Hi guys,

Do you know where do I have to save my ssh keys to be able to connect to a NanoStation or PowerStation without having to type any password?

Thanks

Hello Kawa,

I'm asking my software engineer to jump in here.

Thanks,

Mike

Hi again guys.

Did you find any solution to the problem of how to store the authorized keys on the AirOS 3.2 firmware?

Thanks in advance.

All sshd (dropbear) keys are sitting in /etc/persistent/ directory.

All sshd (dropbear) keys are sitting in /etc/persistent/ directory.
Seems dropbear doesn't find authorized_keys in /etc/persistent, but search this file in $HOME/.ssh/. The $HOME of root (/) is not writable.
So you have to change the $HOME of root to /tmp, create /tmp/.ssh and copy authorized_keys to /tmp/.ssh.
You can do that in /etc/persistent/rc.poststart :


#!/bin/sh
if [ -f /etc/persistent/authorized_keys ]; then
sed -ie 's/inistrator:.*:\/bin\/sh/inistrator:\/tmp\/:\/bin\/sh/' /etc/passwd
mkdir -p /tmp/.ssh
cp /etc/persistent/authorized_keys /tmp/.ssh
fi


Copy your public key in /etc/persistent/authorized_keys

Save and reboot

cfgmtd -w -p /etc/
/sbin/reboot


It's running like that for me on AirOS 3.2.

marc_dilasser is absolutely right that / is not writable but there is a key in system.cfg that allows to specify home directory for the user:

users.<idx>.homedir=<home_direcotry>

default is /

Homedir key is available from v3.2.

So
users.1.homedir=/etc/persistent
in system.cfg and
/etc/persistent/.ssh/authorized_keys file should help there without any /etc/persistent/rc.poststart custom script.

I think we can reconfigure ssh to search for authorized_keys directly in /etc/persistent like it is doing with dropbear_dss_host_key and dropbear_rsa_host_key but it could be a problem with multi-user access.

marc_dilasser is absolutely right that / is not writable but there is a key in system.cfg that allows to specify home directory for the user:

users.<idx>.homedir=<home_direcotry>

default is /

Homedir key is available from v3.2.
...


Thanks for the key homedir, usefull for me.

Marc

Thank you very much guys.

I'll try all this later this evening...

Thank you guys. Everything is working right now.

I used the homedir aproach and everything is running smootly.

Hey Guys,

When i try to change my home directory to "/etc/persistent" on my NanoStation5, i get the following error when trying to connect trough ssh after the save/reboot:

ubnt@192.168.1.20's password:
[273] Oct 21 22:04:38 exit after auth (ubnt): error changing directory
Connection to 192.168.1.20 closed.

I copied over the "users.1.homedir=/etc/persistent" line exactly into my system.cfg
After it failed the first time i restored the facotry defaults and then tried again, but no luck.

Im running the following firmware version: XS5.ar2313.v3.2.2.3891.081021.

Thx in advance for any help,

Tim.

Its solved already, had to change my user to something other then root or ubnt.

Thx anyways,

Tim.

Thanks for the update Tim.

Mike

Hello

I got still problem with auth using public key

I done already :
on my comp:
michal@michal-HP530:~$ sudo su root
root@michal-HP530:/home/michal# ssh-keygen -t dsa
Your public key has been saved in /root/.ssh/id_dsa.pub


on NS2 XS2.ar2316.v3.6.4703.101129.1107:
mkdir -p /etc/persistent/.ssh
scp ~/.ssh/id_dsa.pub ubnt@10.1.0.103:/etc/persistent/.ssh/authorized_keys

added to /tmp/system.cfg on NS2:
users.1.homedir=/etc/persistent
users.1.name=ubnt
users.1.password=VvpvCwhccFv6Q
users.1.status=enabled

then:
cfgmtd -w -p /etc/
reboot

after that i got:
[307] Nov 29 11:12:26 exit after auth (ubnt): error changing directory
Connection to 10.1.0.103 closed.