Mercurial > dropbear
annotate dropbear.8 @ 1857:6022df862942
Use DSCP for IP QoS traffic classes
The previous TOS values are deprecated and not used by modern traffic
classifiers. This sets AF21 for "interactive" traffic (with a tty).
Non-tty traffic sets AF11 - that indicates high throughput but is not
lowest priority (which would be CS1 or LE).
This differs from the CS1 used by OpenSSH, it lets interactive git over SSH
have higher priority than background least effort traffic. Dropbear's settings
here should be suitable with the diffservs used by CAKE qdisc.
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 25 Jan 2022 17:32:20 +0800 |
parents | e9854650d45b |
children |
rev | line source |
---|---|
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 .TH dropbear 8 |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 .SH NAME |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
3 dropbear \- lightweight SSH server |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 .SH SYNOPSIS |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 .B dropbear |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
6 [\fIflag arguments\fR] [\-b |
860 | 7 .I banner\fR] |
8 [\-r | |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
9 .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR] |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 .SH DESCRIPTION |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 .B dropbear |
946 | 12 is a small SSH server |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 .SH OPTIONS |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 .B \-b \fIbanner |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 bannerfile. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 Display the contents of the file |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 .I banner |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 before user login (default: none). |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 .TP |
860 | 21 .B \-r \fIhostkey |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 Use the contents of the file |
860 | 23 .I hostkey |
24 for the SSH hostkey. | |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 This file is generated with |
860 | 26 .BR dropbearkey (1) |
27 or automatically with the '-R' option. See "Host Key Files" below. | |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 .TP |
860 | 29 .B \-R |
875
6c7a15668d5a
Log when generating a hostkey
Matt Johnston <matt@ucc.asn.au>
parents:
860
diff
changeset
|
30 Generate hostkeys automatically. See "Host Key Files" below. |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 .B \-F |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 Don't fork into background. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 .B \-E |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 Log to standard error rather than syslog. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 .TP |
1819
5120e22882de
pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents:
1818
diff
changeset
|
38 .B \-e |
5120e22882de
pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents:
1818
diff
changeset
|
39 Pass on the server environment to all child processes. This is required, for example, |
1820
e9854650d45b
Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents:
1819
diff
changeset
|
40 if Dropbear is launched on the fly from a SLURM workload manager. The environment is not |
e9854650d45b
Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents:
1819
diff
changeset
|
41 passed by default. Note that this could expose secrets in environment variables from |
e9854650d45b
Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents:
1819
diff
changeset
|
42 the calling process - use with caution. |
1819
5120e22882de
pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents:
1818
diff
changeset
|
43 .TP |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 .B \-m |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 Don't display the message of the day on login. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 .B \-w |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 Disallow root logins. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 .B \-s |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 Disable password logins. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 .B \-g |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 Disable password logins for root. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 .B \-j |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 Disable local port forwarding. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 .B \-k |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 Disable remote port forwarding. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 .TP |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
62 .B \-p\fR [\fIaddress\fR:]\fIport |
438 | 63 Listen on specified |
64 .I address | |
65 and TCP | |
66 .I port. | |
67 If just a port is given listen | |
68 on all addresses. | |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
69 Up to 10 can be specified (default 22 if none specified). |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 .B \-i |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 Service program mode. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 Use this option to run |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 .B dropbear |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 under TCP/IP servers like inetd, tcpsvd, or tcpserver. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 In program mode the \-F option is implied, and \-p options are ignored. |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
77 .TP |
325
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
78 .B \-P \fIpidfile |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
79 Specify a pidfile to create when running as a daemon. If not specified, the |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
80 default is /var/run/dropbear.pid |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
81 .TP |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
82 .B \-a |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
83 Allow remote hosts to connect to forwarded ports. |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
84 .TP |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
85 .B \-W \fIwindowsize |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
86 Specify the per-channel receive window buffer size. Increasing this |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
87 may improve network performance at the expense of memory use. Use -h to see the |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
88 default buffer size. |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
89 .TP |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
90 .B \-K \fItimeout_seconds |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
91 Ensure that traffic is transmitted at a certain interval in seconds. This is |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
92 useful for working around firewalls or routers that drop connections after |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
93 a certain period of inactivity. The trade-off is that a session may be |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
94 closed if there is a temporary lapse of network connectivity. A setting |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
95 of 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed. |
515 | 96 .TP |
97 .B \-I \fIidle_timeout | |
98 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. | |
946 | 99 .TP |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1290
diff
changeset
|
100 .B \-T \fImax_authentication_attempts |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
101 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES) |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1290
diff
changeset
|
102 .TP |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
103 .B \-c \fIforced_command |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
104 Disregard the command provided by the user and always run \fIforced_command\fR. This also |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
105 overrides any authorized_keys command= option. The original command is saved in the |
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
106 SSH_ORIGINAL_COMMAND environment variable (see below). |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
107 .TP |
946 | 108 .B \-V |
109 Print the version | |
110 | |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
111 .SH FILES |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
112 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
113 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
114 Authorized Keys |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
115 |
1146
3c8403f4669d
Fix typo in dropbear(8)'s manpage
Guilhem Moulin <guilhem@fripost.org>
parents:
946
diff
changeset
|
116 ~/.ssh/authorized_keys can be set up to allow remote login with a RSA, |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
117 ECDSA, Ed25519 or DSS |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
118 key. Each line is of the form |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
119 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
120 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment] |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
121 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
122 and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored). |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
123 Restrictions are comma separated, with double quotes around spaces in arguments. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
124 Available restrictions are: |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
125 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
126 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
127 .B no-port-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
128 Don't allow port forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
129 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
130 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
131 .B no-agent-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
132 Don't allow agent forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
133 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
134 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
135 .B no-X11-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
136 Don't allow X11 forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
137 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
138 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
139 .B no-pty |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
140 Disable PTY allocation. Note that a user can still obtain most of the |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
141 same functionality with other means even if no-pty is set. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
142 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
143 .TP |
1818
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
144 .B restrict |
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
145 Applies all the no- restrictions listed above. |
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
146 |
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
147 .TP |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
148 .B command=\fR"\fIforced_command\fR" |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
149 Disregard the command provided by the user and always run \fIforced_command\fR. |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
150 The -c command line option overrides this. |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
151 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
152 The authorized_keys file and its containing ~/.ssh directory must only be |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
153 writable by the user, otherwise Dropbear will not allow a login using public |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
154 key authentication. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
155 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
156 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
157 Host Key Files |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
158 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
159 Host key files are read at startup from a standard location, by default |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
160 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
161 /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key |
1533
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
162 |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
163 If the -r command line option is specified the default files are not loaded. |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
164 Host key files are of the form generated by dropbearkey. |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
165 The -R option can be used to automatically generate keys |
860 | 166 in the default location - keys will be generated after startup when the first |
167 connection is established. This had the benefit that the system /dev/urandom | |
168 random number source has a better chance of being securely seeded. | |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
169 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
170 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
171 Message Of The Day |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
172 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
173 By default the file /etc/motd will be printed for any login shell (unless |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
174 disabled at compile-time). This can also be disabled per-user |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
175 by creating a file ~/.hushlogin . |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
176 |
569 | 177 .SH ENVIRONMENT VARIABLES |
178 Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM. | |
179 | |
180 The variables below are set for sessions as appropriate. | |
181 | |
182 .TP | |
183 .B SSH_TTY | |
184 This is set to the allocated TTY if a PTY was used. | |
185 | |
186 .TP | |
187 .B SSH_CONNECTION | |
188 Contains "<remote_ip> <remote_port> <local_ip> <local_port>". | |
189 | |
190 .TP | |
191 .B DISPLAY | |
192 Set X11 forwarding is used. | |
193 | |
194 .TP | |
195 .B SSH_ORIGINAL_COMMAND | |
196 If a 'command=' authorized_keys option was used, the original command is specified | |
197 in this variable. If a shell was requested this is set to an empty value. | |
198 | |
199 .TP | |
200 .B SSH_AUTH_SOCK | |
201 Set to a forwarded ssh-agent connection. | |
202 | |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
203 .SH NOTES |
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
204 Dropbear only supports SSH protocol version 2. |
569 | 205 |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 .SH AUTHOR |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 Matt Johnston ([email protected]). |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 .br |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 Gerrit Pape ([email protected]) wrote this manual page. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 .SH SEE ALSO |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
211 dropbearkey(1), dbclient(1), dropbearconvert(1) |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 .P |
690 | 213 https://matt.ucc.asn.au/dropbear/dropbear.html |