NAME¶
dropbear - lightweight SSH2 server
SYNOPSIS¶
dropbear [-FEmwsgjki] [-b
banner] [-d dsskey] [-r
rsakey] [-p [address:]port]
DESCRIPTION¶
dropbear is a SSH 2 server designed to be small enough to be used in
small memory environments, while still being functional and secure enough for
general use.
OPTIONS¶
- -b banner
- bannerfile. Display the contents of the file banner
before user login (default: none).
- -d dsskey
- dsskeyfile. Use the contents of the file dsskey for
the DSS host key (default: /etc/dropbear/dropbear_dss_host_key). Note that
some SSH implementations use the term "DSA" rather than
"DSS", they mean the same thing. This file is generated with
dropbearkey(8).
- -r rsakey
- rsakeyfile. Use the contents of the file rsakey for
the rsa host key (default: /etc/dropbear/dropbear_rsa_host_key). This file
is generated with dropbearkey(8).
- -F
- Don't fork into background.
- -E
- Log to standard error rather than syslog.
- -m
- Don't display the message of the day on login.
- -w
- Disallow root logins.
- -s
- Disable password logins.
- -g
- Disable password logins for root.
- -j
- Disable local port forwarding.
- -k
- Disable remote port forwarding.
- -p [address:]port
- Listen on specified address and TCP port. If
just a port is given listen on all addresses. up to 10 can be specified
(default 22 if none specified).
- -i
- Service program mode. Use this option to run
dropbear under TCP/IP servers like inetd, tcpsvd, or tcpserver. In
program mode the -F option is implied, and -p options are ignored.
- -P pidfile
- Specify a pidfile to create when running as a daemon. If
not specified, the default is /var/run/dropbear.pid
- -a
- Allow remote hosts to connect to forwarded ports.
- -W windowsize
- Specify the per-channel receive window buffer size.
Increasing this may improve network performance at the expense of memory
use. Use -h to see the default buffer size.
- -K timeout_seconds
- Ensure that traffic is transmitted at a certain interval in
seconds. This is useful for working around firewalls or routers that drop
connections after a certain period of inactivity. The trade-off is that a
session may be closed if there is a temporary lapse of network
connectivity. A setting if 0 disables keepalives.
- -I idle_timeout
- Disconnect the session if no traffic is transmitted or
received for idle_timeout seconds.
FILES¶
- Authorized Keys
-
~/.ssh/authorized_keys can be set up to allow remote login with a RSA or DSS
key. Each line is of the form
- [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp...
[comment]
-
and can be extracted from a Dropbear private host key with "dropbearkey
-y". This is the same format as used by OpenSSH, though the
restrictions are a subset (keys with unknown restrictions are ignored).
Restrictions are comma separated, with double quotes around spaces in
arguments. Available restrictions are:
- no-port-forwarding
- Don't allow port forwarding for this connection
- no-agent-forwarding
- Don't allow agent forwarding for this connection
- no-X11-forwarding
- Don't allow X11 forwarding for this connection
- no-pty
- Disable PTY allocation. Note that a user can still obtain
most of the same functionality with other means even if no-pty is set.
- command="forced_command"
- Disregard the command provided by the user and always run
forced_command.
The authorized_keys file and its containing ~/.ssh directory must only be
writable by the user, otherwise Dropbear will not allow a login using
public key authentication.
- Host Key Files
-
Host key files are read at startup from a standard location, by default
/etc/dropbear/dropbear_dss_host_key and
/etc/dropbear/dropbear_rsa_host_key or specified on the commandline with
-d or -r. These are of the form generated by dropbearkey.
- Message Of The Day
-
By default the file /etc/motd will be printed for any login shell (unless
disabled at compile-time). This can also be disabled per-user by creating
a file ~/.hushlogin .
ENVIRONMENT VARIABLES¶
Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.
The variables below are set for sessions as appropriate.
- SSH_TTY
- This is set to the allocated TTY if a PTY was used.
- SSH_CONNECTION
- Contains "<remote_ip> <remote_port>
<local_ip> <local_port>".
- DISPLAY
- Set X11 forwarding is used.
- SSH_ORIGINAL_COMMAND
- If a 'command=' authorized_keys option was used, the
original command is specified in this variable. If a shell was requested
this is set to an empty value.
- SSH_AUTH_SOCK
- Set to a forwarded ssh-agent connection.
AUTHOR¶
Matt Johnston (matt@ucc.asn.au).
Gerrit Pape (pape@smarden.org) wrote this manual page.
SEE ALSO¶
dropbearkey(8),
dbclient(1)
http://matt.ucc.asn.au/dropbear/dropbear.html