Provided by: dropbear-bin_2016.72-1_i386 bug


       dropbear - lightweight SSH server


       dropbear   [flag   arguments]   [-b   banner]   [-r   hostkeyfile]  [-p


       dropbear is a small SSH server


       -b banner
              bannerfile.  Display the contents of the file banner before user
              login (default: none).

       -r hostkey
              Use  the contents of the file hostkey for the SSH hostkey.  This
              file is generated with dropbearkey(1) or automatically with  the
              '-R' option. See "Host Key Files" below.

       -R     Generate hostkeys automatically. See "Host Key Files" below.

       -F     Don't fork into background.

       -E     Log to standard error rather than syslog.

       -m     Don't display the message of the day on login.

       -w     Disallow root logins.

       -s     Disable password logins.

       -g     Disable password logins for root.

       -j     Disable local port forwarding.

       -k     Disable remote port forwarding.

       -p [address:]port
              Listen  on  specified  address  and TCP port.  If just a port is
              given listen on all  addresses.   up  to  10  can  be  specified
              (default 22 if none specified).

       -i     Service  program  mode.   Use  this option to run dropbear under
              TCP/IP servers like inetd, tcpsvd,  or  tcpserver.   In  program
              mode the -F option is implied, and -p options are ignored.

       -P pidfile
              Specify  a  pidfile  to  create when running as a daemon. If not
              specified, the default is /var/run/

       -a     Allow remote hosts to connect to forwarded ports.

       -W windowsize
              Specify the per-channel receive window buffer  size.  Increasing
              this  may  improve  network performance at the expense of memory
              use. Use -h to see the default buffer size.

       -K timeout_seconds
              Ensure that traffic is transmitted  at  a  certain  interval  in
              seconds.  This is useful for working around firewalls or routers
              that drop connections after a certain period of inactivity.  The
              trade-off  is  that  a  session  may  be  closed  if  there is a
              temporary lapse of network connectivity. A setting if 0 disables
              keepalives.  If  no  response  is  received  for  3  consecutive
              keepalives the connection will be closed.

       -I idle_timeout
              Disconnect the session if no traffic is transmitted or  received
              for idle_timeout seconds.

       -V     Print the version


       Authorized Keys

              ~/.ssh/authorized_keys  can be set up to allow remote login with
              a RSA, ECDSA, or DSS key. Each line is of the form

       [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]

              and can be extracted from  a  Dropbear  private  host  key  with
              "dropbearkey  -y".  This  is the same format as used by OpenSSH,
              though  the  restrictions  are  a  subset  (keys  with   unknown
              restrictions  are  ignored).   Restrictions are comma separated,
              with  double  quotes  around  spaces  in  arguments.   Available
              restrictions are:

              Don't allow port forwarding for this connection

              Don't allow agent forwarding for this connection

              Don't allow X11 forwarding for this connection

       no-pty Disable  PTY  allocation. Note that a user can still obtain most
              of the same functionality with other means  even  if  no-pty  is

              Disregard  the  command  provided  by  the  user  and always run

              The authorized_keys file and  its  containing  ~/.ssh  directory
              must  only  be writable by the user, otherwise Dropbear will not
              allow a login using public key authentication.

       Host Key Files

              Host key files are read at startup from a standard location,  by
              default                     /etc/dropbear/dropbear_dss_host_key,
              /etc/dropbear/dropbear_rsa_host_key,                         and
              /etc/dropbear/dropbear_ecdsa_host_key   or   specified   on  the
              commandline  with  -r.  These  are  of  the  form  generated  by
              dropbearkey. The -R option can be used to automatically generate
              keys in the default location -  keys  will  be  generated  after
              startup  when  the first connection is established. This had the
              benefit that the system /dev/urandom random number source has  a
              better chance of being securely seeded.

       Message Of The Day

              By  default  the  file  /etc/motd  will be printed for any login
              shell (unless  disabled  at  compile-time).  This  can  also  be
              disabled per-user by creating a file ~/.hushlogin .


       Dropbear  sets the standard variables USER, LOGNAME, HOME, SHELL, PATH,
       and TERM.

       The variables below are set for sessions as appropriate.

              This is set to the allocated TTY if a PTY was used.

              Contains "<remote_ip> <remote_port> <local_ip> <local_port>".

              Set X11 forwarding is used.

              If a 'command=' authorized_keys option was  used,  the  original
              command  is specified in this variable. If a shell was requested
              this is set to an empty value.

              Set to a forwarded ssh-agent connection.


       Dropbear only supports SSH protocol version 2.


       Matt Johnston (
       Gerrit Pape ( wrote this manual page.


       dropbearkey(1), dbclient(1), dropbearconvert(1)