Dropbear
Dropbear is a lightweight SSH server. It runs on a variety of POSIX-based platforms.
Installation
USE flags
USE flags for net-misc/dropbear Small SSH 2 client/server designed for small memory environments
+shadow
|
Enable shadow password support |
+syslog
|
Enable support for syslog |
+test-async
|
Enable tests using dev-python/asyncssh |
bsdpty
|
Add support for legacy BSD pty's rather than dynamic UNIX pty's -- do not use this flag unless you are absolutely sure you actually want it |
legacy-ciphers
|
Enable support for deprecated, soon-to-be-dropped DSA keys. See https://marc.info/?l=openssh-unix-dev>m=170494903207436>w=2. |
minimal
|
Install a very minimal build (disables, for example, plugins, fonts, most drivers, non-critical features) |
multicall
|
Build all the programs as one little binary (to save space) |
pam
|
Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip |
savedconfig
|
Use this to restore your config from /etc/portage/savedconfig ${CATEGORY}/${PN}. Make sure your USE flags allow for appropriate dependencies |
static
|
!!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically |
test
|
Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently) |
verify-sig
|
Verify upstream signatures on distfiles |
zlib
|
Add support for zlib compression |
Emerge
root #
emerge --ask net-misc/dropbear
Configuration
For manual and help use following command:
user $
dropbear -h
The listed running options can be used below to configure the /etc/conf.d/dropbear daemon.
Server
Files
Edit /etc/conf.d/dropbear - Global (system wide) configuration file for the SSH daemon. Add at least the -w
parameter to the configuration file file to disable root login while running dropbear daemon.
/etc/conf.d/dropbear
Disable Root logins via SSH# /etc/conf.d/dropbear: config file for /etc/init.d/dropbear
# -w disables root logins
# -p changes the TCP port number to listen on, default TCP port 22
DROPBEAR_OPTS="-w"
Assigning a different TCP port number -p
to f.e.: 2222 at the beginning, saves the possible default port assingment collision, when running OpenSSH on the same system.
/etc/conf.d/dropbear
Disable Root logins via SSH, run on port 2222# /etc/conf.d/dropbear: config file for /etc/init.d/dropbear
# -w disables root logins
# -p changes the TCP port number to listen to 2222
DROPBEAR_OPTS="-w -p 2222"
OpenRC
root #
rc-update add dropbear default
root #
/etc/init.d/dropbear start
systemd
Client
Usage
Client
The SSH client software to open a SSH session to target node, is called dbclient
.
user $
dbclient -h
To open a SSH session to a target node use following command. In example below it is shown how to login using larry
username, to gentoo.org
server, running the SSH service on TCP port 2222
.
user $
dbclient larry@gentoo.org/2222
Troubleshooting
Verify the used TCP ports bound to a running dropbaer daemon:
root #
ss -tulpen | egrep 'Net|drop'
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess tcp LISTEN 0 1000 0.0.0.0:2222 0.0.0.0:* users:(("dropbear",pid=32739,fd=4)) ino:55966 sk:1004 <-> tcp LISTEN 0 0 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=9680,fd=3)) ino:27008 sk:81b26748 tcp LISTEN 0 1000 [::]:2222 [::]:* users:(("dropbear",pid=32739,fd=5)) ino:55967 sk:1005 v6only:1 <->
Showing dropbear runs on port 2222
, on all local interfaces, using IPv4 0.0.0.0
and IPv6 [::]
.
Removal
root #
emerge --ask --depclean --verbose net-misc/dropbear
See also
- OpenSSH — the ubiquitous tool for logging into and working on remote machines securely.