Provided by: dropbear-bin_2019.78-2build1_amd64 bug


       dbclient - lightweight SSH client


       dbclient  [flag  arguments]  [-p  port]  [-i  id]  [-L  l:h:p]  [-R  l:h:p] [-l user] host
       [more flags] [command]

       dbclient [args] [user1]@host1[^port1],[user2]@host2[^port2],...


       dbclient is a small SSH client


              A command to run on the remote host. This will normally be run by the  remote  host
              using  the  user's shell. The command begins at the first hyphen argument after the
              host argument. If no command is specified an interactive terminal  will  be  opened
              (see -t and -T).

       -p port
              Connect  to  port  on  the  remote  host.  Alternatively a port can be specified as
              hostname^port.  Default is 22.

       -i idfile
              Identity file.  Read the identity key from file  idfile  (multiple  allowed).  This
              file   is   created   with   dropbearkey(1)   or   converted   from   OpenSSH  with
              dropbearconvert(1). The default path ~/.ssh/id_dropbear is used

       -L [listenaddress]:listenport:host:port
              Local port forwarding.  Forward the port listenport on the local host  through  the
              SSH connection to port port on the host host.

       -R [listenaddress]:listenport:host:port
              Remote port forwarding.  Forward the port listenport on the remote host through the
              SSH connection to port port on the host host.

       -l user
              Username.  Login as user on the remote host.

       -t     Allocate a PTY. This is the default when no command  is  given,  it  gives  a  full
              interactive  remote  session.  The main effect is that keystrokes are sent remotely
              immediately as opposed to local line-based editing.

       -T     Don't allocate a PTY. This is the default a command is given. See -t.

       -N     Don't request a remote shell  or  run  any  commands.  Any  command  arguments  are

       -f     Fork  into  the  background  after  authentication.  A  command argument (or -N) is
              required.  This is useful when using password authentication.

       -g     Allow non-local hosts to connect to forwarded ports. Applies to -L and -R forwarded
              ports,  though  remote  connections to -R forwarded ports may be limited by the ssh

       -y     Always accept hostkeys if they are  unknown.  If  a  hostkey  mismatch  occurs  the
              connection will abort as normal. If specified a second time no host key checking is
              performed at all, this is usually undesirable.

       -A     Forward agent connections to the remote host. dbclient will use  any  OpenSSH-style
              agent   program   if   available  ($SSH_AUTH_SOCK  will  be  set)  for  public  key
              authentication.  Forwarding is only enabled if -A is specified.

       -W windowsize
              Specify the per-channel receive window buffer size.  Increasing  this  may  improve
              network  performance at the expense of memory use. Use -h to see the default buffer

       -K timeout_seconds
              Ensure that traffic is transmitted at a certain interval in seconds. This is useful
              for  working  around  firewalls  or  routers  that drop connections after a certain
              period of inactivity. The trade-off is that a session may be closed if there  is  a
              temporary  lapse of network connectivity. A setting if 0 disables keepalives. If no
              response is received for 3 consecutive keepalives the connection will be closed.

       -I idle_timeout
              Disconnect the session if no traffic is transmitted or  received  for  idle_timeout

       -J proxy_command

       -J &fd
              Use  the  standard  input/output  of  the program proxy_command rather than using a
              normal TCP connection. A hostname should be still be provided, as this is used  for
              comparing saved hostkeys. This command will be executed as "exec proxy_command ..."
              with the default shell.

              The second form &fd will make dbclient use the numeric file descriptor as a socket.
              This can be used for more complex tunnelling scenarios. Example usage with socat is

              socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38

       -B endhost:endport
              "Netcat-alike"  mode,  where Dropbear will connect to the given host, then create a
              forwarded connection to endhost. This will then be presented as dbclient's standard

       -c cipherlist
              Specify  a  comma  separated  list  of  ciphers  to  enable.  Use  -c  help to list

       -m MAClist
              Specify a comma separated list of authentication MACs to enable.  Use  -m  help  to
              list possibilities.

       -o option
              Can  be  used  to  give  options in the format used by OpenSSH config file. This is
              useful for specifying options for which there is  no  separate  command-line  flag.
              For  full  details  of  the  options  listed  below, and their possible values, see
              ssh_config(5).  The following options have currently been implemented:

                     Specifies whether dbclient should terminate the connection if it cannot  set
                     up  all  requested  local  and remote port forwardings. The argument must be
                     “yes” or “no”.  The default is “no”.

                     Send dbclient log messages to syslog in addition to stderr.

       -s     The specified command will be requested as a subsystem,  used  for  sftp.  Dropbear
              doesn't  implement  sftp  itself but the OpenSSH sftp client can be used eg sftp -S
              dbclient user@host

       -b [address][:port]
              Bind to a specific local address when connecting to the remote host.  This  can  be
              used  to choose from multiple outgoing interfaces. Either address or port (or both)
              can be given.

       -V     Print the version


       Dropbear will also allow multiple "hops" to be specified, separated  by  commas.  In  this
       case  a connection will be made to the first host, then a TCP forwarded connection will be
       made through that to the second host, and so on. Hosts other than  the  final  destination
       will  not  see  anything  other  than  the encrypted SSH stream.  A port for a host can be
       specified with a caret (eg matt@martello^44 ).  This syntax can also be used with  scp  or
       rsync  (specifying  dbclient  as  the  ssh/rsh  command).  A file can be "bounced" through
       multiple SSH hops, eg

       scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .

       Note that hostnames are resolved by the prior hop (so "canyons" would be resolved  by  the
       host  "wrt")  in the example above, the same way as other -L TCP forwarded hosts are. Host
       keys are checked locally based on the given hostname.


       Typing a newline  followed  by  the   key  sequence  ~.  (tilde,  dot)  will  terminate  a
       connection.   The  sequence  ~^Z  (tilde,  ctrl-z)  will  background  the connection. This
       behaviour only applies when a PTY is used.


              A password to use for remote authentication can be  specified  in  the  environment
              variable  DROPBEAR_PASSWORD.  Care should be taken that the password is not exposed
              to other users on a multi-user system, or stored in accessible files.

              dbclient  can  use  an  external  program  to  request  a  password  from  a  user.
              SSH_ASKPASS  should  be set to the path of a program that will return a password on
              standard output. This program will only be  used  if  either  DISPLAY  is  set  and
              standard input is not a TTY, or the environment variable SSH_ASKPASS_ALWAYS is set.


       If  compiled  with  zlib  support  and if the server supports it, dbclient will always use


       Matt Johnston (
       Mihnea Stoenescu wrote initial Dropbear client support
       Gerrit Pape ( wrote this manual page.


       dropbear(8), dropbearkey(1)