1dropbear(8)                 System Manager's Manual                dropbear(8)
2
3
4

NAME

6       dropbear - lightweight SSH2 server
7

SYNOPSIS

9       dropbear [-FEmwsgjki] [-b banner] [-d dsskey] [-r rsakey] [-p port]
10

DESCRIPTION

12       dropbear  is  a  SSH 2 server designed to be small enough to be used in
13       small memory environments, while  still  being  functional  and  secure
14       enough for general use.
15

OPTIONS

17       -b banner
18              bannerfile.  Display the contents of the file banner before user
19              login (default: none).
20
21       -d dsskey
22              dsskeyfile.  Use the contents of the file  dsskey  for  the  DSS
23              host  key  (default: /etc/dropbear/dropbear_dss_host_key).  Note
24              that some SSH implementations use the  term  "DSA"  rather  than
25              "DSS",  they  mean  the same thing.  This file is generated with
26              dropbearkey(8).
27
28       -r rsakey
29              rsakeyfile.  Use the contents of the file  rsakey  for  the  rsa
30              host  key  (default: /etc/dropbear/dropbear_rsa_host_key).  This
31              file is generated with dropbearkey(8).
32
33       -F     Don't fork into background.
34
35       -E     Log to standard error rather than syslog.
36
37       -m     Don't display the message of the day on login.
38
39       -w     Disallow root logins.
40
41       -s     Disable password logins.
42
43       -g     Disable password logins for root.
44
45       -j     Disable local port forwarding.
46
47       -k     Disable remote port forwarding.
48
49       -p [address:]port
50              Listen on specified address and TCP port.  If  just  a  port  is
51              given  listen  on  all  addresses.   up  to  10 can be specified
52              (default 22 if none specified).
53
54       -i     Service program mode.  Use this option  to  run  dropbear  under
55              TCP/IP  servers  like  inetd,  tcpsvd, or tcpserver.  In program
56              mode the -F option is implied, and -p options are ignored.
57
58       -P pidfile
59              Specify a pidfile to create when running as  a  daemon.  If  not
60              specified, the default is /var/run/dropbear.pid
61
62       -a     Allow remote hosts to connect to forwarded ports.
63
64       -W windowsize
65              Specify  the  per-channel receive window buffer size. Increasing
66              this may improve network performance at the  expense  of  memory
67              use. Use -h to see the default buffer size.
68
69       -K timeout_seconds
70              Ensure that traffic is transmitted at a certain interval in sec‐
71              onds. This is useful for working  around  firewalls  or  routers
72              that  drop connections after a certain period of inactivity. The
73              trade-off is that a session may be closed if there is  a  tempo‐
74              rary  lapse  of  network  connectivity.  A setting if 0 disables
75              keepalives.
76
77       -I idle_timeout
78              Disconnect the session if no traffic is transmitted or  received
79              for idle_timeout seconds.
80

FILES

82       Authorized Keys
83
84              ~/.ssh/authorized_keys  can be set up to allow remote login with
85              a RSA or DSS key. Each line is of the form
86
87       [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
88
89              and can be extracted from  a  Dropbear  private  host  key  with
90              "dropbearkey  -y".  This  is the same format as used by OpenSSH,
91              though the restrictions are a subset (keys with unknown restric‐
92              tions are ignored).  Restrictions are comma separated, with dou‐
93              ble quotes around spaces in arguments.   Available  restrictions
94              are:
95
96
97       no-port-forwarding
98              Don't allow port forwarding for this connection
99
100
101       no-agent-forwarding
102              Don't allow agent forwarding for this connection
103
104
105       no-X11-forwarding
106              Don't allow X11 forwarding for this connection
107
108
109       no-pty Disable  PTY  allocation. Note that a user can still obtain most
110              of the same functionality with other means  even  if  no-pty  is
111              set.
112
113
114       command="forced_command"
115              Disregard  the  command  provided  by  the  user  and always run
116              forced_command.
117
118              The authorized_keys file and  its  containing  ~/.ssh  directory
119              must  only  be writable by the user, otherwise Dropbear will not
120              allow a login using public key authentication.
121
122
123       Host Key Files
124
125              Host key files are read at startup from a standard location,  by
126              default   /etc/dropbear/dropbear_dss_host_key   and   /etc/drop‐
127              bear/dropbear_rsa_host_key or specified on the commandline  with
128              -d or -r. These are of the form generated by dropbearkey.
129
130
131       Message Of The Day
132
133              By  default  the  file  /etc/motd  will be printed for any login
134              shell (unless disabled at compile-time). This can also  be  dis‐
135              abled per-user by creating a file ~/.hushlogin .
136
137

AUTHOR

139       Matt Johnston (matt@ucc.asn.au).
140       Gerrit Pape (pape@smarden.org) wrote this manual page.
141

SEE ALSO

143       dropbearkey(8), dbclient(1)
144
145       http://matt.ucc.asn.au/dropbear/dropbear.html
146
147
148
149                                                                   dropbear(8)
Impressum