Colibri-iMX6ULL_Reference-Minimal-Image-Tezi doesn't accept ed25519 keys?

summerfranks · October 3, 2022, 8:57pm

Why do we need an RSA key to log in instead of ed25519? Also there is no /etc/ssh folder and systemctl returns “Unit sshd.service could not be found.”…

debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: Remote protocol version 2.0, remote software version dropbear_2019.78
debug1: no match: dropbear_2019.78
debug1: Authenticating to 192.168.1.223:22 as ‘summer’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zH7VzWNiZ+C/S3tNKMgAGNKlruC2M
debug1: Host ‘192.168.1.223’ is known and matches the RSA host key.
debug1: Found key in /home/summer/.ssh/known_hosts:56
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/summer/.ssh/id_ed25519 ED25519 SHA256:uKRMlN/ocTgTWgldFl+FbaaT3goQPaIzFXF8 agent
debug1: Will attempt key: /home/summer/.ssh/id_rsa RSA SHA256:lsFnYpLsYQdFzmkbmMhp8uAlH1quM6lIog agent
debug1: Will attempt key: /home/summer/.ssh/id_dsa
debug1: Will attempt key: /home/summer/.ssh/id_ecdsa
debug1: Will attempt key: /home/summer/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/summer/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/summer/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/summer/.ssh/id_ed25519 ED25519 SHA256:uKZ1RMlN/ocTgTgldFl+Fba3goQPaIzFXF8 agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/summer/.ssh/id_rsa RSA SHA256:lsSpLsYQdFzs0HimMhp8uAlH1quM6lIog agent
debug1: Server accepts key: /home/summer/.ssh/id_rsa RSA SHA256:lsFnY9izs0Hi5Dmkbm8uAlH1quM6lIog agent
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.223 ([192.168.1.223]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

hfranco.tx · October 4, 2022, 12:56pm

Hi @summerfranks,

Our minimal images use Dropbear SSH instead of OpenSSH. Dropbear is open source and very small, it’s largely used in systems with limited hardware.

Please run

# systemctl status dropbear.socket

in your board to check the status of the service.

Running

# dropbear --help

in your Colibri, you will get all the available options:

Dropbear server v2019.78 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile   Display the contents of bannerfile before user login
                (default: none)
-r keyfile  Specify hostkeys (repeatable)
                defaults:
                dss /etc/dropbear/dropbear_dss_host_key
                rsa /etc/dropbear/dropbear_rsa_host_key
                ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-R              Create hostkeys as required
-F              Don't fork into background
-E              Log to stderr rather than syslog
-w              Disallow root logins
-G              Restrict logins to members of specified group
-s              Disable password logins
-g              Disable password logins for root
-B              Allow blank password logins
-T              Maximum authentication tries (default 10)
-j              Disable local port forwarding
-k              Disable remote port forwarding
-a              Allow connections to forwarded ports from any host
-c command      Force executed command
-p [address:]port
                Listen on specified tcp port (and optionally address),
                up to 10 can be specified
                (default port is 22 if none specified)
-P PidFile      Create pid file PidFile
                (default /var/run/dropbear.pid)
-i              Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version

Apparently there is support for ECDSA keys inside /etc/dropbear/dropbear_ecdsa_host_key. Could you please try it and check if it works?

Best Regards,
Hiago.