Mercurial > dropbear

annotate dropbear.8 @ 1819:5120e22882de

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pass on sever process environment to child processes (option -e) (#118)
author Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
date Thu, 19 Aug 2021 17:13:41 +0200
parents 587c76726b5f
children e9854650d45b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 .TH dropbear 8
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 .SH NAME
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
3 dropbear \- lightweight SSH server
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 .SH SYNOPSIS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 .B dropbear
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
6 [\fIflag arguments\fR] [\-b
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
7 .I banner\fR]
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
8 [\-r
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
9 .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR]
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 .SH DESCRIPTION
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 .B dropbear
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
12 is a small SSH server
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 .SH OPTIONS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 .B \-b \fIbanner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 bannerfile.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 Display the contents of the file
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 .I banner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 before user login (default: none).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 .TP
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
21 .B \-r \fIhostkey
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 Use the contents of the file
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
23 .I hostkey
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
24 for the SSH hostkey.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 This file is generated with
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
26 .BR dropbearkey (1)
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
27 or automatically with the '-R' option. See "Host Key Files" below.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 .TP
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
29 .B \-R
875
6c7a15668d5a Log when generating a hostkey
Matt Johnston <matt@ucc.asn.au>
parents: 860
diff changeset
30 Generate hostkeys automatically. See "Host Key Files" below.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 .B \-F
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 Don't fork into background.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 .B \-E
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 Log to standard error rather than syslog.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 .TP
1819
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
38 .B \-e
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
39 Pass on the server environment to all child processes. This is required, for example,
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
40 if dropbear is launched on the fly from a SLURM workload manager. The enviroment is not
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
41 passed by default. Note that this can be a potential security risk.
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1818
diff changeset
42 .TP
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 .B \-m
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 Don't display the message of the day on login.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 .B \-w
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 Disallow root logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 .B \-s
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 Disable password logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 .B \-g
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 Disable password logins for root.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 .B \-j
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 Disable local port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 .B \-k
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 Disable remote port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 .TP
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
61 .B \-p\fR [\fIaddress\fR:]\fIport
438
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
62 Listen on specified
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
63 .I address
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
64 and TCP
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
65 .I port.
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
66 If just a port is given listen
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
67 on all addresses.
1784
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
68 Up to 10 can be specified (default 22 if none specified).
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 .B \-i
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 Service program mode.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 Use this option to run
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 .B dropbear
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 under TCP/IP servers like inetd, tcpsvd, or tcpserver.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 In program mode the \-F option is implied, and \-p options are ignored.
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
76 .TP
325
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
77 .B \-P \fIpidfile
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
78 Specify a pidfile to create when running as a daemon. If not specified, the
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
79 default is /var/run/dropbear.pid
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
80 .TP
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
81 .B \-a
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
82 Allow remote hosts to connect to forwarded ports.
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
83 .TP
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
84 .B \-W \fIwindowsize
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
85 Specify the per-channel receive window buffer size. Increasing this
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
86 may improve network performance at the expense of memory use. Use -h to see the
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
87 default buffer size.
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
88 .TP
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
89 .B \-K \fItimeout_seconds
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
90 Ensure that traffic is transmitted at a certain interval in seconds. This is
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
91 useful for working around firewalls or routers that drop connections after
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
92 a certain period of inactivity. The trade-off is that a session may be
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
93 closed if there is a temporary lapse of network connectivity. A setting
1784
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
94 of 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
95 .TP
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
96 .B \-I \fIidle_timeout
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
97 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
98 .TP
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1290
diff changeset
99 .B \-T \fImax_authentication_attempts
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
100 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1290
diff changeset
101 .TP
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
102 .B \-c \fIforced_command
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
103 Disregard the command provided by the user and always run \fIforced_command\fR. This also
1784
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
104 overrides any authorized_keys command= option. The original command is saved in the
94323a20e572 Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
105 SSH_ORIGINAL_COMMAND environment variable (see below).
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
106 .TP
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
107 .B \-V
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
108 Print the version
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
109
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
110 .SH FILES
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
111
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
112 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
113 Authorized Keys
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
114
1146
3c8403f4669d Fix typo in dropbear(8)'s manpage
Guilhem Moulin <guilhem@fripost.org>
parents: 946
diff changeset
115 ~/.ssh/authorized_keys can be set up to allow remote login with a RSA,
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
116 ECDSA, Ed25519 or DSS
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
117 key. Each line is of the form
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
118 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
119 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
120
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
121 and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored).
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
122 Restrictions are comma separated, with double quotes around spaces in arguments.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
123 Available restrictions are:
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
124
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
125 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
126 .B no-port-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
127 Don't allow port forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
128
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
129 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
130 .B no-agent-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
131 Don't allow agent forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
132
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
133 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
134 .B no-X11-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
135 Don't allow X11 forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
136
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
137 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
138 .B no-pty
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
139 Disable PTY allocation. Note that a user can still obtain most of the
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
140 same functionality with other means even if no-pty is set.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
141
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
142 .TP
1818
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
143 .B restrict
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
144 Applies all the no- restrictions listed above.
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
145
587c76726b5f Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents: 1784
diff changeset
146 .TP
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
147 .B command=\fR"\fIforced_command\fR"
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
148 Disregard the command provided by the user and always run \fIforced_command\fR.
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
149 The -c command line option overrides this.
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
150
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
151 The authorized_keys file and its containing ~/.ssh directory must only be
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
152 writable by the user, otherwise Dropbear will not allow a login using public
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
153 key authentication.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
154
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
155 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
156 Host Key Files
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
157
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
158 Host key files are read at startup from a standard location, by default
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
159 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key,
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
160 /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key
1533
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
161
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
162 If the -r command line option is specified the default files are not loaded.
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
163 Host key files are of the form generated by dropbearkey.
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
164 The -R option can be used to automatically generate keys
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
165 in the default location - keys will be generated after startup when the first
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
166 connection is established. This had the benefit that the system /dev/urandom
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
167 random number source has a better chance of being securely seeded.
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
168
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
169 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
170 Message Of The Day
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
171
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
172 By default the file /etc/motd will be printed for any login shell (unless
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
173 disabled at compile-time). This can also be disabled per-user
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
174 by creating a file ~/.hushlogin .
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
175
569
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
176 .SH ENVIRONMENT VARIABLES
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
177 Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
178
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
179 The variables below are set for sessions as appropriate.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
180
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
181 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
182 .B SSH_TTY
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
183 This is set to the allocated TTY if a PTY was used.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
184
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
185 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
186 .B SSH_CONNECTION
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
187 Contains "<remote_ip> <remote_port> <local_ip> <local_port>".
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
188
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
189 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
190 .B DISPLAY
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
191 Set X11 forwarding is used.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
192
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
193 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
194 .B SSH_ORIGINAL_COMMAND
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
195 If a 'command=' authorized_keys option was used, the original command is specified
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
196 in this variable. If a shell was requested this is set to an empty value.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
197
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
198 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
199 .B SSH_AUTH_SOCK
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
200 Set to a forwarded ssh-agent connection.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
201
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
202 .SH NOTES
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
203 Dropbear only supports SSH protocol version 2.
569
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
204
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 .SH AUTHOR
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
206 Matt Johnston ([email protected]).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 .br
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
208 Gerrit Pape ([email protected]) wrote this manual page.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
209 .SH SEE ALSO
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
210 dropbearkey(1), dbclient(1), dropbearconvert(1)
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 .P
690
4b47ff154ff6 Document "-m" and "-c"
Matt Johnston <matt@ucc.asn.au>
parents: 576
diff changeset
212 https://matt.ucc.asn.au/dropbear/dropbear.html