Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
dropbear(8)		    System Manager's Manual		   dropbear(8)

NAME
       dropbear	- lightweight SSH server

SYNOPSIS
       dropbear	 [flag	arguments]  [-b	 banner]  [-r  hostkeyfile]  [-p  [ad-
       dress:]port]

DESCRIPTION
       dropbear	is a small SSH server

OPTIONS
       -b banner
	      bannerfile.  Display the contents	of the file banner before user
	      login (default: none).

       -r hostkey
	      Use  the contents	of the file hostkey for	the SSH	hostkey.  This
	      file is generated	with dropbearkey(1) or automatically with  the
	      '-R' option. See "Host Key Files"	below.

       -R     Generate hostkeys	automatically. See "Host Key Files" below.

       -F     Don't fork into background.

       -E     Log to standard error rather than	syslog.

       -m     Don't display the	message	of the day on login.

       -w     Disallow root logins.

       -s     Disable password logins.

       -g     Disable password logins for root.

       -j     Disable local port forwarding.

       -k     Disable remote port forwarding.

       -p [address:]port
	      Listen  on  specified  address  and TCP port.  If	just a port is
	      given listen on all addresses.  up to 10 can be  specified  (de-
	      fault 22 if none specified).

       -i     Service  program	mode.	Use  this option to run	dropbear under
	      TCP/IP servers like inetd, tcpsvd,  or  tcpserver.   In  program
	      mode the -F option is implied, and -p options are	ignored.

       -P pidfile
	      Specify  a  pidfile  to  create when running as a	daemon.	If not
	      specified, the default is	/var/run/dropbear.pid

       -a     Allow remote hosts to connect to forwarded ports.

       -W windowsize
	      Specify the per-channel receive window buffer  size.  Increasing
	      this  may	 improve  network performance at the expense of	memory
	      use. Use -h to see the default buffer size.

       -K timeout_seconds
	      Ensure that traffic is transmitted at a certain interval in sec-
	      onds.  This  is  useful  for working around firewalls or routers
	      that drop	connections after a certain period of inactivity.  The
	      trade-off	 is  that a session may	be closed if there is a	tempo-
	      rary lapse of network connectivity.  A  setting  if  0  disables
	      keepalives.  If  no  response  is	 received  for	3  consecutive
	      keepalives the connection	will be	closed.

       -I idle_timeout
	      Disconnect the session if	no traffic is transmitted or  received
	      for idle_timeout seconds.

       -V     Print the	version

FILES
       Authorized Keys

	      ~/.ssh/authorized_keys  can be set up to allow remote login with
	      a	RSA, ECDSA, or DSS key.	Each line is of	the form

       [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp...	[comment]

	      and can be extracted from	 a  Dropbear  private  host  key  with
	      "dropbearkey  -y".  This	is the same format as used by OpenSSH,
	      though the restrictions are a subset (keys with unknown restric-
	      tions are	ignored).  Restrictions	are comma separated, with dou-
	      ble quotes around	spaces in arguments.   Available  restrictions
	      are:

       no-port-forwarding
	      Don't allow port forwarding for this connection

       no-agent-forwarding
	      Don't allow agent	forwarding for this connection

       no-X11-forwarding
	      Don't allow X11 forwarding for this connection

       no-pty Disable  PTY  allocation.	Note that a user can still obtain most
	      of the same functionality	with other means  even	if  no-pty  is
	      set.

       command="forced_command"
	      Disregard	 the  command  provided	 by  the  user	and always run
	      forced_command.

	      The authorized_keys file and  its	 containing  ~/.ssh  directory
	      must  only  be writable by the user, otherwise Dropbear will not
	      allow a login using public key authentication.

       Host Key	Files

	      Host key files are read at startup from a	standard location,  by
	      default /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/drop-
	      bear_rsa_host_key, and /etc/dropbear/dropbear_ecdsa_host_key  or
	      specified	on the commandline with	-r. These are of the form gen-
	      erated by	dropbearkey. The -R option can be  used	 to  automati-
	      cally  generate keys in the default location - keys will be gen-
	      erated after startup when	the first connection  is  established.
	      This  had	the benefit that the system /dev/urandom random	number
	      source has a better chance of being securely seeded.

       Message Of The Day

	      By default the file /etc/motd will  be  printed  for  any	 login
	      shell  (unless  disabled at compile-time). This can also be dis-
	      abled per-user by	creating a file	~/.hushlogin .

ENVIRONMENT VARIABLES
       Dropbear	sets the standard variables USER, LOGNAME, HOME, SHELL,	 PATH,
       and TERM.

       The variables below are set for sessions	as appropriate.

       SSH_TTY
	      This is set to the allocated TTY if a PTY	was used.

       SSH_CONNECTION
	      Contains "<remote_ip> <remote_port> <local_ip> <local_port>".

       DISPLAY
	      Set X11 forwarding is used.

       SSH_ORIGINAL_COMMAND
	      If  a  'command='	 authorized_keys option	was used, the original
	      command is specified in this variable. If	a shell	was  requested
	      this is set to an	empty value.

       SSH_AUTH_SOCK
	      Set to a forwarded ssh-agent connection.

NOTES
       Dropbear	only supports SSH protocol version 2.

AUTHOR
       Matt Johnston (matt@ucc.asn.au).
       Gerrit Pape (pape@smarden.org) wrote this manual	page.

SEE ALSO
       dropbearkey(1), dbclient(1), dropbearconvert(1)

       https://matt.ucc.asn.au/dropbear/dropbear.html

								   dropbear(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | ENVIRONMENT VARIABLES | NOTES | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=dropbear&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help