annotate dropbear.8 @ 1920:1489449eceb1

Check authorized_keys permissions as the user This is necessary on NFS with squash root. Based on work from Chris Dragan This commit also tidies some trailing whitespace. Fixes github pull #107
author Matt Johnston <matt@ucc.asn.au>
date Wed, 30 Mar 2022 12:56:09 +0800
parents e9854650d45b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 .TH dropbear 8
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 .SH NAME
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
3 dropbear \- lightweight SSH server
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 .SH SYNOPSIS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 .B dropbear
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
6 [\fIflag arguments\fR] [\-b
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
7 .I banner\fR]
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
8 [\-r
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
9 .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR]
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 .SH DESCRIPTION
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 .B dropbear
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
12 is a small SSH server
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 .SH OPTIONS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 .B \-b \fIbanner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 bannerfile.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 Display the contents of the file
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 .I banner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 before user login (default: none).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 .TP
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
21 .B \-r \fIhostkey
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 Use the contents of the file
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
23 .I hostkey
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
24 for the SSH hostkey.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 This file is generated with
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
26 .BR dropbearkey (1)
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
27 or automatically with the '-R' option. See "Host Key Files" below.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 .TP
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
29 .B \-R
875
6c7a15668d5a Log when generating a hostkey
Matt Johnston <matt@ucc.asn.au>
parents: 860
diff changeset
30 Generate hostkeys automatically. See "Host Key Files" below.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 .B \-F
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 Don't fork into background.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 .B \-E
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 Log to standard error rather than syslog.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 .TP
1819
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
38 .B \-e
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
39 Pass on the server environment to all child processes. This is required, for example,
1820
e9854650d45b Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents: 1819
diff changeset
40 if Dropbear is launched on the fly from a SLURM workload manager. The environment is not
e9854650d45b Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents: 1819
diff changeset
41 passed by default. Note that this could expose secrets in environment variables from
e9854650d45b Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents: 1819
diff changeset
42 the calling process - use with caution.
1819
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
43 .TP
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 .B \-m
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 Don't display the message of the day on login.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 .B \-w
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 Disallow root logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 .B \-s
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 Disable password logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 .B \-g
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 Disable password logins for root.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 .B \-j
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 Disable local port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 .B \-k
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 Disable remote port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61 .TP
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
62 .B \-p\fR [\fIaddress\fR:]\fIport
438
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
63 Listen on specified
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
64 .I address
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
65 and TCP
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
66 .I port.
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
67 If just a port is given listen
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
68 on all addresses.
1784
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
69 Up to 10 can be specified (default 22 if none specified).
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 .B \-i
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 Service program mode.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 Use this option to run
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 .B dropbear
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 under TCP/IP servers like inetd, tcpsvd, or tcpserver.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 In program mode the \-F option is implied, and \-p options are ignored.
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
77 .TP
325
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
78 .B \-P \fIpidfile
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
79 Specify a pidfile to create when running as a daemon. If not specified, the
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
80 default is /var/run/dropbear.pid
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
81 .TP
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
82 .B \-a
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
83 Allow remote hosts to connect to forwarded ports.
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
84 .TP
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
85 .B \-W \fIwindowsize
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
86 Specify the per-channel receive window buffer size. Increasing this
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
87 may improve network performance at the expense of memory use. Use -h to see the
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
88 default buffer size.
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
89 .TP
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
90 .B \-K \fItimeout_seconds
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
91 Ensure that traffic is transmitted at a certain interval in seconds. This is
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
92 useful for working around firewalls or routers that drop connections after
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
93 a certain period of inactivity. The trade-off is that a session may be
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
94 closed if there is a temporary lapse of network connectivity. A setting
1784
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
95 of 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
96 .TP
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
97 .B \-I \fIidle_timeout
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
98 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
99 .TP
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1290
diff changeset
100 .B \-T \fImax_authentication_attempts
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
101 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1290
diff changeset
102 .TP
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
103 .B \-c \fIforced_command
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
104 Disregard the command provided by the user and always run \fIforced_command\fR. This also
1784
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
105 overrides any authorized_keys command= option. The original command is saved in the
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
106 SSH_ORIGINAL_COMMAND environment variable (see below).
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
107 .TP
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
108 .B \-V
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
109 Print the version
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
110
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
111 .SH FILES
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
112
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
113 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
114 Authorized Keys
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
115
1146
3c8403f4669d Fix typo in dropbear(8)'s manpage
Guilhem Moulin <guilhem@fripost.org>
parents: 946
diff changeset
116 ~/.ssh/authorized_keys can be set up to allow remote login with a RSA,
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
117 ECDSA, Ed25519 or DSS
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
118 key. Each line is of the form
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
119 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
120 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
121
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
122 and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored).
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
123 Restrictions are comma separated, with double quotes around spaces in arguments.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
124 Available restrictions are:
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
125
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
126 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
127 .B no-port-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
128 Don't allow port forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
129
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
130 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
131 .B no-agent-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
132 Don't allow agent forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
133
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
134 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
135 .B no-X11-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
136 Don't allow X11 forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
137
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
138 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
139 .B no-pty
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
140 Disable PTY allocation. Note that a user can still obtain most of the
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
141 same functionality with other means even if no-pty is set.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
142
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
143 .TP
1818
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
144 .B restrict
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
145 Applies all the no- restrictions listed above.
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
146
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
147 .TP
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
148 .B command=\fR"\fIforced_command\fR"
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
149 Disregard the command provided by the user and always run \fIforced_command\fR.
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
150 The -c command line option overrides this.
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
151
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
152 The authorized_keys file and its containing ~/.ssh directory must only be
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
153 writable by the user, otherwise Dropbear will not allow a login using public
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
154 key authentication.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
155
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
156 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
157 Host Key Files
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
158
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
159 Host key files are read at startup from a standard location, by default
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
160 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key,
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
161 /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key
1533
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
162
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
163 If the -r command line option is specified the default files are not loaded.
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
164 Host key files are of the form generated by dropbearkey.
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
165 The -R option can be used to automatically generate keys
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
166 in the default location - keys will be generated after startup when the first
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
167 connection is established. This had the benefit that the system /dev/urandom
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
168 random number source has a better chance of being securely seeded.
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
169
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
170 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
171 Message Of The Day
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
172
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
173 By default the file /etc/motd will be printed for any login shell (unless
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
174 disabled at compile-time). This can also be disabled per-user
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
175 by creating a file ~/.hushlogin .
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
176
569
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
177 .SH ENVIRONMENT VARIABLES
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
178 Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
179
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
180 The variables below are set for sessions as appropriate.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
181
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
182 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
183 .B SSH_TTY
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
184 This is set to the allocated TTY if a PTY was used.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
185
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
186 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
187 .B SSH_CONNECTION
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
188 Contains "<remote_ip> <remote_port> <local_ip> <local_port>".
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
189
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
190 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
191 .B DISPLAY
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
192 Set X11 forwarding is used.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
193
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
194 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
195 .B SSH_ORIGINAL_COMMAND
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
196 If a 'command=' authorized_keys option was used, the original command is specified
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
197 in this variable. If a shell was requested this is set to an empty value.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
198
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
199 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
200 .B SSH_AUTH_SOCK
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
201 Set to a forwarded ssh-agent connection.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
202
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
203 .SH NOTES
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
204 Dropbear only supports SSH protocol version 2.
569
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
205
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
206 .SH AUTHOR
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 Matt Johnston ([email protected]).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
208 .br
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
209 Gerrit Pape ([email protected]) wrote this manual page.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210 .SH SEE ALSO
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
211 dropbearkey(1), dbclient(1), dropbearconvert(1)
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212 .P
690
4b47ff154ff6 Document "-m" and "-c"
Matt Johnston <matt@ucc.asn.au>
parents: 576
diff changeset
213 https://matt.ucc.asn.au/dropbear/dropbear.html