Provided by: dropbear_2011.54-1_amd64 bug


       dropbear - lightweight SSH2 server


       dropbear [-FEmwsgjki] [-b banner] [-d dsskey] [-r rsakey] [-p [address:]port]


       dropbear  is  a  SSH  2  server  designed  to  be  small enough to be used in small memory
       environments, while still being functional and secure enough for general use.


       -b banner
              bannerfile.  Display the contents of the file banner before  user  login  (default:

       -d dsskey
              dsskeyfile.   Use  the  contents  of the file dsskey for the DSS host key (default:
              /etc/dropbear/dropbear_dss_host_key).  Note that some SSH implementations  use  the
              term  "DSA"  rather  than  "DSS", they mean the same thing.  This file is generated
              with dropbearkey(8).

       -r rsakey
              rsakeyfile.  Use the contents of the file rsakey for the  rsa  host  key  (default:
              /etc/dropbear/dropbear_rsa_host_key).  This file is generated with dropbearkey(8).

       -F     Don't fork into background.

       -E     Log to standard error rather than syslog.

       -m     Don't display the message of the day on login.

       -w     Disallow root logins.

       -s     Disable password logins.

       -g     Disable password logins for root.

       -j     Disable local port forwarding.

       -k     Disable remote port forwarding.

       -p [address:]port
              Listen  on  specified  address and TCP port.  If just a port is given listen on all
              addresses.  up to 10 can be specified (default 22 if none specified).

       -i     Service program mode.  Use this option to run dropbear under  TCP/IP  servers  like
              inetd,  tcpsvd,  or  tcpserver.   In  program mode the -F option is implied, and -p
              options are ignored.

       -P pidfile
              Specify a pidfile to create when running as a daemon. If not specified, the default
              is /var/run/

       -a     Allow remote hosts to connect to forwarded ports.

       -W windowsize
              Specify  the  per-channel  receive  window buffer size. Increasing this may improve
              network performance at the expense of memory use. Use -h to see the default  buffer

       -K timeout_seconds
              Ensure that traffic is transmitted at a certain interval in seconds. This is useful
              for working around firewalls or routers  that  drop  connections  after  a  certain
              period  of  inactivity. The trade-off is that a session may be closed if there is a
              temporary lapse of network connectivity. A setting if 0 disables keepalives.

       -I idle_timeout
              Disconnect the session if no traffic is transmitted or  received  for  idle_timeout


       Authorized Keys

              ~/.ssh/authorized_keys  can  be set up to allow remote login with a RSA or DSS key.
              Each line is of the form

       [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]

              and can be extracted from a Dropbear private host key with "dropbearkey  -y".  This
              is  the  same format as used by OpenSSH, though the restrictions are a subset (keys
              with unknown restrictions are ignored).  Restrictions  are  comma  separated,  with
              double quotes around spaces in arguments.  Available restrictions are:

              Don't allow port forwarding for this connection

              Don't allow agent forwarding for this connection

              Don't allow X11 forwarding for this connection

       no-pty Disable  PTY  allocation.  Note  that  a  user  can  still  obtain most of the same
              functionality with other means even if no-pty is set.

              Disregard the command provided by the user and always run forced_command.

              The authorized_keys file and its containing ~/.ssh directory must only be  writable
              by  the  user,  otherwise  Dropbear  will  not  allow  a  login  using  public  key

       Host Key Files

              Host  key  files  are  read  at  startup  from  a  standard  location,  by  default
              /etc/dropbear/dropbear_dss_host_key   and   /etc/dropbear/dropbear_rsa_host_key  or
              specified on the commandline with -d or -r. These are  of  the  form  generated  by

       Message Of The Day

              By  default the file /etc/motd will be printed for any login shell (unless disabled
              at  compile-time).  This  can  also  be  disabled  per-user  by  creating  a   file
              ~/.hushlogin .


       Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.

       The variables below are set for sessions as appropriate.

              This is set to the allocated TTY if a PTY was used.

              Contains "<remote_ip> <remote_port> <local_ip> <local_port>".

              Set X11 forwarding is used.

              If  a 'command=' authorized_keys option was used, the original command is specified
              in this variable. If a shell was requested this is set to an empty value.

              Set to a forwarded ssh-agent connection.


       Matt Johnston (
       Gerrit Pape ( wrote this manual page.


       dropbearkey(8), dbclient(1)