debian man page for dropbear

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: dropbear

OS: debian

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

dropbear(8)						      System Manager's Manual						       dropbear(8)


NAME

       dropbear - lightweight SSH2 server


SYNOPSIS

       dropbear [-FEmwsgjki] [-b banner] [-d dsskey] [-r rsakey] [-p [address:]port]


DESCRIPTION

       dropbear  is  a	SSH  2 server designed to be small enough to be used in small memory environments, while still being functional and secure
       enough for general use.


OPTIONS

       -b banner
	      bannerfile.  Display the contents of the file banner before user login (default: none).

       -d dsskey
	      dsskeyfile.  Use the contents of the file dsskey for the DSS host key  (default:	/etc/dropbear/dropbear_dss_host_key).	Note  that
	      some  SSH  implementations  use  the  term "DSA" rather than "DSS", they mean the same thing.  This file is generated with dropbear-
	      key(8).

       -r rsakey
	      rsakeyfile.  Use the contents of the file rsakey for the rsa host key (default: /etc/dropbear/dropbear_rsa_host_key).  This file	is
	      generated with dropbearkey(8).

       -F     Don't fork into background.

       -E     Log to standard error rather than syslog.

       -m     Don't display the message of the day on login.

       -w     Disallow root logins.

       -s     Disable password logins.

       -g     Disable password logins for root.

       -j     Disable local port forwarding.

       -k     Disable remote port forwarding.

       -p [address:]port
	      Listen  on  specified address and TCP port.  If just a port is given listen on all addresses.  up to 10 can be specified (default 22
	      if none specified).

       -i     Service program mode.  Use this option to run dropbear under TCP/IP servers like inetd, tcpsvd, or tcpserver.  In program  mode  the
	      -F option is implied, and -p options are ignored.

       -P pidfile
	      Specify a pidfile to create when running as a daemon. If not specified, the default is /var/run/dropbear.pid

       -a     Allow remote hosts to connect to forwarded ports.

       -W windowsize
	      Specify  the  per-channel  receive window buffer size. Increasing this may improve network performance at the expense of memory use.
	      Use -h to see the default buffer size.

       -K timeout_seconds
	      Ensure that traffic is transmitted at a certain interval in seconds. This is useful for working around  firewalls  or  routers  that
	      drop  connections  after a certain period of inactivity. The trade-off is that a session may be closed if there is a temporary lapse
	      of network connectivity. A setting if 0 disables keepalives.

       -I idle_timeout
	      Disconnect the session if no traffic is transmitted or received for idle_timeout seconds.


FILES

       Authorized Keys

	      ~/.ssh/authorized_keys can be set up to allow remote login with a RSA or DSS key. Each line is of the form

       [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]

	      and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though  the
	      restrictions are a subset (keys with unknown restrictions are ignored).  Restrictions are comma separated, with double quotes around
	      spaces in arguments.  Available restrictions are:

       no-port-forwarding
	      Don't allow port forwarding for this connection

       no-agent-forwarding
	      Don't allow agent forwarding for this connection

       no-X11-forwarding
	      Don't allow X11 forwarding for this connection

       no-pty Disable PTY allocation. Note that a user can still obtain most of the same functionality with other means even if no-pty is set.

       command="forced_command"
	      Disregard the command provided by the user and always run forced_command.

	      The authorized_keys file and its containing ~/.ssh directory must only be writable by the user, otherwise Dropbear will not allow  a
	      login using public key authentication.

       Host Key Files

	      Host  key files are read at startup from a standard location, by default /etc/dropbear/dropbear_dss_host_key and /etc/dropbear/drop-
	      bear_rsa_host_key or specified on the commandline with -d or -r. These are of the form generated by dropbearkey.

       Message Of The Day

	      By default the file /etc/motd will be printed for any login shell (unless disabled at compile-time). This can also be disabled  per-
	      user by creating a file ~/.hushlogin .


ENVIRONMENT VARIABLES

       Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.

       The variables below are set for sessions as appropriate.

       SSH_TTY
	      This is set to the allocated TTY if a PTY was used.

       SSH_CONNECTION
	      Contains "<remote_ip> <remote_port> <local_ip> <local_port>".

       DISPLAY
	      Set X11 forwarding is used.

       SSH_ORIGINAL_COMMAND
	      If  a  'command=' authorized_keys option was used, the original command is specified in this variable. If a shell was requested this
	      is set to an empty value.

       SSH_AUTH_SOCK
	      Set to a forwarded ssh-agent connection.


AUTHOR

       Matt Johnston (matt@ucc.asn.au).
       Gerrit Pape (pape@smarden.org) wrote this manual page.


SEE ALSO

       dropbearkey(8), dbclient(1)

       http://matt.ucc.asn.au/dropbear/dropbear.html

																       dropbear(8)
Related Man Pages
ssh-copy-id(1) - mojave
conch(1) - debian
dropbear(8) - debian
ssh-copy-id(1) - centos
config::model::models::sshd::matchelement(3pm) - debian
Similar Topics in the Unix Linux Community
JSch 0.1.37 (Default branch)
JSch 0.1.39 (Default branch)
Quick if file exist question...
'X11 forwarding' SSHD assigns already used port
JSch 0.1.41 (Default branch)