OpenWrtへのssh接続でrootログインを不許可とし、公開鍵認証を行う。これらをluCiを使わずにコマンドで実行する。
公開鍵の送付
公開鍵をOpenWrt機器へ送付する。
> ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.0.2.42
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/foo/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.0.2.42's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.0.2.42'"
and check to make sure that only the key(s) you wanted were added.
>公開鍵は /etc/dropbear/authorized_keys に格納される
OpenWrtでのsshサーバ設定
確認
root@openwrt:/etc/config# cat dropbear
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'
root@openwrt:/etc/config# uci show dropbear
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].RootPasswordAuth='on'
dropbear.@dropbear[0].Port='22'
root@openwrt:/etc/config# 設定
root@openwrt:/etc/config# uci set dropbear.@dropbear[0].RootPasswordAuth='off'
root@openwrt:/etc/config# uci commit dropbear
root@openwrt:/etc/config# sshdの再起動
root@openwrt:/etc/config# /etc/init.d/dropbear reload
root@openwrt:/etc/config#再度確認
root@openwrt:/etc/config# cat dropbear
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'off'
option Port '22'
root@openwrt:/etc/config# uci show dropbear
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].RootPasswordAuth='off'
dropbear.@dropbear[0].Port='22'
root@openwrt:/etc/config# 
コメント