How to setup an ssh key-pair connection with a DD-WRT router in OSX

Before I even get started, I would recommend checking out this excellent post that outlines how to add additional security measures to your DD-WRT router.

Now that we’ve got that out of the way, it was actually kind of a process figuring out how to setup a public-private key pair for use with the router. I will first outline the steps in general, then cover the OSX specific steps later.

  1. Generate a key
  2. Register the key with the local machine
  3. Add the key to the remote machine
  4. Testing
  5. Setting up username specific for router
  6. Permanently add ssh key in MacOS Sierra

Generate a key

To generate a key in OSX, first open up the terminal. Then type

ssh-keygen -t rsa

It will then have you specify the filename for the key. You can just hit enter here and it will default to id_rsa. Next, it will ask for a password. Enter in whatever password you like (or you can just hit enter to not enter a password, which I don’t recommend).

At this point, your key should be generated.

Register the key with the local machine

In the terminal, navigate to wherever your key is stored. By default you can type

~/.ssh

in the terminal to navigate to where your ssh keys are stored. (Protip: in OSX and Linux, a ‘.’ before a folder or file indicates it is hidden)

If you stuck with the default filename, you should see id_rsa and id_rsa.pub. If not you should see whatever_you_named_your_file and whatever_you_named_your_file.pub

To register your key with your machine, type

ssh-add id_rsa

,replacing id_rsa as necessary.

Now, we need to register the key with your remote machine.

Add the key to the remote machine

Assuming you are still in the same directory as you were above, type

pbcopy < id_rsa.pub

which will copy the key you need to the system’s clipboard.

Paste this key in your remote machine and you should be good to go. In this case, we are referring specifically to a DD-WRT router, SO…

Login to your router’s homepage (192.168.1.1 by default) and then go to the Services tab. Within services, make sure you also have the Services sub-tab selected. From here, head on down to the Secure Shell group, and make sure you have SSHd enabled. If you do, you should see Authorized Keys. Simply paste the text you copied with pbcopy here, hit apply, and you should be good to go. (Protip: if you have done the public-private key method successfully, go ahead and disable Password Login, you don’t need it and it is a security vulnerability)

Testing

Now, from within your friendly neighborhood terminal, type

And you should be greeted by something like this

Terminal

Congratulations! You have sucessfully set up a public-private key login for your DD-WRT router!

Setting up username specific for router

It’s kind of annoying having to type

every time, isn’t it?

Go back to your .ssh folder
Make a new file called config
In this file put the following

Host 192.168.1.1
	HostName 192.168.1.1
	User root

You have now set up a default username specific to 192.168.1.1 (in other words, your default username will still be used for sshing into everything else)

Now, all you have to do is type

ssh 192.168.1.1

and you’re in! Capital!

Permanently add ssh key in MacOS Sierra

Check out my other post