Adding a SSH key to a Broadband-Hamnet node

In my experience, having ssh key installed on your mesh node can be a real life saver.  When I flash a node the first thing I do to it when setting it up is add my ssh key to the node.  That way, I know I will always be able to get into the operating system to fix it.

A manually generated public-private key pair is used to perform the authentication, allowing users or programs to log in without having to specify a password. In this scenario, anyone can produce a matching pair of different keys (public and private). The public key is placed on all computers that must allow access to the owner of the matching private key (the owner keeps the private key secret). While authentication is based on the private key, the key itself is never transferred through the network during authentication. SSH only verifies whether the same person offering the public key also owns the matching private key. In all versions of SSH it is important to verify unknown public keys, i.e. associate the public keys with identities, before accepting them as valid. Accepting an attacker’s public key without validation will authorize an unauthorized attacker as a valid user.

So how do we go about creating a Public/Private key pair for our mesh nodes?  According the Broadband-Hamnet documentation, using a linux computer in a shell window we enter the command “ssh-keygen -t rsa” (see  This method works very well and is easy but most of us do not have a Linux computer.  We are forced to use Windows.  How do we create a key using Windows?

I have found that I can create a Public/Private Key pair using the program Putty.  If you are going to get serious about using Broadband-Hamnet, then you are going to need Putty.  The complete Putty package can be found at  I recommend you download either the or the putty-0.63-installer.exe file.  Unzip or install the package and you are ready to go.

It is now time to create your key pair.  Start the PuTTYgen.exe program. Make sure the “Type of key to generate” is set to SSH-2 RSA and the “Number of bits in a generated key” is set to 1024.  Enter a “Key comment”.  I have been using “callsign@localhost” for the Key Comment.  Enter a passphrase and click on Generate.  Move the mouse in the window to create random motion for the key generation.


The “Key Passphrase” is extremely important.  If you lose of forget your key passphrase then your only option is to create another key pair and start over.  But if you need to get into your system using ssh, then you can’t get in normally to add a new public key.  Make sure your passphrase is one you will remember or that you write it down in a secure place.  Another option is as long as you trust your private key to not be compromised, then go ahead and create your key pair without a passphrase.  If you are going to get into your node using SSH, you will have to have the correct private key and the pass phrase associated with it.

Click on the ”Save Private Key” button to save your key and make sure you note where you saved it.  Then open Notepad (Start,All Programs, Accessories, Notepad), and cut and paste the key into Notepad.


Save the file to the same location as the private key file.  I normally use “” for the public key name where xxxxxxx is the same as the name of the private key name “xxxxxxx.ppk”.  I have used and hsmm.ppk for my public and private keys.

At this point log in to your mesh node click on “setup.”  Enter root and your password to get to the setup screen and then click administration.  Scroll to the bottom of the screen.

Click one the “Choose File” button in the Authorized SSH Keys section and then click upload.  You can check that the upload took by clicking the pull down in the remove key section.


To use your new SSH key plug your laptop into the Lan port of your router and start Putty.  Enter root@localnode in the hostname field and 2222 in the port number.

Click the SSH link in the left side ane then click on “Auth.”  Then use the Browse button to select your private key.  Click on open.  The first time you connect to your router, the software will complain that the Keys are not on file.  Click yes and you will be logged in to the router


From here you are logged as root in a Linux command window and you can pretty much do anything you need to.  For example to change the password on the router use the command “setpasswd abc” to change the root password to abc.  The scope of what can be done from a command prompt is well beyond the scope of this document.