Provided by: dropbear-bin_2022.83-2_amd64 bug

NAME

       dbclient - lightweight SSH client

SYNOPSIS

       dbclient  [flag  arguments]  [-p  port]  [-i  id]  [-L  l:h:p]  [-R  l:h:p] [-l user] host
       [more flags] [command]

       dbclient [args] [user1]@host1[^port1],[user2]@host2[^port2],...

DESCRIPTION

       dbclient is the client part of Dropbear SSH

OPTIONS

       command
              A command to run on the remote host. This will normally be run by the  remote  host
              using  the  user's shell. The command begins at the first hyphen argument after the
              host argument. If no command is specified an interactive terminal  will  be  opened
              (see -t and -T).

       -p port
              Connect  to  port  on  the  remote  host.  Alternatively a port can be specified as
              hostname^port.  Default is 22.

       -i idfile
              Identity file.  Read the identity key from file  idfile  (multiple  allowed).  This
              file   is   created   with   dropbearkey(1)   or   converted   from   OpenSSH  with
              dropbearconvert(1). The default path ~/.ssh/id_dropbear is used

       -L [listenaddress]:listenport:host:port
              Local port forwarding.  Forward listenport  on  the  local  host  through  the  SSH
              connection to port on host.

       -R [listenaddress]:listenport:host:port
              Remote  port  forwarding.   Forward  listenport  on the remote host through the SSH
              connection to port on host.

       -l user
              Username.  Login as  user  on  the  remote  host.  An  alternative  is  to  specify
              user@host.

       -t     Allocate  a  PTY.  This  is  the  default when no command is given, it gives a full
              interactive remote session. The main effect is that keystrokes  are  sent  remotely
              immediately as opposed to local line-based editing.

       -T     Don't allocate a PTY. This is the default when a command is given. See -t.

       -N     Don't  request  a  remote  shell  or  run  any  commands. Any command arguments are
              ignored.

       -f     Fork into the background after  authentication.  A  command  argument  (or  -N)  is
              required.  This is useful when using password authentication.

       -g     Allow non-local hosts to connect to forwarded ports. Applies to -L and -R forwarded
              ports, though remote connections to -R forwarded ports may be limited  by  the  ssh
              server.

       -y     Always  accept  hostkeys  if  they  are  unknown.  If a hostkey mismatch occurs the
              connection will abort as normal. If specified a second time no host key checking is
              performed at all, this is usually undesirable.

       -A     Forward  agent  connections to the remote host. dbclient will use any OpenSSH-style
              agent  program  if  available  ($SSH_AUTH_SOCK  will  be  set)   for   public   key
              authentication.  Forwarding is only enabled if -A is specified.

              Beware  that  a forwarded agent connection will allow the remote server to have the
              same authentication credentials as you have  used  locally.  A  compromised  remote
              server could use that to log in to other servers.

              In  many  situations  Dropbear's  multi-hop  mode  is  a  better  and  more  secure
              alternative to agent forwarding, avoiding having to trust the intermediate server.

              If  the  SSH  agent  program  is  set  to  prompt  when  a  key  is  used,  the  -o
              DisableTrivialAuth option can prevent UI confusion.

       -W windowsize
              Specify  the  per-channel  receive  window buffer size. Increasing this may improve
              network performance at the expense of memory use. Use -h to see the default  buffer
              size.

       -K timeout_seconds
              Ensure that traffic is transmitted at a certain interval in seconds. This is useful
              for working around firewalls or routers  that  drop  connections  after  a  certain
              period  of  inactivity. The trade-off is that a session may be closed if there is a
              temporary lapse of network connectivity. A setting if 0 disables keepalives. If  no
              response is received for 3 consecutive keepalives the connection will be closed.

       -I idle_timeout
              Disconnect  the  session  if no traffic is transmitted or received for idle_timeout
              seconds.

       -z     By default Dropbear will send network  traffic  with  the  AF21  setting  for  QoS,
              letting  network  devices  give  it higher priority. Some devices may have problems
              with that, -z can be used to disable it.

       -J proxy_command

       -J &fd
              Use the standard input/output of the program  proxy_command  rather  than  using  a
              normal  TCP connection. A hostname should be still be provided, as this is used for
              comparing saved hostkeys. This command will be executed as "exec proxy_command ..."
              with the default shell.

              The second form &fd will make dbclient use the numeric file descriptor as a socket.
              This can be used for more complex tunnelling scenarios. Example usage with socat is

              socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.example.com:22

       -B endhost:endport
              "Netcat-alike" mode, where Dropbear will connect to the given host, then  create  a
              forwarded connection to endhost. This will then be presented as dbclient's standard
              input/output.

       -c cipherlist
              Specify a comma  separated  list  of  ciphers  to  enable.  Use  -c  help  to  list
              possibilities.

       -m MAClist
              Specify  a  comma  separated  list of authentication MACs to enable. Use -m help to
              list possibilities.

       -o option
              Can be used to give options in the format used by  OpenSSH  config  file.  This  is
              useful  for  specifying  options  for which there is no separate command-line flag.
              For full details of the options  listed  below,  and  their  possible  values,  see
              ssh_config(5).  The following options have currently been implemented:

              ExitOnForwardFailure
                     Specifies  whether dbclient should terminate the connection if it cannot set
                     up all requested local and remote port forwardings.  The  argument  must  be
                     "yes" or "no".  The default is "no".

              UseSyslog
                     Send dbclient log messages to syslog in addition to stderr.

              Port   Specify a listening port, like the -p argument.

              DisableTrivialAuth
                     Disallow  a  server  immediately  giving  successful authentication (without
                     presenting any password/pubkey prompt).  This avoids a  UI  confusion  issue
                     where it may appear that the user is accepting a SSH agent prompt from their
                     local machine, but are actually accepting a prompt sent immediately  by  the
                     remote server.

       -s     The  specified  command  will  be requested as a subsystem, used for sftp. Dropbear
              doesn't implement sftp itself but the OpenSSH sftp client can be used  eg  sftp  -S
              dbclient user@host

       -b [address][:port]
              Bind  to  a  specific local address when connecting to the remote host. This can be
              used to choose from multiple outgoing interfaces. Either address or port (or  both)
              can be given.

       -V     Print the version

MULTI-HOP

       Dropbear  will  also  allow  multiple "hops" to be specified, separated by commas. In this
       case a connection will be made to the first host, then a TCP forwarded connection will  be
       made  through  that  to the second host, and so on. Hosts other than the final destination
       will not see anything other than the encrypted SSH stream.  A  port  for  a  host  can  be
       specified  with  a caret (eg matt@martello^44 ).  This syntax can also be used with scp or
       rsync (specifying dbclient as the ssh/rsh  command).  A  file  can  be  "bounced"  through
       multiple SSH hops, eg

       scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .

       Note  that  hostnames are resolved by the prior hop (so "canyons" would be resolved by the
       host "wrt") in the example above, the same way as other -L TCP forwarded hosts  are.  Host
       keys are checked locally based on the given hostname.

ESCAPE CHARACTERS

       Typing  a  newline  followed  by  the   key  sequence  ~.  (tilde,  dot)  will terminate a
       connection.  The sequence  ~^Z  (tilde,  ctrl-z)  will  background  the  connection.  This
       behaviour only applies when a PTY is used.

ENVIRONMENT

       DROPBEAR_PASSWORD
              A  password  to  use  for remote authentication can be specified in the environment
              variable DROPBEAR_PASSWORD. Care should be taken that the password is  not  exposed
              to other users on a multi-user system, or stored in accessible files.

       SSH_ASKPASS
              dbclient  can  use  an  external  program  to  request  a  password  from  a  user.
              SSH_ASKPASS should be set to the path of a program that will return a  password  on
              standard  output.  This  program  will  only  be  used if either DISPLAY is set and
              standard input is not a TTY, or the environment variable SSH_ASKPASS_ALWAYS is set.

NOTES

       If compiled with zlib support and if the server supports  it,  dbclient  will  always  use
       compression.

AUTHOR

       Matt Johnston (matt@ucc.asn.au).
       Mihnea Stoenescu wrote initial Dropbear client support
       Gerrit Pape (pape@smarden.org) wrote this manual page.

SEE ALSO

       dropbear(8), dropbearkey(1)

       https://matt.ucc.asn.au/dropbear/dropbear.html

                                                                                      dbclient(1)