1dbclient(1) General Commands Manual dbclient(1)
2
6 dbclient - lightweight SSH client
7
9 dbclient [flag arguments] [-p port] [-i id] [-L l:h:p] [-R l:h:p] [-l
10 user] host [more flags] [command]
11 dbclient [args] [user1]@host1[^port1],[user2]@host2[^port2],...
13
16 dbclient is the client part of Dropbear SSH
17
19 command
20 A command to run on the remote host. This will normally be run
21 by the remote host using the user's shell. The command begins at
22 the first hyphen argument after the host argument. If no command
23 is specified an interactive terminal will be opened (see -t and
24 -T).
25 -p port
27 Connect to port on the remote host. Alternatively a port can be
28 specified as hostname^port. Default is 22.
29 -i idfile
31 Identity file. Read the identity key from file idfile (multiple
32 allowed). This file is created with dropbearkey(1) or converted
33 from OpenSSH with dropbearconvert(1). The default path
34 ~/.ssh/id_dropbear is used
35 -L [listenaddress]:listenport:host:port
37 Local port forwarding. Forward listenport on the local host
38 through the SSH connection to port on host.
39 -R [listenaddress]:listenport:host:port
41 Remote port forwarding. Forward listenport on the remote host
42 through the SSH connection to port on host.
43 -l user
45 Username. Login as user on the remote host. An alternative is
46 to specify user@host.
47 -t Allocate a PTY. This is the default when no command is given, it
49 gives a full interactive remote session. The main effect is that
50 keystrokes are sent remotely immediately as opposed to local
51 line-based editing.
52 -T Don't allocate a PTY. This is the default when a command is
54 given. See -t.
55 -N Don't request a remote shell or run any commands. Any command
57 arguments are ignored.
58 -f Fork into the background after authentication. A command argu‐
60 ment (or -N) is required. This is useful when using password
61 authentication.
62 -g Allow non-local hosts to connect to forwarded ports. Applies to
64 -L and -R forwarded ports, though remote connections to -R for‐
65 warded ports may be limited by the ssh server.
66 -y Always accept hostkeys if they are unknown. If a hostkey mis‐
68 match occurs the connection will abort as normal. If specified a
69 second time no host key checking is performed at all, this is
70 usually undesirable.
71 -A Forward agent connections to the remote host. dbclient will use
73 any OpenSSH-style agent program if available ($SSH_AUTH_SOCK
74 will be set) for public key authentication. Forwarding is only
75 enabled if -A is specified.
76 -W windowsize
78 Specify the per-channel receive window buffer size. Increasing
79 this may improve network performance at the expense of memory
80 use. Use -h to see the default buffer size.
81 -K timeout_seconds
83 Ensure that traffic is transmitted at a certain interval in sec‐
84 onds. This is useful for working around firewalls or routers
85 that drop connections after a certain period of inactivity. The
86 trade-off is that a session may be closed if there is a tempo‐
87 rary lapse of network connectivity. A setting if 0 disables
88 keepalives. If no response is received for 3 consecutive
89 keepalives the connection will be closed.
90 -I idle_timeout
92 Disconnect the session if no traffic is transmitted or received
93 for idle_timeout seconds.
94 -J proxy_command
97 -J &fd
99 Use the standard input/output of the program proxy_command
100 rather than using a normal TCP connection. A hostname should be
101 still be provided, as this is used for comparing saved hostkeys.
102 This command will be executed as "exec proxy_command ..." with
103 the default shell.
104 The second form &fd will make dbclient use the numeric file de‐
106 scriptor as a socket. This can be used for more complex tun‐
107 nelling scenarios. Example usage with socat is
108 socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.exam‐
110 ple.com:22
111 -B endhost:endport
114 "Netcat-alike" mode, where Dropbear will connect to the given
115 host, then create a forwarded connection to endhost. This will
116 then be presented as dbclient's standard input/output.
117 -c cipherlist
119 Specify a comma separated list of ciphers to enable. Use -c help
120 to list possibilities.
121 -m MAClist
123 Specify a comma separated list of authentication MACs to enable.
124 Use -m help to list possibilities.
125 -o option
127 Can be used to give options in the format used by OpenSSH config
128 file. This is useful for specifying options for which there is
129 no separate command-line flag. For full details of the options
130 listed below, and their possible values, see ssh_config(5). The
131 following options have currently been implemented:
132 ExitOnForwardFailure
135 Specifies whether dbclient should terminate the connec‐
136 tion if it cannot set up all requested local and remote
137 port forwardings. The argument must be "yes" or "no".
138 The default is "no".
139 UseSyslog
141 Send dbclient log messages to syslog in addition to
142 stderr.
143 Port Specify a listening port, like the -p argument.
145 -s The specified command will be requested as a subsystem, used for
147 sftp. Dropbear doesn't implement sftp itself but the OpenSSH
148 sftp client can be used eg sftp -S dbclient user@host
149 -b [address][:port]
151 Bind to a specific local address when connecting to the remote
152 host. This can be used to choose from multiple outgoing inter‐
153 faces. Either address or port (or both) can be given.
154 -V Print the version
156
159 Dropbear will also allow multiple "hops" to be specified, separated by
160 commas. In this case a connection will be made to the first host, then
161 a TCP forwarded connection will be made through that to the second
162 host, and so on. Hosts other than the final destination will not see
163 anything other than the encrypted SSH stream. A port for a host can be
164 specified with a caret (eg matt@martello^44 ). This syntax can also be
165 used with scp or rsync (specifying dbclient as the ssh/rsh command). A
166 file can be "bounced" through multiple SSH hops, eg
167 scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
169 Note that hostnames are resolved by the prior hop (so "canyons" would
171 be resolved by the host "wrt") in the example above, the same way as
172 other -L TCP forwarded hosts are. Host keys are checked locally based
173 on the given hostname.
174
177 Typing a newline followed by the key sequence ~. (tilde, dot) will
178 terminate a connection. The sequence ~^Z (tilde, ctrl-z) will back‐
179 ground the connection. This behaviour only applies when a PTY is used.
180
183 DROPBEAR_PASSWORD
184 A password to use for remote authentication can be specified in
185 the environment variable DROPBEAR_PASSWORD. Care should be taken
186 that the password is not exposed to other users on a multi-user
187 system, or stored in accessible files.
188 SSH_ASKPASS
190 dbclient can use an external program to request a password from
191 a user. SSH_ASKPASS should be set to the path of a program that
192 will return a password on standard output. This program will
193 only be used if either DISPLAY is set and standard input is not
194 a TTY, or the environment variable SSH_ASKPASS_ALWAYS is set.
195
197 If compiled with zlib support and if the server supports it, dbclient
198 will always use compression.
199
202 Matt Johnston (matt@ucc.asn.au).
203 Mihnea Stoenescu wrote initial Dropbear client support
204 Gerrit Pape (pape@smarden.org) wrote this manual page.
205
207 dropbear(8), dropbearkey(1)
208 https://matt.ucc.asn.au/dropbear/dropbear.html
210 dbclient(1)