Next: 3.5 Setting up network Up: 3 System guide Previous: 3.3 Using PPP dialup
SSH, or secure shell, is a protocol that allows remote logins to a machine. It uses encrypted connections and can use public key authentication instead of plain passwords. The advantage over the older telnet protocol is that nothing in an SSH session goes over the network unencrypted.
dropbear is a small SSH v2 server and client package. The server will be started on system bootup by default. It allows password and public key authentication. Public key authentication can use DSS and RSA keys and works with keys generated by the popular OpenSSH package. Putting your public key from OpenSSH into the file .ssh/authorized_keys should be enough to let you login from the machine where you keep the corresponding private key. Please note that the permissions on the .ssh directory must not include group or other write permission, otherwise dropbear will refuse public key authentication.
The SSH client program is called dbclient. It is different from the server in that it cannot use keys in OpenSSH format. You can use the dropbearconvert program to convert an OpenSSH format key for use by dbclient or you can use dropbearkey to create a new key.
To convert an OpenSSH key stored in /.ssh/id_rsa, do:
dropbearconvert openssh dropbear ~/.ssh/id\_rsa ~/.ssh/id\_rsa.db
The new key will be stored in /.ssh/id_rsa.db. You can use the -i switch to dbclient to make it use your new key for authentication. The public key part of the old OpenSSH key can be used as-is for pasting into your /.ssh/authorized_keys file. Conversion is only needed for the private key.
To create a new RSA key to store in /.ssh/id_rsa.db, you can use the following command:
dropbearkey -t rsa -f ~/.ssh/id\_rsa.db
The public key part of the new key will be printed to the screen. You can put it into the /.ssh/authorized_keys file on all machines where you want to be able to login using your new private key stored in /.ssh/id_rsa.db. You can create a DSS key instead of an RSA key by using -t dss instead of -t rsa. Should you lose the public key, you can always get it back by using the private key and the -y switch to dropbearkey:
dropbearkey -y -f ~/.ssh/id\_rsa.db
If you want to use scp to copy files from another machine, the standard scp program from OpenSSH is included with dropbear and ttylinux.