dropbear(8)

NAME

dropbear - lightweight SSH2 server

SYNOPSIS

dropbear [-FEmwsgjki] [-b banner] [-d dsskey] [-r rsakey] [-p port]

DESCRIPTION

dropbear is a SSH 2 server designed to be small enough to be used in small memory environments, while still being functional and secure enough for general use.

OPTIONS

-b banner: bannerfile. Display the contents of the file banner before user login (default: none).
-d dsskey: dsskeyfile. Use the contents of the file dsskey for the DSS host key (default: /etc/dropbear/dropbear_dss_host_key). Note that some SSH implementations use the term "DSA" rather than "DSS", they mean the same thing. This file is generated with dropbearkey(8).
-r rsakey: rsakeyfile. Use the contents of the file rsakey for the rsa host key (default: /etc/dropbear/dropbear_rsa_host_key). This file is generated with dropbearkey(8).
-F Don't fork into background.
-E Log to standard error rather than syslog.
-m Don't display the message of the day on login.
-w Disallow root logins.
-s Disable password logins.
-g Disable password logins for root.
-j Disable local port forwarding.
-k Disable remote port forwarding.
-p [address:]port: Listen on specified address and TCP port. If just a port is given listen on all addresses. up to 10 can be specified (default 22 if none specified).
-i Service program mode. Use this option to run dropbear under: TCP/IP servers like inetd, tcpsvd, or tcpserver. In program mode the -F option is implied, and -p options are ignored.
-P pidfile: Specify a pidfile to create when running as a daemon. If not specified, the default is /var/run/dropbear.pid
-a Allow remote hosts to connect to forwarded ports.
-W windowsize: Specify the per-channel receive window buffer size. Increasing this may improve network performance at the expense of memory use. Use -h to see the default buffer size.
-K timeout_seconds: Ensure that traffic is transmitted at a certain interval in seconds. This is useful for working around firewalls or routers that drop connections after a certain period of inactivity. The trade-off is that a session may be closed if there is a temporary lapse of network connectivity. A setting if 0 disables keepalives.
-I idle_timeout: Disconnect the session if no traffic is transmitted or received for idle_timeout seconds.

FILES

Authorized Keys: ~/.ssh/authorized_keys can be set up to allow remote login with a RSA or DSS key. Each line is of the form
[restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]: and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored). Restrictions are comma separated, with double quotes around spaces in arguments. Available restrictions are:
no-port-forwarding: Don't allow port forwarding for this connection
no-agent-forwarding: Don't allow agent forwarding for this connection
no-X11-forwarding: Don't allow X11 forwarding for this connection
no-pty Disable PTY allocation. Note that a user can still obtain most: of the same functionality with other means even if no-pty is set.
command="forced_command": Disregard the command provided by the user and always run forced_command.; The authorized_keys file and its containing ~/.ssh directory must only be writable by the user, otherwise Dropbear will not allow a login using public key authentication.
Host Key Files: Host key files are read at startup from a standard location, by default /etc/dropbear/dropbear_dss_host_key and /etc/dropbear/dropbear_rsa_host_key or specified on the commandline with -d or -r. These are of the form generated by dropbearkey.
Message Of The Day: By default the file /etc/motd will be printed for any login shell (unless disabled at compile-time). This can also be disabled per-user by creating a file ~/.hushlogin .

AUTHOR

Matt Johnston (matt@ucc.asn.au).
Gerrit Pape (pape@smarden.org) wrote this manual page.

docs.sk

comprehensive documentation repository

See also