ssh, dropbear and git--not quite working well yet

Delbert Franz ddf at sonic.net
Sat Nov 12 22:36:42 EST 2011


On Saturday 12 November 2011, Delbert Franz wrote:
> I'm using git on the Ben to bring, via git pull, some small C projects 
> from my server.  I do the development on my desktop, push changes to 
> the server, then do a git pull vis ssh on the Ben.  Works well except 
> I now have to type the password on the server each time and sometimes 
> it takes me a few tries with the keyboard on the Ben:( 
> 
> So I finally figured out how to generate an RSA public-private key on 
> the Ben.  Execute: 
> 
> dropbearkey -t rsa -f id_rsa
> 
> This puts the private key in id_rsa and the public key is dumped to 
> the console, so one has to redirect the output to a file.  
> 
> So I put the public key in the .ssh/authorized_keys file on the 
> server.  However, and here is the problem: So far as I know, I have to 
> give the private key file name each time I invoke ssh.  I was able to 
> open a terminal on the server doing the following command.  
> 
> ssh -i id_rsa websrv
> 
> I did not have to give the password.  However, if the "-i id_rsa" is 
> not present, I am asked the password.  
> 
> This causes a problem with git because I have not found a way to give 
> the -i id_rsa and have git remember that as part of the URL for the 
> remote.  Further, there is apparently no place for such a string when 
> I request "git pull".  Git just assumes ssh once I cloned that way 
> from the server. 
> 
> Unless someone can tell me what "magic" location dropbear uses to ssh 
> from the Ben to some other machine on the local network or on the 
> Internet, I would like to replace dropbear with openssh.  It takes 
> more space and probably more RAM (I hope not much more), but it should 
> work the way git expects.  
> 
> However, when I try to install openssh-client, I get a file conflict 
> with what dropbear has already installed.  Can I just remove dropbear 
> and then do the install of openssh-client and I imagine a few other 
> openssh-xxx packages?  Or will this break somethings so my connection 
> to the network is lost?  I don't think it will but I'm asking to 
> avoid breaking the ability to connect. 
> 
> I would really like to just stick with dropbear if there is some way 
> to have it automatically use the correct key when using ssh.  So far I 
> have found none.  
>  
> Thanks for any clues. 
>  
>                 Delbert

After some hours of experimentation I got dropbear to allow ssh 
to a terminal on a remote machine without a password request, but not 
dropbear still failed to work with git properly.  Nothing I could do 
seemed to prevent being asked the password with a "git clone", or "git 
pull", etc.  Looking at the design and purpose of Openwrt, I can see 
why.  It was designed to access the router from the PC using ssh.  
However, I want to access the PC from the Ben--just the opposite.  

So I finally bit the bullet and removed dropbear and installed 
openssh-client, openssh-keygen, and openssh-server.  I needed 
openssh-keygen and the openssh-server and I suspect the openssh-client 
as well.  However, sshd is not started on boot because the opkg 
install did not modify the links in /etc/rd.d.  The ones for dropbear 
are still there.  So the opkg remove did not remove them either.  
Perhaps I missed some flag in that operation.  Oh, for something as 
nice as aptitude in Debian!  It does almost everything right, the 
first time:) I will have to go into /etc/rc.d and change the links for 
dropbear there so that they point to sshd.  

It does not appear that sshd uses much more RAM than did dropbear.  
Furthermore, it works as it should with git.  I can now do "git pull" 
without having to key in the password every time:) 

                             Delbert





More information about the discussion mailing list


interactive