FreshTomato Wiki

User Tools

Site Tools

Trace: router_to_router_ssh

Sidebar

freshtomato.org

Wiki

▸ About

▸ Releases

▸ Hardware compatibility

▸ 3G/4G/5G compatibility

▸ Feature matrix

▸ Documentation

▸ HOWTOs

▸ FAQ

Forum

AX

Download

Changelog

Development

Bug track

ARM

Download

Changelog

Development

Bug track

MIPS

Download

Changelog

Development

Bug track


TomatoAnon

✔️ Help (WikiText Syntax)

🧑‍🤝‍🧑 Credits

💰 Donations

router_to_router_ssh

This is an old revision of the document!

Table of Contents

Enable “Password-less” Router-to-Router SSH Encryption

Overview

FreshTomato includes Dropbear, an SSH client/server program. Dropbear can generate a KeyPair that offers password-less connections. A command is run on the primary router which generates a public key. That Public Key must then be pasted into the secondary router’s Authorized Keys field, in the SSH Daemon section of the Administration/Admin Access menu.
This allows command-line management of the secondary router (or SSH Host) from a primary router, (the SSH Client). This can be useful when the system clock is not maintained in the secondary router and time-sensitive jobs must be scheduled. For example, as seen below, it may be useful to switch wireless radio[s] on or off to a schedule (not shown). It could also be used to run scripts on the target for any supported command.

How To


01 - On the primary router [the one issuing SSH commands] run the dropbearkey -t rsa -f ~/.ssh/id_dropbear command to generate the “Key Pair”. This will display a result similar to that shown below. [Leave this window open; you will need it for step 2.]



02 - Copy+Paste the “Public Key portion” to the secondary router’s “Authorized Keys” field, as below:


[Note that a pre-existing, and unrelated, key is redacted above.]


03 - Connect to the secondary router from within an SSH session [running on the primary router]. The example below uses the nvram command to display the host name. The first command string [ssh root@192.168.10.1 nvram get lan_hostname] executes the command on the secondary router and then it is executed locally [nvram get lan_hostname].



Example

Enable/Disable the eth1 5Ghz radio on the secondary router. [Note that a temperature is shown only when the radio is *On.]


01 - Status before [Primary router].



02 - Command [ssh root@192.168.10.1 radio toggle 1] executed.



03 - Status after.


[If the same command is repeated, eth1 will be switched *Off on the primary router.]


Notes


SSH must be enabled on both routers.
The key generated is not preserved across a reboot of the [primary] router. Either keep a copy of the id_dropbear file offline [on a UFD or “CIFS Client” share] for restoration, or be prepared to repeat the procedure [steps 1 & 2 under “How To”] after a reboot [removing any redundant key from the secondary router during the process].
This guide was produced using PuTTY [v0.76] and FreshTomato v2021.5.
Insiration was provided by this article [and this process was first documented here].

router_to_router_ssh.1632246041.txt.gz · Last modified: 2021/09/21 18:40 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki