1dbclient(1) General Commands Manual dbclient(1)
2
6 dbclient - lightweight SSH client
7
9 dbclient [flag arguments] [-p port] [-i id] [-L l:h:p] [-R l:h:p] [-l
10 user] host [more flags] [command]
11 dbclient [args] [user1]@host1[^port1],[user2]@host2[^port2],...
13
16 dbclient is a small SSH client
17
19 command
20 A command to run on the remote host. This will normally
21 be run by the remote host using the user's shell. The
22 command begins at the first hyphen argument after the
23 host argument. If no command is specified an interactive
24 terminal will be opened (see -t and -T).
25 -p port
27 Connect to port on the remote host. Alternatively a port
28 can be specified as hostname^port. Default is 22.
29 -i idfile
31 Identity file. Read the identity key from file idfile
32 (multiple allowed). This file is created with dropbear‐
33 key(1) or converted from OpenSSH with dropbearconvert(1).
34 The default path ~/.ssh/id_dropbear is used
35 -L [listenaddress]:listenport:host:port
37 Local port forwarding. Forward the port listenport on
38 the local host through the SSH connection to port port on
39 the host host.
40 -R [listenaddress]:listenport:host:port
42 Remote port forwarding. Forward the port listenport on
43 the remote host through the SSH connection to port port
44 on the host host.
45 -l user
47 Username. Login as user on the remote host.
48 -t Allocate a PTY. This is the default when no command is
50 given, it gives a full interactive remote session. The
51 main effect is that keystrokes are sent remotely immedi‐
52 ately as opposed to local line-based editing.
53 -T Don't allocate a PTY. This is the default a command is
55 given. See -t.
56 -N Don't request a remote shell or run any commands. Any
58 command arguments are ignored.
59 -f Fork into the background after authentication. A command
61 argument (or -N) is required. This is useful when using
62 password authentication.
63 -g Allow non-local hosts to connect to forwarded ports.
65 Applies to -L and -R forwarded ports, though remote con‐
66 nections to -R forwarded ports may be limited by the ssh
67 server.
68 -y Always accept hostkeys if they are unknown. If a hostkey
70 mismatch occurs the connection will abort as normal. If
71 specified a second time no host key checking is performed
72 at all, this is usually undesirable.
73 -A Forward agent connections to the remote host. dbclient
75 will use any OpenSSH-style agent program if available
76 ($SSH_AUTH_SOCK will be set) for public key authentica‐
77 tion. Forwarding is only enabled if -A is specified.
78 -W windowsize
80 Specify the per-channel receive window buffer size.
81 Increasing this may improve network performance at the
82 expense of memory use. Use -h to see the default buffer
83 size.
84 -K timeout_seconds
86 Ensure that traffic is transmitted at a certain interval
87 in seconds. This is useful for working around firewalls
88 or routers that drop connections after a certain period
89 of inactivity. The trade-off is that a session may be
90 closed if there is a temporary lapse of network connec‐
91 tivity. A setting if 0 disables keepalives. If no
92 response is received for 3 consecutive keepalives the
93 connection will be closed.
94 -I idle_timeout
96 Disconnect the session if no traffic is transmitted or
97 received for idle_timeout seconds.
98 -J proxy_command
101 -J &fd
103 Use the standard input/output of the program proxy_com‐
104 mand rather than using a normal TCP connection. A host‐
105 name should be still be provided, as this is used for
106 comparing saved hostkeys. This command will be executed
107 as "exec proxy_command ..." with the default shell.
108 The second form &fd will make dbclient use the numeric
110 file descriptor as a socket. This can be used for more
111 complex tunnelling scenarios. Example usage with socat is
112 socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38
114 TCP4:host.example.com:22
115 -B endhost:endport
118 "Netcat-alike" mode, where Dropbear will connect to the
119 given host, then create a forwarded connection to end‐
120 host. This will then be presented as dbclient's standard
121 input/output.
122 -c cipherlist
124 Specify a comma separated list of ciphers to enable. Use
125 -c help to list possibilities.
126 -m MAClist
128 Specify a comma separated list of authentication MACs to
129 enable. Use -m help to list possibilities.
130 -o option
132 Can be used to give options in the format used by OpenSSH
133 config file. This is useful for specifying options for
134 which there is no separate command-line flag. For full
135 details of the options listed below, and their possible
136 values, see ssh_config(5). The following options have
137 currently been implemented:
138 ExitOnForwardFailure
141 Specifies whether dbclient should terminate the
142 connection if it cannot set up all requested local
143 and remote port forwardings. The argument must be
144 “yes” or “no”. The default is “no”.
145 UseSyslog
147 Send dbclient log messages to syslog in addition
148 to stderr.
149 -s The specified command will be requested as a subsystem,
151 used for sftp. Dropbear doesn't implement sftp itself but
152 the OpenSSH sftp client can be used eg sftp -S dbclient
153 user@host
154 -b [address][:port]
156 Bind to a specific local address when connecting to the
157 remote host. This can be used to choose from multiple
158 outgoing interfaces. Either address or port (or both) can
159 be given.
160 -V Print the version
162
165 Dropbear will also allow multiple "hops" to be specified, sepa‐
166 rated by commas. In this case a connection will be made to the
167 first host, then a TCP forwarded connection will be made through
168 that to the second host, and so on. Hosts other than the final
169 destination will not see anything other than the encrypted SSH
170 stream. A port for a host can be specified with a caret (eg
171 matt@martello^44 ). This syntax can also be used with scp or
172 rsync (specifying dbclient as the ssh/rsh command). A file can
173 be "bounced" through multiple SSH hops, eg
174 scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
176 Note that hostnames are resolved by the prior hop (so "canyons"
178 would be resolved by the host "wrt") in the example above, the
179 same way as other -L TCP forwarded hosts are. Host keys are
180 checked locally based on the given hostname.
181
184 Typing a newline followed by the key sequence ~. (tilde, dot)
185 will terminate a connection. The sequence ~^Z (tilde, ctrl-z)
186 will background the connection. This behaviour only applies when
187 a PTY is used.
188
191 DROPBEAR_PASSWORD
192 A password to use for remote authentication can be speci‐
193 fied in the environment variable DROPBEAR_PASSWORD. Care
194 should be taken that the password is not exposed to other
195 users on a multi-user system, or stored in accessible
196 files.
197 SSH_ASKPASS
199 dbclient can use an external program to request a pass‐
200 word from a user. SSH_ASKPASS should be set to the path
201 of a program that will return a password on standard out‐
202 put. This program will only be used if either DISPLAY is
203 set and standard input is not a TTY, or the environment
204 variable SSH_ASKPASS_ALWAYS is set.
205
207 If compiled with zlib support and if the server supports it,
208 dbclient will always use compression.
209
212 Matt Johnston (matt@ucc.asn.au).
213 Mihnea Stoenescu wrote initial Dropbear client support
214 Gerrit Pape (pape@smarden.org) wrote this manual page.
215
217 dropbear(8), dropbearkey(1)
218 https://matt.ucc.asn.au/dropbear/dropbear.html
220 dbclient(1)