1dropbear(8)                 System Manager's Manual                dropbear(8)
2
3
4

NAME

6       dropbear - lightweight SSH server
7

SYNOPSIS

9       dropbear   [flag   arguments]   [-b   banner]   [-r   hostkeyfile]  [-p
10       [address:]port]
11

DESCRIPTION

13       dropbear is a small SSH server
14

OPTIONS

16       -b banner
17              bannerfile.  Display the contents of the file banner before user
18              login (default: none).
19
20       -r hostkey
21              Use  the contents of the file hostkey for the SSH hostkey.  This
22              file is generated with dropbearkey(1) or automatically with  the
23              '-R' option. See "Host Key Files" below.
24
25       -R     Generate hostkeys automatically. See "Host Key Files" below.
26
27       -F     Don't fork into background.
28
29       -E     Log to standard error rather than syslog.
30
31       -m     Don't display the message of the day on login.
32
33       -w     Disallow root logins.
34
35       -s     Disable password logins.
36
37       -g     Disable password logins for root.
38
39       -j     Disable local port forwarding.
40
41       -k     Disable remote port forwarding.
42
43       -p [address:]port
44              Listen  on  specified  address  and TCP port.  If just a port is
45              given listen on all  addresses.   up  to  10  can  be  specified
46              (default 22 if none specified).
47
48       -i     Service  program  mode.   Use  this option to run dropbear under
49              TCP/IP servers like inetd, tcpsvd,  or  tcpserver.   In  program
50              mode the -F option is implied, and -p options are ignored.
51
52       -P pidfile
53              Specify  a  pidfile  to  create when running as a daemon. If not
54              specified, the default is /var/run/dropbear.pid
55
56       -a     Allow remote hosts to connect to forwarded ports.
57
58       -W windowsize
59              Specify the per-channel receive window buffer  size.  Increasing
60              this  may  improve  network performance at the expense of memory
61              use. Use -h to see the default buffer size.
62
63       -K timeout_seconds
64              Ensure that traffic is transmitted at a certain interval in sec‐
65              onds.  This  is  useful  for working around firewalls or routers
66              that drop connections after a certain period of inactivity.  The
67              trade-off  is  that a session may be closed if there is a tempo‐
68              rary lapse of network connectivity.  A  setting  if  0  disables
69              keepalives.  If  no  response  is  received  for  3  consecutive
70              keepalives the connection will be closed.
71
72       -I idle_timeout
73              Disconnect the session if no traffic is transmitted or  received
74              for idle_timeout seconds.
75
76       -T max_authentication_attempts
77              Set  the  number  of authentication attempts allowed per connec‐
78              tion. If unspecified the default is 10 (MAX_AUTH_TRIES)
79
80       -c forced_command
81              Disregard the command  provided  by  the  user  and  always  run
82              forced_command. This also overrides any authorized_keys command=
83              option.
84
85       -V     Print the version
86
87

FILES

89       Authorized Keys
90
91              ~/.ssh/authorized_keys can be set up to allow remote login  with
92              a RSA, ECDSA, Ed25519 or DSS key. Each line is of the form
93
94       [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
95
96              and  can  be  extracted  from  a  Dropbear private host key with
97              "dropbearkey -y". This is the same format as  used  by  OpenSSH,
98              though the restrictions are a subset (keys with unknown restric‐
99              tions are ignored).  Restrictions are comma separated, with dou‐
100              ble  quotes  around spaces in arguments.  Available restrictions
101              are:
102
103
104       no-port-forwarding
105              Don't allow port forwarding for this connection
106
107
108       no-agent-forwarding
109              Don't allow agent forwarding for this connection
110
111
112       no-X11-forwarding
113              Don't allow X11 forwarding for this connection
114
115
116       no-pty Disable PTY allocation. Note that a user can still  obtain  most
117              of  the  same  functionality  with other means even if no-pty is
118              set.
119
120
121       command="forced_command"
122              Disregard the command  provided  by  the  user  and  always  run
123              forced_command.  The -c command line option overrides this.
124
125              The  authorized_keys  file  and  its containing ~/.ssh directory
126              must only be writable by the user, otherwise Dropbear  will  not
127              allow a login using public key authentication.
128
129
130       Host Key Files
131
132              Host  key files are read at startup from a standard location, by
133              default /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/drop‐
134              bear_rsa_host_key,   /etc/dropbear/dropbear_ecdsa_host_key   and
135              /etc/dropbear/dropbear_ed25519_host_key
136
137              If the -r command line option is specified the default files are
138              not  loaded.   Host key files are of the form generated by drop‐
139              bearkey.  The -R option can be used  to  automatically  generate
140              keys  in  the  default  location  - keys will be generated after
141              startup when the first connection is established. This  had  the
142              benefit  that the system /dev/urandom random number source has a
143              better chance of being securely seeded.
144
145
146       Message Of The Day
147
148              By default the file /etc/motd will  be  printed  for  any  login
149              shell  (unless  disabled at compile-time). This can also be dis‐
150              abled per-user by creating a file ~/.hushlogin .
151
152

ENVIRONMENT VARIABLES

154       Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL,  PATH,
155       and TERM.
156
157       The variables below are set for sessions as appropriate.
158
159
160       SSH_TTY
161              This is set to the allocated TTY if a PTY was used.
162
163
164       SSH_CONNECTION
165              Contains "<remote_ip> <remote_port> <local_ip> <local_port>".
166
167
168       DISPLAY
169              Set X11 forwarding is used.
170
171
172       SSH_ORIGINAL_COMMAND
173              If  a  'command='  authorized_keys option was used, the original
174              command is specified in this variable. If a shell was  requested
175              this is set to an empty value.
176
177
178       SSH_AUTH_SOCK
179              Set to a forwarded ssh-agent connection.
180
181

NOTES

183       Dropbear only supports SSH protocol version 2.
184
185

AUTHOR

187       Matt Johnston (matt@ucc.asn.au).
188       Gerrit Pape (pape@smarden.org) wrote this manual page.
189

SEE ALSO

191       dropbearkey(1), dbclient(1), dropbearconvert(1)
192
193       https://matt.ucc.asn.au/dropbear/dropbear.html
194
195
196
197                                                                   dropbear(8)
Impressum