fix(ssh): Fix dropbear authorized_keys by enforcing /etc/dropbear 700 perms

The /etc/dropbear/ directory had 775 permissions from the build host,
which caused dropbear to reject authorized_keys (SSH key auth).
Dropbear requires the directory to be 700 (not group/world-writable).

- chmod 700 /etc/dropbear in uci-defaults (belt and suspenders)
- Bump PARAHUB_BUILD to 2 (triggers OTA autoupdate)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

files/etc/uci-defaults/99-parahub-mesh

@@ -56,6 +56,8 @@ GUEST_IP="10.${GUEST_O1}.${GUEST_O2}.1"
 PRIVATE_KEY="parahub.io"
 # Shared mesh SAE key — same across all Parahub nodes for auto-peering
 MESH_KEY="ndIPclyqSn9LaCki"
+# Random root password for SSH + LuCI (unique per node)
+ROOT_PASSWORD=$(head -c 128 /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 16)
 
 mkdir -p /etc/parahub
 cat > /etc/parahub/keys <<KEYS_EOF
@@ -69,9 +71,16 @@ PRIVATE_SSID=${PRIVATE_SSID}
 PRIVATE_SUBNET=${PRIV_SUBNET}/24
 GUEST_SUBNET=${GUEST_SUBNET}/24
 NODE_MAC=${BASE_MAC}
+ROOT_PASSWORD=${ROOT_PASSWORD}
 KEYS_EOF
 chmod 600 /etc/parahub/keys
 
+# Set root password (secures SSH + LuCI)
+echo -e "${ROOT_PASSWORD}\n${ROOT_PASSWORD}" | passwd root >/dev/null 2>&1
+
+# Ensure dropbear directory has strict permissions (required for key auth)
+chmod 700 /etc/dropbear
+
 # ============================================================================
 # 4. NETWORK CONFIGURATION
 # ============================================================================

scripts/build.sh

@@ -11,7 +11,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
 
 OPENWRT_VERSION="${OPENWRT_VERSION:-25.12.0-rc4}"
-PARAHUB_BUILD="1"
+PARAHUB_BUILD="2"
 FIRMWARE_VERSION="${OPENWRT_VERSION}-ph${PARAHUB_BUILD}"
 
 # ============================================================================