How to get Openwrt boxes to scp to each other in a mesh topology?
Seems like this online documentation thing is catching on. My site is specially catered for people like me, who find it a huge challenge to pick up this Openwrt thingy. No dummies guide online, and it is really tough to search for solutions. 😦 I usually spend a damn long time trying to figure out some basic stuff that most experts know. Hence, this motivates my series of Dummy’s guide! We must always contribute back to the Opensource community yeah? 🙂 I am gonna be building a business on Opensource software soon.
But that’s not the point that I want to illustrate here. The topic is on: How do we automate scp on Linksys WRT54G (running on Openwrt) such that they can send each other files periodically without the troublesome need of entering the stupid passwords.
*I developed this solution because I needed to set up an experimental testbed that has 5 routers in a string topology and 4 routers are supposed to be sending a log file out every 10 minutes to router 1. I needed to automate this process so that I can leave the routers to their own antics and let them do what they need to do.
Let me list down my sources and acknowledge them first:
1. Openwrt WRT HOWTO – This teaches us how to SSH from a desktop to our wrt54g routers without entering a password.
2. Forum Posting – This teaches us how to SSH from a wrt54g router to our desktops without entering a password.
So what’s so special about my solution? It’s how to SSH (Since scp uses SSH so if you solve the ssh issue, scp is an autopilot kinda thing) from a WRT54G router to ANOTHER WRT54G router.
What do you do?
- Follow forum posting. Type:
dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key | grep ssh-rsa > /tmp/dropbear_rsa_host_key.pub (take note, some people's dropbear directory might be located differently. A tip is to use find -name 'dropbear' in the /dir
- The next step is to copy the /tmp/dropbear_rsa_host_key.pub to the other boxes’ authorized keys file
scp /tmp/dropbear_rsa_host_key.pub <other_box_ip>:/etc/dropbear/authorized_keys
- After this, you can simply ssh/scp in to the other box! But you need some special parameters:
ssh -i /etc/dropbear/dropbear_rsa_host_key root@<the_other_box_ip_address>
If I am not wrong, the idea is that you generate a key with your local machine based on your own host key as of step 1. Put that generated key on the host machine. Then when you 2 try to establish a connection, ie step 3, you pass over your host key (step 3, the -i portion) then the other guy who is being connected to will take your host key and check against the generated key that you placed on it (in step2). So the lock and unlocking action occurs and yay! You don’t have to put a password in already!
This is just a very surface understanding of what’s going on. I am not encryption expert or know much about ssh. But surface fixes that makes life easier for everyone! 😀
With regards to my own experimental setup (just in case some pple want to follow what I’m doing), I am planning for router 1, which is supposedly the server to hold all the 4 other keys of the other routers so that they can scp to it without entering passwords. This I have not done yet but I will be doing it in a bit.
As for automating the process, I am planning to set up cron jobs to just call step 3 from each router at a stipulated interval. I will be documenting that in a little bit. Very soon in fact, cause I have to get this final year project up and running. Ok, enough of mindless ramblings. Hope this article helps!
Once again, the bimbotic geek signing off!