GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  DROPBEAR (8)

NAME

dropbear - lightweight SSH server

CONTENTS

Synopsis
Description
Options
Files
Environment Variables
Notes
Author
See Also

SYNOPSIS

dropbear [flag arguments] [-b banner] [-r hostkeyfile] [-p [address:]port]

DESCRIPTION

dropbear is a small SSH server

OPTIONS

-b banner
  bannerfile. Display the contents of the file banner before user login (default: none).
-r hostkey
  Use the contents of the file hostkey for the SSH hostkey. This file is generated with dropbearkey(1) or automatically with the ’-R’ option. See "Host Key Files" below.
-R Generate hostkeys automatically. See "Host Key Files" below.
-F Don’t fork into background.
-E Log to standard error rather than syslog.
-m Don’t display the message of the day on login.
-w Disallow root logins.
-s Disable password logins.
-g Disable password logins for root.
-j Disable local port forwarding.
-k Disable remote port forwarding.
-p [address:]port
  Listen on specified address and TCP port. If just a port is given listen on all addresses. up to 10 can be specified (default 22 if none specified).
-i Service program mode. Use this option to run dropbear under TCP/IP servers like inetd, tcpsvd, or tcpserver. In program mode the -F option is implied, and -p options are ignored.
-P pidfile
  Specify a pidfile to create when running as a daemon. If not specified, the default is /var/run/dropbear.pid
-a Allow remote hosts to connect to forwarded ports.
-W windowsize
  Specify the per-channel receive window buffer size. Increasing this may improve network performance at the expense of memory use. Use -h to see the default buffer size.
-K timeout_seconds
  Ensure that traffic is transmitted at a certain interval in seconds. This is useful for working around firewalls or routers that drop connections after a certain period of inactivity. The trade-off is that a session may be closed if there is a temporary lapse of network connectivity. A setting if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
-I idle_timeout
  Disconnect the session if no traffic is transmitted or received for idle_timeout seconds.
-V Print the version

FILES

Authorized Keys
 

~/.ssh/authorized_keys can be set up to allow remote login with a RSA, ECDSA, or DSS key. Each line is of the form

[restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
 

and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored). Restrictions are comma separated, with double quotes around spaces in arguments. Available restrictions are:

no-port-forwarding
  Don’t allow port forwarding for this connection

no-agent-forwarding
  Don’t allow agent forwarding for this connection

no-X11-forwarding
  Don’t allow X11 forwarding for this connection

no-pty Disable PTY allocation. Note that a user can still obtain most of the same functionality with other means even if no-pty is set.

command= forced_command
  Disregard the command provided by the user and always run forced_command.

The authorized_keys file and its containing ~/.ssh directory must only be writable by the user, otherwise Dropbear will not allow a login using public key authentication.

Host Key Files
 

Host key files are read at startup from a standard location, by default /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and /etc/dropbear/dropbear_ecdsa_host_key or specified on the commandline with -r. These are of the form generated by dropbearkey. The -R option can be used to automatically generate keys in the default location - keys will be generated after startup when the first connection is established. This had the benefit that the system /dev/urandom random number source has a better chance of being securely seeded.

Message Of The Day
 

By default the file /etc/motd will be printed for any login shell (unless disabled at compile-time). This can also be disabled per-user by creating a file ~/.hushlogin .

ENVIRONMENT VARIABLES

Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.

The variables below are set for sessions as appropriate.

SSH_TTY
  This is set to the allocated TTY if a PTY was used.

SSH_CONNECTION
  Contains "<remote_ip> <remote_port> <local_ip> <local_port>".

DISPLAY
  Set X11 forwarding is used.

SSH_ORIGINAL_COMMAND
  If a ’command=’ authorized_keys option was used, the original command is specified in this variable. If a shell was requested this is set to an empty value.

SSH_AUTH_SOCK
  Set to a forwarded ssh-agent connection.

NOTES

Dropbear only supports SSH protocol version 2.

AUTHOR

Matt Johnston (matt@ucc.asn.au).
Gerrit Pape (pape@smarden.org) wrote this manual page.

SEE ALSO

dropbearkey(1), dbclient(1), dropbearconvert(1)

https://matt.ucc.asn.au/dropbear/dropbear.html

Search for    or go to Top of page |  Section 8 |  Main Index


DROPBEAR (8) -->

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.