Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
dbclient(1)		    General Commands Manual		   dbclient(1)

       dbclient	- lightweight SSH client

       dbclient	 [flag	arguments] [-p port] [-i id] [-L l:h:p]	[-R l:h:p] [-l
       user] host [more	flags] [command]

       dbclient	[args] [user1]@host1[^port1],[user2]@host2[^port2],...

       dbclient	is a small SSH client

	      A	command	to run on the remote host. This	will normally  be  run
	      by the remote host using the user's shell. The command begins at
	      the first	hyphen argument	after the host argument. If no command
	      is  specified an interactive terminal will be opened (see	-t and

       -p port
	      Connect to port on the remote host. Alternatively	a port can  be
	      specified	as hostname^port.  Default is 22.

       -i idfile
	      Identity file.  Read the identity	key from file idfile (multiple
	      allowed).	This file is created with dropbearkey(1) or  converted
	      from   OpenSSH   with   dropbearconvert(1).   The	 default  path
	      ~/.ssh/id_dropbear is used

       -L [listenaddress]:listenport:host:port
	      Local port forwarding.  Forward the port listenport on the local
	      host through the SSH connection to port port on the host host.

       -R [listenaddress]:listenport:host:port
	      Remote  port forwarding.	Forward	the port listenport on the re-
	      mote host	through	the SSH	connection to port port	 on  the  host

       -l user
	      Username.	 Login as user on the remote host.

       -t     Allocate a PTY. This is the default when no command is given, it
	      gives a full interactive remote session. The main	effect is that
	      keystrokes  are  sent  remotely  immediately as opposed to local
	      line-based editing.

       -T     Don't allocate a PTY. This is the	default	a  command  is	given.
	      See -t.

       -N     Don't  request  a	 remote	shell or run any commands. Any command
	      arguments	are ignored.

       -f     Fork into	the background after authentication. A	command	 argu-
	      ment  (or	 -N)  is required.  This is useful when	using password

       -g     Allow non-local hosts to connect to forwarded ports. Applies  to
	      -L  and -R forwarded ports, though remote	connections to -R for-
	      warded ports may be limited by the ssh server.

       -y     Always accept hostkeys if	they are unknown. If  a	 hostkey  mis-
	      match occurs the connection will abort as	normal.	If specified a
	      second time no host key checking is performed at	all,  this  is
	      usually undesirable.

       -A     Forward  agent connections to the	remote host. dbclient will use
	      any OpenSSH-style	agent  program	if  available  ($SSH_AUTH_SOCK
	      will  be set) for	public key authentication.  Forwarding is only
	      enabled if -A is specified.

       -W windowsize
	      Specify the per-channel receive window buffer  size.  Increasing
	      this  may	 improve  network performance at the expense of	memory
	      use. Use -h to see the default buffer size.

       -K timeout_seconds
	      Ensure that traffic is transmitted at a certain interval in sec-
	      onds.  This  is  useful  for working around firewalls or routers
	      that drop	connections after a certain period of inactivity.  The
	      trade-off	 is  that a session may	be closed if there is a	tempo-
	      rary lapse of network connectivity.  A  setting  if  0  disables
	      keepalives.  If  no  response  is	 received  for	3  consecutive
	      keepalives the connection	will be	closed.

       -I idle_timeout
	      Disconnect the session if	no traffic is transmitted or  received
	      for idle_timeout seconds.

       -J proxy_command

       -J _fd
	      Use  the	standard  input/output	of  the	 program proxy_command
	      rather than using	a normal TCP connection. A hostname should  be
	      still be provided, as this is used for comparing saved hostkeys.
	      This command will	be executed as "exec proxy_command  ..."  with
	      the default shell.

	      The  second form &fd will	make dbclient use the numeric file de-
	      scriptor as a socket. This can be	used  for  more	 complex  tun-
	      nelling scenarios. Example usage with socat is

	      socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.exam-

       -B endhost:endport
	      "Netcat-alike" mode, where Dropbear will connect	to  the	 given
	      host,  then  create a forwarded connection to endhost. This will
	      then be presented	as dbclient's standard input/output.

       -c cipherlist
	      Specify a	comma separated	list of	ciphers	to enable. Use -c help
	      to list possibilities.

       -m MAClist
	      Specify a	comma separated	list of	authentication MACs to enable.
	      Use -m help to list possibilities.

       -o option
	      Can be used to give options in the format	used by	OpenSSH	config
	      file.  This  is useful for specifying options for	which there is
	      no separate command-line flag.  For full details of the  options
	      listed below, and	their possible values, see ssh_config(5).  The
	      following	options	have currently been implemented:

		     Specifies whether dbclient	should terminate  the  connec-
		     tion  if  it cannot set up	all requested local and	remote
		     port forwardings. The argument must  be  ayesa  or	 anoa.
		     The default is anoa.

		     Send  dbclient  log  messages  to	syslog	in addition to

       -s     The specified command will be requested as a subsystem, used for
	      sftp.  Dropbear  doesn't	implement  sftp	itself but the OpenSSH
	      sftp client can be used eg sftp -S dbclient user@host

       -b [address][:port]
	      Bind to a	specific local address when connecting to  the	remote
	      host.  This  can be used to choose from multiple outgoing	inter-
	      faces. Either address or port (or	both) can be given.

       -V     Print the	version

       Dropbear	will also allow	multiple "hops"	to be specified, separated  by
       commas.	In this	case a connection will be made to the first host, then
       a TCP forwarded connection will be made	through	 that  to  the	second
       host,  and  so  on. Hosts other than the	final destination will not see
       anything	other than the encrypted SSH stream.  A	port for a host	can be
       specified with a	caret (eg matt@martello^44 ).  This syntax can also be
       used with scp or	rsync (specifying dbclient as the ssh/rsh command).  A
       file can	be "bounced" through multiple SSH hops,	eg

       scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump	.

       Note  that  hostnames are resolved by the prior hop (so "canyons" would
       be resolved by the host "wrt") in the example above, the	 same  way  as
       other  -L  TCP forwarded	hosts are. Host	keys are checked locally based
       on the given hostname.

       Typing a	newline	followed by the	 key sequence  ~.  (tilde,  dot)  will
       terminate  a  connection.   The sequence	~^Z (tilde, ctrl-z) will back-
       ground the connection. This behaviour only applies when a PTY is	used.

	      A	password to use	for remote authentication can be specified  in
	      the environment variable DROPBEAR_PASSWORD. Care should be taken
	      that the password	is not exposed to other	users on a  multi-user
	      system, or stored	in accessible files.

	      dbclient	can use	an external program to request a password from
	      a	user.  SSH_ASKPASS should be set to the	path of	a program that
	      will  return  a  password	 on standard output. This program will
	      only be used if either DISPLAY is	set and	standard input is  not
	      a	TTY, or	the environment	variable SSH_ASKPASS_ALWAYS is set.

       If  compiled  with zlib support and if the server supports it, dbclient
       will always use compression.

       Matt Johnston (
       Mihnea Stoenescu	wrote initial Dropbear client support
       Gerrit Pape ( wrote this manual	page.

       dropbear(8), dropbearkey(1)



Want to link to this manual page? Use this URL:

home | help