1dropbear(8)                 System Manager's Manual                dropbear(8)
2
3
4

NAME

6       dropbear - lightweight SSH server
7

SYNOPSIS

9       dropbear   [flag   arguments]   [-b   banner]   [-r   hostkeyfile]  [-p
10       [address:]port]
11

DESCRIPTION

13       dropbear is a small SSH server
14

OPTIONS

16       -b banner
17              bannerfile.  Display the contents of the file banner before user
18              login (default: none).
19
20       -r hostkey
21              Use  the contents of the file hostkey for the SSH hostkey.  This
22              file is generated with dropbearkey(1) or automatically with  the
23              '-R' option. See "Host Key Files" below.
24
25       -R     Generate hostkeys automatically. See "Host Key Files" below.
26
27       -F     Don't fork into background.
28
29       -E     Log to standard error rather than syslog.
30
31       -m     Don't display the message of the day on login.
32
33       -w     Disallow root logins.
34
35       -s     Disable password logins.
36
37       -g     Disable password logins for root.
38
39       -j     Disable local port forwarding.
40
41       -k     Disable remote port forwarding.
42
43       -p [address:]port
44              Listen  on  specified  address  and TCP port.  If just a port is
45              given listen on all  addresses.   up  to  10  can  be  specified
46              (default 22 if none specified).
47
48       -i     Service  program  mode.   Use  this option to run dropbear under
49              TCP/IP servers like inetd, tcpsvd,  or  tcpserver.   In  program
50              mode the -F option is implied, and -p options are ignored.
51
52       -P pidfile
53              Specify  a  pidfile  to  create when running as a daemon. If not
54              specified, the default is /var/run/dropbear.pid
55
56       -a     Allow remote hosts to connect to forwarded ports.
57
58       -W windowsize
59              Specify the per-channel receive window buffer  size.  Increasing
60              this  may  improve  network performance at the expense of memory
61              use. Use -h to see the default buffer size.
62
63       -K timeout_seconds
64              Ensure that traffic is transmitted at a certain interval in sec‐
65              onds.  This  is  useful  for working around firewalls or routers
66              that drop connections after a certain period of inactivity.  The
67              trade-off  is  that a session may be closed if there is a tempo‐
68              rary lapse of network connectivity.  A  setting  if  0  disables
69              keepalives.  If  no  response  is  received  for  3  consecutive
70              keepalives the connection will be closed.
71
72       -I idle_timeout
73              Disconnect the session if no traffic is transmitted or  received
74              for idle_timeout seconds.
75
76       -T max_authentication_attempts
77              Set  the  number  of authentication attempts allowed per connec‐
78              tion. If unspecified the default is 10 (MAX_AUTH_TRIES)
79
80       -c forced_command
81              Disregard the command  provided  by  the  user  and  always  run
82              forced_command. This also overrides any authorized_keys command=
83              option.
84
85       -V     Print the version
86
87

FILES

89       Authorized Keys
90
91              ~/.ssh/authorized_keys can be set up to allow remote login  with
92              a RSA, ECDSA, or DSS key. Each line is of the form
93
94       [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
95
96              and  can  be  extracted  from  a  Dropbear private host key with
97              "dropbearkey -y". This is the same format as  used  by  OpenSSH,
98              though the restrictions are a subset (keys with unknown restric‐
99              tions are ignored).  Restrictions are comma separated, with dou‐
100              ble  quotes  around spaces in arguments.  Available restrictions
101              are:
102
103
104       no-port-forwarding
105              Don't allow port forwarding for this connection
106
107
108       no-agent-forwarding
109              Don't allow agent forwarding for this connection
110
111
112       no-X11-forwarding
113              Don't allow X11 forwarding for this connection
114
115
116       no-pty Disable PTY allocation. Note that a user can still  obtain  most
117              of  the  same  functionality  with other means even if no-pty is
118              set.
119
120
121       command="forced_command"
122              Disregard the command  provided  by  the  user  and  always  run
123              forced_command.  The -c command line option overrides this.
124
125              The  authorized_keys  file  and  its containing ~/.ssh directory
126              must only be writable by the user, otherwise Dropbear  will  not
127              allow a login using public key authentication.
128
129
130       Host Key Files
131
132              Host  key files are read at startup from a standard location, by
133              default /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/drop‐
134              bear_rsa_host_key, and /etc/dropbear/dropbear_ecdsa_host_key
135
136              If the -r command line option is specified the default files are
137              not loaded.  Host key files are of the form generated  by  drop‐
138              bearkey.   The  -R  option can be used to automatically generate
139              keys in the default location -  keys  will  be  generated  after
140              startup  when  the first connection is established. This had the
141              benefit that the system /dev/urandom random number source has  a
142              better chance of being securely seeded.
143
144
145       Message Of The Day
146
147              By  default  the  file  /etc/motd  will be printed for any login
148              shell (unless disabled at compile-time). This can also  be  dis‐
149              abled per-user by creating a file ~/.hushlogin .
150
151

ENVIRONMENT VARIABLES

153       Dropbear  sets the standard variables USER, LOGNAME, HOME, SHELL, PATH,
154       and TERM.
155
156       The variables below are set for sessions as appropriate.
157
158
159       SSH_TTY
160              This is set to the allocated TTY if a PTY was used.
161
162
163       SSH_CONNECTION
164              Contains "<remote_ip> <remote_port> <local_ip> <local_port>".
165
166
167       DISPLAY
168              Set X11 forwarding is used.
169
170
171       SSH_ORIGINAL_COMMAND
172              If a 'command=' authorized_keys option was  used,  the  original
173              command  is specified in this variable. If a shell was requested
174              this is set to an empty value.
175
176
177       SSH_AUTH_SOCK
178              Set to a forwarded ssh-agent connection.
179
180

NOTES

182       Dropbear only supports SSH protocol version 2.
183
184

AUTHOR

186       Matt Johnston (matt@ucc.asn.au).
187       Gerrit Pape (pape@smarden.org) wrote this manual page.
188

SEE ALSO

190       dropbearkey(1), dbclient(1), dropbearconvert(1)
191
192       https://matt.ucc.asn.au/dropbear/dropbear.html
193
194
195
196                                                                   dropbear(8)
Impressum