ssh, dropbear and git--not quite working well yet
ddf at sonic.net
Sat Nov 12 22:36:42 EST 2011
On Saturday 12 November 2011, Delbert Franz wrote:
> I'm using git on the Ben to bring, via git pull, some small C projects
> from my server. I do the development on my desktop, push changes to
> the server, then do a git pull vis ssh on the Ben. Works well except
> I now have to type the password on the server each time and sometimes
> it takes me a few tries with the keyboard on the Ben:(
> So I finally figured out how to generate an RSA public-private key on
> the Ben. Execute:
> dropbearkey -t rsa -f id_rsa
> This puts the private key in id_rsa and the public key is dumped to
> the console, so one has to redirect the output to a file.
> So I put the public key in the .ssh/authorized_keys file on the
> server. However, and here is the problem: So far as I know, I have to
> give the private key file name each time I invoke ssh. I was able to
> open a terminal on the server doing the following command.
> ssh -i id_rsa websrv
> I did not have to give the password. However, if the "-i id_rsa" is
> not present, I am asked the password.
> This causes a problem with git because I have not found a way to give
> the -i id_rsa and have git remember that as part of the URL for the
> remote. Further, there is apparently no place for such a string when
> I request "git pull". Git just assumes ssh once I cloned that way
> from the server.
> Unless someone can tell me what "magic" location dropbear uses to ssh
> from the Ben to some other machine on the local network or on the
> Internet, I would like to replace dropbear with openssh. It takes
> more space and probably more RAM (I hope not much more), but it should
> work the way git expects.
> However, when I try to install openssh-client, I get a file conflict
> with what dropbear has already installed. Can I just remove dropbear
> and then do the install of openssh-client and I imagine a few other
> openssh-xxx packages? Or will this break somethings so my connection
> to the network is lost? I don't think it will but I'm asking to
> avoid breaking the ability to connect.
> I would really like to just stick with dropbear if there is some way
> to have it automatically use the correct key when using ssh. So far I
> have found none.
> Thanks for any clues.
After some hours of experimentation I got dropbear to allow ssh
to a terminal on a remote machine without a password request, but not
dropbear still failed to work with git properly. Nothing I could do
seemed to prevent being asked the password with a "git clone", or "git
pull", etc. Looking at the design and purpose of Openwrt, I can see
why. It was designed to access the router from the PC using ssh.
However, I want to access the PC from the Ben--just the opposite.
So I finally bit the bullet and removed dropbear and installed
openssh-client, openssh-keygen, and openssh-server. I needed
openssh-keygen and the openssh-server and I suspect the openssh-client
as well. However, sshd is not started on boot because the opkg
install did not modify the links in /etc/rd.d. The ones for dropbear
are still there. So the opkg remove did not remove them either.
Perhaps I missed some flag in that operation. Oh, for something as
nice as aptitude in Debian! It does almost everything right, the
first time:) I will have to go into /etc/rc.d and change the links for
dropbear there so that they point to sshd.
It does not appear that sshd uses much more RAM than did dropbear.
Furthermore, it works as it should with git. I can now do "git pull"
without having to key in the password every time:)
More information about the discussion