I spent some times to figure it out as I had to generate an RSA key to make it work…
Is there a dropbear parameter we can modify to accept modern ed25519 keys ? I am surprised it is not done by default.
It is like support for ed25519 was supported since 2022.82 released April 1, 2022. Version shipped to Teltonika is quite old 2020.81 released Oct 29, 2020…
If someone from Teltonika is monitoring this forum, I think this would be a good idea to update to keep security high, it seems that some CVEs had been fixed with recent versions…
On a side note, if I select Password (or both) instead of Key I am never proposed password but keep forcing key authentication. (I am using root@)
In fact the option PasswordAuth 'no' always stay to no
Regarding the forced key SSH authentication, could you provide more details about your setup? I haven’t been able to replicate this behavior when only the Password authentication type is selected, as it should allow password-based login in this scenario.
When I tried with ed25519 key it is not working, and I spent quite some time to figure out that it was the issue.
root@trb500:~# dropbear -V
Dropbear v2020.81
Seems to confirm that so how firmware 07.04.3 could support ed25519 as dropbear is still on an old version where ed25519 is not supported ?
For Password only, when I select Administration → Access Control → SSH (Edit)-> Authentication type → Password, I only got offered publickey, which is confirmed by
config dropbear
option PasswordAuth 'no'
This should switch to ‘yes’, I see that `option RootPasswordAuth ‘1’ is changed from 0 to 1, which should allow it…
Anyway, the password authentication is just something I noticed as I was not able to login with ed25519, it is not something I will activate on production anyway
I’ve tested an ed25519 SSH key connection to the TRB500 from an Ubuntu user (using WSL) and can confirm that it works correctly. Could you let us know from which device or operating system you’re trying to connect to your TRB500?
Here are a few key steps to ensure a smooth connection with an ed25519 key:
Ensure that your generated ed25519 public key (from the device you’re using to connect to the TRB500) is properly copied into the TRB500’s /etc/dropbear/authorized_keys file.
Additionally, paste the same public key in System → Administration → Access Control → SSH → Edit Public Keys on the TRB500’s web interface.
As for password-only authentication, when you select this option, it should enable the PasswordAuth parameter in Dropbear’s configuration. You can confirm this in /etc/config/dropbear, where option PasswordAuth should be set to 'on'.
If the parameter is still shown as 'no', then try factory resetting the device and seeing if the same issue persists.
Let me know if you have any further questions or encounter issues.
Thanks for your reply, sorry for my late response, and at the end I ended-up to factory reset and now both are working fine !
No related to this specifically, but it seems that dropbear doesn’t allow to store private key with encryption… and I don’t feel very secure to keep one private key unencrypted on the TRB500 (I am using it as a hop to connect to another linux host).
Do you have an idea ?
As an alternative I was thinking about encrypting it with GPG but I can’t find the package in the Package Manager, is there a place to manually download and upload it ?