dropbear: dropbear.8 annotate

annotate dropbear.8 @ 1857:6022df862942

Use DSCP for IP QoS traffic classes The previous TOS values are deprecated and not used by modern traffic classifiers. This sets AF21 for "interactive" traffic (with a tty). Non-tty traffic sets AF11 - that indicates high throughput but is not lowest priority (which would be CS1 or LE). This differs from the CS1 used by OpenSSH, it lets interactive git over SSH have higher priority than background least effort traffic. Dropbear's settings here should be suitable with the diffservs used by CAKE qdisc.

author	Matt Johnston <matt@ucc.asn.au>
date	Tue, 25 Jan 2022 17:32:20 +0800
parents	e9854650d45b
children

rev	line source
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 .TH dropbear 8
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 .SH NAME
821 f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	3 dropbear \- lightweight SSH server
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 .SH SYNOPSIS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 .B dropbear
1174 80cacacfec23 Fix minor manpage formatting issues Guilhem Moulin <guilhem@fripost.org> parents: 1153 diff changeset	6 [\fIflag arguments\fR] [\-b
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	7 .I banner\fR]
057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	8 [\-r
1174 80cacacfec23 Fix minor manpage formatting issues Guilhem Moulin <guilhem@fripost.org> parents: 1153 diff changeset	9 .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR]
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 .SH DESCRIPTION
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 .B dropbear
946 17d874ae93a1 Add '-V' for version Matt Johnston <matt@ucc.asn.au> parents: 875 diff changeset	12 is a small SSH server
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 .SH OPTIONS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 .B \-b \fIbanner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 bannerfile.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 Display the contents of the file
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 .I banner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 before user login (default: none).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 .TP
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	21 .B \-r \fIhostkey
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 Use the contents of the file
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	23 .I hostkey
057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	24 for the SSH hostkey.
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 This file is generated with
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	26 .BR dropbearkey (1)
057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	27 or automatically with the '-R' option. See "Host Key Files" below.
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 .TP
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	29 .B \-R
875 6c7a15668d5a Log when generating a hostkey Matt Johnston <matt@ucc.asn.au> parents: 860 diff changeset	30 Generate hostkeys automatically. See "Host Key Files" below.
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 .B \-F
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 Don't fork into background.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 .B \-E
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 Log to standard error rather than syslog.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 .TP
1819 5120e22882de pass on sever process environment to child processes (option -e) (#118) Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com> parents: 1818 diff changeset	38 .B \-e
5120e22882de pass on sever process environment to child processes (option -e) (#118) Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com> parents: 1818 diff changeset	39 Pass on the server environment to all child processes. This is required, for example,
1820 e9854650d45b Clarify help text for dropbear -e environment option Matt Johnston <matt@ucc.asn.au> parents: 1819 diff changeset	40 if Dropbear is launched on the fly from a SLURM workload manager. The environment is not
e9854650d45b Clarify help text for dropbear -e environment option Matt Johnston <matt@ucc.asn.au> parents: 1819 diff changeset	41 passed by default. Note that this could expose secrets in environment variables from
e9854650d45b Clarify help text for dropbear -e environment option Matt Johnston <matt@ucc.asn.au> parents: 1819 diff changeset	42 the calling process - use with caution.
1819 5120e22882de pass on sever process environment to child processes (option -e) (#118) Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com> parents: 1818 diff changeset	43 .TP
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 .B \-m
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 Don't display the message of the day on login.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 .B \-w
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 Disallow root logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 .B \-s
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 Disable password logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 .B \-g
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 Disable password logins for root.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 .B \-j
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 Disable local port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 .B \-k
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 Disable remote port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 .TP
1174 80cacacfec23 Fix minor manpage formatting issues Guilhem Moulin <guilhem@fripost.org> parents: 1153 diff changeset	62 .B \-p\fR [\fIaddress\fR:]\fIport
438 4bfd22bac1dc Document -p [address:]port Matt Johnston <matt@ucc.asn.au> parents: 325 diff changeset	63 Listen on specified
4bfd22bac1dc Document -p [address:]port Matt Johnston <matt@ucc.asn.au> parents: 325 diff changeset	64 .I address
4bfd22bac1dc Document -p [address:]port Matt Johnston <matt@ucc.asn.au> parents: 325 diff changeset	65 and TCP
4bfd22bac1dc Document -p [address:]port Matt Johnston <matt@ucc.asn.au> parents: 325 diff changeset	66 .I port.
4bfd22bac1dc Document -p [address:]port Matt Johnston <matt@ucc.asn.au> parents: 325 diff changeset	67 If just a port is given listen
4bfd22bac1dc Document -p [address:]port Matt Johnston <matt@ucc.asn.au> parents: 325 diff changeset	68 on all addresses.
1784 94323a20e572 Some minor manpage improvements Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	69 Up to 10 can be specified (default 22 if none specified).
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71 .B \-i
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 Service program mode.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 Use this option to run
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 .B dropbear
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 under TCP/IP servers like inetd, tcpsvd, or tcpserver.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 In program mode the \-F option is implied, and \-p options are ignored.
258 306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	77 .TP
325 0e4f225b7e07 Add -N "no remote command" dbclient option. Matt Johnston <matt@ucc.asn.au> parents: 258 diff changeset	78 .B \-P \fIpidfile
0e4f225b7e07 Add -N "no remote command" dbclient option. Matt Johnston <matt@ucc.asn.au> parents: 258 diff changeset	79 Specify a pidfile to create when running as a daemon. If not specified, the
0e4f225b7e07 Add -N "no remote command" dbclient option. Matt Johnston <matt@ucc.asn.au> parents: 258 diff changeset	80 default is /var/run/dropbear.pid
0e4f225b7e07 Add -N "no remote command" dbclient option. Matt Johnston <matt@ucc.asn.au> parents: 258 diff changeset	81 .TP
258 306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	82 .B \-a
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	83 Allow remote hosts to connect to forwarded ports.
449 3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	84 .TP
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	85 .B \-W \fIwindowsize
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	86 Specify the per-channel receive window buffer size. Increasing this
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	87 may improve network performance at the expense of memory use. Use -h to see the
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	88 default buffer size.
454 7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	89 .TP
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	90 .B \-K \fItimeout_seconds
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	91 Ensure that traffic is transmitted at a certain interval in seconds. This is
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	92 useful for working around firewalls or routers that drop connections after
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	93 a certain period of inactivity. The trade-off is that a session may be
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	94 closed if there is a temporary lapse of network connectivity. A setting
1784 94323a20e572 Some minor manpage improvements Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	95 of 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
515 fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 514 diff changeset	96 .TP
fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 514 diff changeset	97 .B \-I \fIidle_timeout
fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 514 diff changeset	98 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
946 17d874ae93a1 Add '-V' for version Matt Johnston <matt@ucc.asn.au> parents: 875 diff changeset	99 .TP
1442 517c67cbcd31 dropbear server: support -T max auth tries Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> parents: 1290 diff changeset	100 .B \-T \fImax_authentication_attempts
1445 a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range Matt Johnston <matt@ucc.asn.au> parents: 1442 diff changeset	101 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
1442 517c67cbcd31 dropbear server: support -T max auth tries Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> parents: 1290 diff changeset	102 .TP
1290 ee2ffa044c7e Add manpage and log for forced_command Matt Johnston <matt@ucc.asn.au> parents: 1174 diff changeset	103 .B \-c \fIforced_command
ee2ffa044c7e Add manpage and log for forced_command Matt Johnston <matt@ucc.asn.au> parents: 1174 diff changeset	104 Disregard the command provided by the user and always run \fIforced_command\fR. This also
1784 94323a20e572 Some minor manpage improvements Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	105 overrides any authorized_keys command= option. The original command is saved in the
94323a20e572 Some minor manpage improvements Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	106 SSH_ORIGINAL_COMMAND environment variable (see below).
1290 ee2ffa044c7e Add manpage and log for forced_command Matt Johnston <matt@ucc.asn.au> parents: 1174 diff changeset	107 .TP
946 17d874ae93a1 Add '-V' for version Matt Johnston <matt@ucc.asn.au> parents: 875 diff changeset	108 .B \-V
17d874ae93a1 Add '-V' for version Matt Johnston <matt@ucc.asn.au> parents: 875 diff changeset	109 Print the version
17d874ae93a1 Add '-V' for version Matt Johnston <matt@ucc.asn.au> parents: 875 diff changeset	110
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	111 .SH FILES
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	112
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	113 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	114 Authorized Keys
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	115
1146 3c8403f4669d Fix typo in dropbear(8)'s manpage Guilhem Moulin <guilhem@fripost.org> parents: 946 diff changeset	116 ~/.ssh/authorized_keys can be set up to allow remote login with a RSA,
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1533 diff changeset	117 ECDSA, Ed25519 or DSS
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	118 key. Each line is of the form
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	119 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	120 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	121
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	122 and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored).
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	123 Restrictions are comma separated, with double quotes around spaces in arguments.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	124 Available restrictions are:
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	125
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	126 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	127 .B no-port-forwarding
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	128 Don't allow port forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	129
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	130 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	131 .B no-agent-forwarding
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	132 Don't allow agent forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	133
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	134 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	135 .B no-X11-forwarding
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	136 Don't allow X11 forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	137
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	138 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	139 .B no-pty
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	140 Disable PTY allocation. Note that a user can still obtain most of the
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	141 same functionality with other means even if no-pty is set.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	142
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	143 .TP
1818 587c76726b5f Add "restrict" authorized_keys option Matt Johnston <matt@ucc.asn.au> parents: 1784 diff changeset	144 .B restrict
587c76726b5f Add "restrict" authorized_keys option Matt Johnston <matt@ucc.asn.au> parents: 1784 diff changeset	145 Applies all the no- restrictions listed above.
587c76726b5f Add "restrict" authorized_keys option Matt Johnston <matt@ucc.asn.au> parents: 1784 diff changeset	146
587c76726b5f Add "restrict" authorized_keys option Matt Johnston <matt@ucc.asn.au> parents: 1784 diff changeset	147 .TP
1174 80cacacfec23 Fix minor manpage formatting issues Guilhem Moulin <guilhem@fripost.org> parents: 1153 diff changeset	148 .B command=\fR"\fIforced_command\fR"
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	149 Disregard the command provided by the user and always run \fIforced_command\fR.
1290 ee2ffa044c7e Add manpage and log for forced_command Matt Johnston <matt@ucc.asn.au> parents: 1174 diff changeset	150 The -c command line option overrides this.
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	151
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	152 The authorized_keys file and its containing ~/.ssh directory must only be
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	153 writable by the user, otherwise Dropbear will not allow a login using public
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	154 key authentication.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	155
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	156 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	157 Host Key Files
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	158
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	159 Host key files are read at startup from a standard location, by default
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1533 diff changeset	160 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key,
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1533 diff changeset	161 /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key
1533 2e9b6d9c7e7d clarify that -r skips default hostkeys Matt Johnston <matt@ucc.asn.au> parents: 1445 diff changeset	162
2e9b6d9c7e7d clarify that -r skips default hostkeys Matt Johnston <matt@ucc.asn.au> parents: 1445 diff changeset	163 If the -r command line option is specified the default files are not loaded.
2e9b6d9c7e7d clarify that -r skips default hostkeys Matt Johnston <matt@ucc.asn.au> parents: 1445 diff changeset	164 Host key files are of the form generated by dropbearkey.
2e9b6d9c7e7d clarify that -r skips default hostkeys Matt Johnston <matt@ucc.asn.au> parents: 1445 diff changeset	165 The -R option can be used to automatically generate keys
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	166 in the default location - keys will be generated after startup when the first
057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	167 connection is established. This had the benefit that the system /dev/urandom
057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 821 diff changeset	168 random number source has a better chance of being securely seeded.
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	169
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	170 .TP
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	171 Message Of The Day
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	172
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	173 By default the file /etc/motd will be printed for any login shell (unless
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	174 disabled at compile-time). This can also be disabled per-user
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	175 by creating a file ~/.hushlogin .
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	176
569 6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	177 .SH ENVIRONMENT VARIABLES
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	178 Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	179
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	180 The variables below are set for sessions as appropriate.
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	181
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	182 .TP
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	183 .B SSH_TTY
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	184 This is set to the allocated TTY if a PTY was used.
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	185
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	186 .TP
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	187 .B SSH_CONNECTION
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	188 Contains "<remote_ip> <remote_port> <local_ip> <local_port>".
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	189
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	190 .TP
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	191 .B DISPLAY
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	192 Set X11 forwarding is used.
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	193
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	194 .TP
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	195 .B SSH_ORIGINAL_COMMAND
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	196 If a 'command=' authorized_keys option was used, the original command is specified
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	197 in this variable. If a shell was requested this is set to an empty value.
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	198
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	199 .TP
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	200 .B SSH_AUTH_SOCK
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	201 Set to a forwarded ssh-agent connection.
6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	202
821 f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	203 .SH NOTES
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	204 Dropbear only supports SSH protocol version 2.
569 6f472dc54da7 - Set $SSH_CONNECTION Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	205
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	206 .SH AUTHOR
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207 Matt Johnston ([email protected]).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208 .br
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	209 Gerrit Pape ([email protected]) wrote this manual page.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210 .SH SEE ALSO
821 f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	211 dropbearkey(1), dbclient(1), dropbearconvert(1)
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	212 .P
690 4b47ff154ff6 Document "-m" and "-c" Matt Johnston <matt@ucc.asn.au> parents: 576 diff changeset	213 https://matt.ucc.asn.au/dropbear/dropbear.html

Mercurial > dropbear

annotate dropbear.8 @ 1857:6022df862942