Dropbear

From Gentoo Wiki
Jump to: navigation, search



Dropbear is a lightweight SSH server. It runs on a variety of POSIX-based platforms.

Installation

USE flags

USE flags for net-misc/dropbear small SSH 2 client/server designed for small memory environments

bsdpty Add support for legacy BSD pty's rather than dynamic UNIX pty's -- do not use this flag unless you are absolutely sure you actually want it
minimal Install a very minimal build (disables, for example, plugins, fonts, most drivers, non-critical features)
multicall Build all the programs as one little binary (to save space)
pam Add support for PAM (Pluggable Authentication Modules)DANGEROUS to arbitrarily flip
savedconfig Use this to restore your config from /etc/portage/savedconfig ${CATEGORY}/${PN}. Make sure your USE flags allow for appropriate dependencies
shadow Enable shadow password support
static !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
syslog Enable support for syslog
zlib Add support for zlib (de)compression

Emerge

root #emerge --ask net-misc/dropbear

Configuration

For manual and help use following command:

user $dropbear -h

Server

Files

Edit /etc/conf.d/dropbear - Global (system wide) configuration file for the SSH daemon. Add at least the -w parameter to the configuration file file to disable root login while running dropbear daemon.

FILE /etc/conf.d/dropbearDisable Root logins via SSH
# /etc/conf.d/dropbear: config file for /etc/init.d/dropbear

# -w disables root logins
# -p # changes the port number to listen on
DROPBEAR_OPTS="-w"
OpenRC
root #rc-update add dropbear default
root #/etc/init.d/dropbear start
systemd

Client

Usage

Client

The SSH client software to open a SSH session to target node, is called dbclient.

user $dbclient -h
Dropbear SSH client v2020.80 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dbclient [options] [user@]host[/port][,[user@]host/port],...] [command]
-p <remoteport>
-l <username>
-t    Allocate a pty
-T    Don't allocate a pty
-N    Don't run a remote command
-f    Run in background after auth
-y    Always accept remote host key if unknown
-y -y Don't perform any remote host key checking (caution)
-s    Request a subsystem (use by external sftp)
-o option     Set option in OpenSSH-like format ('-o help' to list options)
-i <identityfile>   (multiple allowed, default .ssh/id_dropbear)
-A    Enable agent auth forwarding
-L <[listenaddress:]listenport:remotehost:remoteport> Local port forwarding
-g    Allow remote hosts to connect to forwarded ports
-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0)
-I <idle_timeout>  (0 is never, default 0)
-B <endhost:endport> Netcat-alike forwarding
-J <proxy_program> Use program pipe rather than TCP connection
-c <cipher list> Specify preferred ciphers ('-c help' to list options)
-m <MAC list> Specify preferred MACs for packet verification (or '-m help')
-b    [bind_address][:bind_port]
-V    Version

To open a SSH session to a server use following command. In example below it is show howto login using larry username, to gentoo.org server running on TCP port 2000.

user $dbclient larry@gentoo.org/2000

Removal

root #emerge --ask --depclean --verbose net-misc/dropbear

See also

  • OpenSSH — an encrypted terminal program that replaces the classic telnet tool on Unix-like operating systems.

External resources