- public ssh keys must be in /etc/dropbear/authorized_keys (not the more normal ~/.ssh/authorized_keys)
- Dropbear didn't want to work with ecdsa, but did work with rsa, not sure about other types
- ansible complained failed to transfer file <...> /usr/libexec/sftp-server: not found <...>
- the fix is to install openssh-sftp-server
- next ansible complains <...> /usr/bin/python: not found - which is a fairly legit complaint given it runs on python
- return to the router and install python
- at this point, basic ansible commands work
- what fails that I was hoping to get working was retrieving a git repo via ssh: Failed to find required executable ssh-keyscan
- this file is found in in the openssh-client-utils package
- sidebar: even if this installs openssh-client, that package only includes one configuration file and ssh is still provided by dropbear
- git is now hanging on trying to check a repo out through ansible
- eventually I gave up on the git module: even with -vv on the command line, it was hanging without any useful information
- instead, I did this:
- name: check out my OpenWRT git repo locally
local_action: file path={{ local_owrt_repo }} state=directory mode=0700
local_action: git repo={{ gopenwrt_repo }} dest={{ local_owrt_repo }} accept_hostkey=yes key_file=/home/giles/.ssh/id_dsa
- name: send git copy to ansible target
synchronize: src={{ local_owrt_repo }} dest=/root/bin
- check out the repo to a local tmp directory, then rsync it to the OpenWRT router
- NOTE: this won't work until you install rsync on the OpenWRT router
- Ansible's "synchronize" module encounters a problem with OpenWRT's minimal rsync implementation: here's my fix
- the final git repo on the OpenWRT router is usable on that host: you may still need to take care of the git ssh keys