Dropbear

From Gentoo Wiki
Jump to:navigation Jump to:search

Dropbear is a lightweight SSH server. It runs on a variety of POSIX-based platforms.

Installation

USE flags

USE flags for net-misc/dropbear Small SSH 2 client/server designed for small memory environments

+shadow Enable shadow password support
+syslog Enable support for syslog
+test-async Enable tests using dev-python/asyncssh
bsdpty Add support for legacy BSD pty's rather than dynamic UNIX pty's -- do not use this flag unless you are absolutely sure you actually want it
legacy-ciphers Enable support for deprecated, soon-to-be-dropped DSA keys. See https://marc.info/?l=openssh-unix-dev>m=170494903207436>w=2.
minimal Install a very minimal build (disables, for example, plugins, fonts, most drivers, non-critical features)
multicall Build all the programs as one little binary (to save space)
pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
savedconfig Use this to restore your config from /etc/portage/savedconfig ${CATEGORY}/${PN}. Make sure your USE flags allow for appropriate dependencies
static !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
verify-sig Verify upstream signatures on distfiles
zlib Add support for zlib compression
Data provided by the Gentoo Package Database · Last update: 2025-04-13 20:25 More information about USE flags

Emerge

root #emerge --ask net-misc/dropbear

Configuration

For manual and help use following command:

user $dropbear -h

The listed running options can be used below to configure the /etc/conf.d/dropbear daemon.

Server

Files

Edit /etc/conf.d/dropbear - Global (system wide) configuration file for the SSH daemon. Add at least the -w parameter to the configuration file file to disable root login while running dropbear daemon.

FILE /etc/conf.d/dropbearDisable Root logins via SSH
# /etc/conf.d/dropbear: config file for /etc/init.d/dropbear

# -w disables root logins
# -p changes the TCP port number to listen on, default TCP port 22
DROPBEAR_OPTS="-w"

Assigning a different TCP port number -p to f.e.: 2222 at the beginning, saves the possible default port assingment collision, when running OpenSSH on the same system.

FILE /etc/conf.d/dropbearDisable Root logins via SSH, run on port 2222
# /etc/conf.d/dropbear: config file for /etc/init.d/dropbear

# -w disables root logins
# -p changes the TCP port number to listen to 2222
DROPBEAR_OPTS="-w -p 2222"
OpenRC
root #rc-update add dropbear default
root #/etc/init.d/dropbear start
systemd

Client

Usage

Client

The SSH client software to open a SSH session to target node, is called dbclient.

user $dbclient -h

To open a SSH session to a target node use following command. In example below it is shown how to login using larry username, to gentoo.org server, running the SSH service on TCP port 2222.

user $dbclient larry@gentoo.org/2222

Troubleshooting

Verify the used TCP ports bound to a running dropbaer daemon:

root #ss -tulpen | egrep 'Net|drop'
Netid State  Recv-Q Send-Q   Local Address:Port Peer Address:PortProcess
tcp   LISTEN 0      1000           0.0.0.0:2222      0.0.0.0:*    users:(("dropbear",pid=32739,fd=4)) ino:55966 sk:1004 <->
tcp   LISTEN 0      0              0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=9680,fd=3)) ino:27008 sk:81b26748                                                      
tcp   LISTEN 0      1000              [::]:2222         [::]:*    users:(("dropbear",pid=32739,fd=5)) ino:55967 sk:1005 v6only:1 <->

Showing dropbear runs on port 2222, on all local interfaces, using IPv4 0.0.0.0 and IPv6 [::].

Removal

root #emerge --ask --depclean --verbose net-misc/dropbear

See also

  • OpenSSH — the ubiquitous tool for logging into and working on remote machines securely.
Retrieved from "https://wiki.gentoo.org/index.php?title=Dropbear&oldid=1272913"