary router (or "SSH Host"from primary router(the "SSH Client"). This can be useful when the system clock is not maintained in the secondary router and time-sensitive jobs must be scheduled. For exampleas seen below, it may be useful to switch wireless radio(s) on or off to a schedule (not shown). It could also be used to run scripts on the target for any supported command.+This can be useful, for example:
  
-===== HOWTO =====+  * When the the secondary router system does not maintain its system clock, and time-sensitive jobs must be scheduled. 
 +  * For running scripts on the secondary router for any supported command. 
 +  * As seen below, for switching wireless radio(s) on or off to a schedule (not shown).
  
   - On the primary router (the one issuing SSH commands) type the command: \\ **dropbearkey -t rsa -f ~/.ssh/id_dropbear** command to generate the KeyPair. \\ This will display a result similar to that shown below. Leave this window open. \\ You will need it for step 2.   - On the primary router (the one issuing SSH commands) type the command: \\ **dropbearkey -t rsa -f ~/.ssh/id_dropbear** command to generate the KeyPair. \\ This will display a result similar to that shown below. Leave this window open. \\ You will need it for step 2.
Line 37: Line 39:
   - And here is the status display after the command is run.   - And here is the status display after the command is run.
  
-{{:pasted:20210921-152637.png}} \\  \\ If the same command is repeated, eth1 will be disabled on the primary router.+{{:pasted:20210921-152637.png}} \\  \\ If the same command is repeated, the eth1 interface will be disabled on the primary router.
  
 ===== Notes ===== ===== Notes =====
  
   * SSH must be enabled on both routers.   * SSH must be enabled on both routers.
-  * The key generated is erase after a reboot of the primary router. Either keep a copy of the id_dropbear file offline (on a flash drive, or CIFS Client share) for restoration, or be prepared to repeat the procedure (“**HOWTO**” steps 1 and 2) after a reboot [removing any redundant key from the secondary router during the process]\\ This guide was produced using [[https://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY]] [v0.76and FreshTomato v2021.5. \\ Insiration was provided by [[https://blog.michael.franzl.name/2017/09/03/set-passwordless-ssh-login-dropbear-client/|this]] article [and this process was first documented [[https://www.linksysinfo.org/index.php?threads/%E2%80%9Cpassword-less%E2%80%9D-router-to-router-ssh-how-to.76761/|here]]].+  * The key generated will be erased after a reboot of the primary router. Either keep a copy of the "id_dropbearfile offline (on a flash drive, or CIFS Client share) for restoration, or be prepared to repeat the procedure (HOWTO steps 1 and 2) after a rebootremoving any redundant key from the secondary router during the process. 
 +  * This guide was produced using [[https://www.chiark.greenend.org.uk/~sgtatham/putty/|PuTTY]] v0.76 and FreshTomato release 2021.5. 
 +  * Inspiration was provided by [[https://blog.michael.franzl.name/2017/09/03/set-passwordless-ssh-login-dropbear-client/|this]] article.  
 +  * The process was first documented [[https://www.linksysinfo.org/index.php?threads/%E2%80%9Cpassword-less%E2%80%9D-router-to-router-ssh-how-to.76761/|here]].
  
  
router_to_router_ssh.txt · Last modified: 2023/05/24 02:08 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki