1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH connection problem from OS X

Discussion in 'Tomato Firmware' started by GoodDoc, Dec 5, 2009.

  1. GoodDoc

    GoodDoc Addicted to LI Member

    I have a WRT54GL running Tomato v1.25. I want to make an SSH connection to my home network so that I can remotely access some services, but I can't yet make a local SSH connection to the router.

    The machine I'm attempting to connect from runs OS X 10.6.2. From a terminal session I have used the following command to generate the SSH key pair. (I've changed all the unique info)


    MacBook:~ gooddoc$ ssh-keygen -t dsa
    Generating public/private dsa key pair.
    Enter file in which to save the key (/Users/gooddoc/.ssh/id_dsa): id_dsa
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in id_dsa.
    Your public key has been saved in id_dsa.pub.
    The key fingerprint is:
    XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX gooddoc@MacBook.local


    I then copied the contents of the public key file into the 'Authorized Keys' window of the router's Admin Access page, and saved it. I then tried to make an ssh connection.


    MacBook:~ gooddoc$ ssh 192.168.1.1
    The authenticity of host '[192.168.1.1] ([192.168.1.1])' can't be established.
    RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '[192.168.1.1]' (RSA) to the list of known hosts.
    gooddoc@192.168.1.1's password:
    Permission denied, please try again.
    gooddoc@192.168.1.1's password:
    Permission denied, please try again.
    gooddoc@192.168.1.1's password:
    Permission denied (publickey,password).

    I think the problem I'm having is that there is only one account on the router, so the router is expecting the connecting user to be root@192.168.1.1 but my local machine is attempting to connect as gooddoc@192.168.1.1, and that user doesn't exist

    I can't be the first person to attempt to connect to a Tomato router from a OS X machine, but most of the on-line tutorials are using PuTTY which can connect as a root user.

    So what am I doing wrong, or how do I get OS X to attempt to connect as root.

    Any help is appreciate.
     
  2. GoodDoc

    GoodDoc Addicted to LI Member

    Forgot to add the logging details from the router

    Dec 5 18:48:37 ? authpriv.info dropbear[11633]: Child connection from 192.168.1.238:56392
    Dec 5 18:48:38 ? authpriv.info dropbear[11633]: exit before auth: Exited normally
     
  3. Planiwa

    Planiwa LI Guru Member

    ssh root@192.168.1.1
     
  4. GoodDoc

    GoodDoc Addicted to LI Member


    MacBook:~ gooddoc$ ssh root@192.168.1.1
    Permission denied (publickey).
    MacBook:~ gooddoc$


    I still think my local machine and the router aren't using matching pairs of keys.
     
  5. TexasFlood

    TexasFlood Network Guru Member

    Not sure of the correct syntax on OSX, but the syntax for my Linux Ubuntu box is:
    "ssh -l root 192.168.10.1"
    And generating an RSA key is what worked for me, saved in id_rsa and id_rsa.pub
     
  6. GoodDoc

    GoodDoc Addicted to LI Member

    ahh.. worked it out.

    I needed to specify the private key file (-i identy file) that matches the public key I copied onto the router.


    MacBook:~ gooddoc$ ssh root@192.168.1.1 -i tomato
    Identity added: tomato (tomato)


    Tomato v1.25vpn3.4


    BusyBox v1.14.0 (2009-08-12 21:56:58 CDT) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    The 'Identity added' is interesting as having logged in the first time I no longer need to to specify the private key, and now root@192.168.1.1 works
     
  7. TexasFlood

    TexasFlood Network Guru Member

    Ahh, didn't think about that. I use the "-i" parameter, but not when SSHing to the router, rather when SSHing between the routers. I have 4 routers set up right now, one main and 3 WDS remotes providing Ethernet ports in remote parts of the house. I find it convenient to be able to run a script on my main router that can execute commands on all routers and SSH can do that so long as the key exchange is set up. Unfortunately the keys get lost when the routers are rebooted but I saved them out to a cifs share and copy them back in my init scripts. Then I just issue my command like:
    ssh -y -i /tmp/home/root/.ssh/id_rsa 192.168.1.{2-5} command
    From my main router 192.168.1.1. I also have a small script named "ss" on each router (again set up in init script) containing the single command:
    ssh -y -i /tmp/home/root/.ssh/id_rsa 192.168.1.$*
    Just cause I'm lazy and then I can run a command say on router 192.168.1.5 just type typing:
    "ss 5 {command}".
    Might be an easier way to do that but hey it works, :smile:
     

Share This Page