SSHD
What is SSH? - Developed by SSH Communications Security Ltd., Secure Shell is a program to log into the linksys router while providing strong authentication and secure communications over insecure channels. (ie the internet).
 svadministrationsshd.jpg |
How to Setup SSH Public Keys Via Putty
Here's how you can get public-key based ssh access to your WRT54G:
- Get
PuTTY - Get PuTTYgen
- Run PuTTYgen, select SSH2 RSA at parameters, 1024 bits. Press generate, it will create a public/private key pair from your mouse movements.
- Change comment to username@hostname, this step is not necessary but I believe it simplifies the login because putty will use username as default login. I put root@unknown.
- Save both keys to files but DON'T close PuTTYgen yet. Select everything in the field Public key for pasting into OpenSSH authorized_keys2 file and copy it into clipboard.
Open WRT54G management page, enable SSHD and paste the key into the Authorized Keys-field.
- Note: You can enable pwd login at this point if you like, it does not appear to interfere with public key login and gives you the possibility to login with a password from unknown hosts.
Time to run PuTTY! Enter IP adress of your router under host name, switch Protocol to SSH, under Connection->Auto-login username to root and MOST
- IMPORTANT: point Connection->SSH->Auth->Private key file for authentication to the file you saved your private key in.
Since you don't want PuTTY to forget all this stuff you finally put some profile name (e.g. WRT54G) below Session->Saved Sessions and press Save.
- The moment of truth: press Open in PuTTY and cross your fingers. If you did everything right and I didn't explain it wrong, you should get directly to a shell after getting the message Code:
Using username "root". Authenticating with public key "root@unknown"
followed by a MOTD.
How to Setup SSH Public Keys Via Unix
- Install OpenSSH on your system, note that this is NOT the same as SSH.com's ssh client and it will generate keys that do not play nice with the router
- Run the following command ssh-keygen -t rsa
Sample Output: Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): tutorial Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in tutorial. Your public key has been saved in tutorial.pub. The key fingerprint is: b0:ea:8c:27:d8:04:88:45:39:aa:2e:4b:20:71:3d:8a root@sombrero
- My key saved to the current directory that I was in when I ran ssh-keygen, which happens to be /root/.ssh2/tutorial. If you did not specify a place to save the key it will be in /root/.ssh/id_rsa as evidenced by the path in parenthesis above. cat the public key like this: /root/.ssh2/tutorial.pub (note the .pub extension)
sombrero .ssh2 # cat tutorial.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2eGrJIqvdStAEgowqwMtEUjW4T0c6+JmD17HO3E0/LfpwnfafJYeKPVXbsgYzbVnjXNy7op5YjaO2mQRjqLYbe66AE2A1g+v/UlfT8Z7Ak6GUvMxWcphPTRaRAsJMEVxIK/Z/CsZX9rpuS7duVVKC+R9Cb0r5ZNOpL4USQfxqAE= root@sombrero
- It should come out as one long line like that, thats how the sveasoft firmware likes it, nice and long, all in one line. Copy the entire output from the cat, and paste it into the autorized keys section.
- Now, fire up your ssh client like this.
ssh 192.168.1.1 -l root -i tutorial
- Note that we are specifying the private key with the -i option, and root as the user we want to log in as with the -l option.
- Note If you chose to password protect your key, you will now be prompted for that password, enter it, and you'll be logged into your router via SSH.
Advanced
- To connect SSH from the WAN interface, map any port to router-ip: port 22.
- To utilize SSH password authentication, you must enable password authentication and reboot the router... then you may log in with username root and your router password that is set from the web interface.
- Router Shell Documentation - Busybox
Note that a router password change will only be reflected in the SSH daemon after a reboot