Mercurial > dropbear
annotate dropbear.8 @ 1834:94dc11094e26
Increase max window size to 10MB, fallback rather than
exiting if an invalid value is given.
author | Matt Johnston <matt@codeconstruct.com.au> |
---|---|
date | Tue, 12 Oct 2021 23:32:10 +0800 |
parents | e9854650d45b |
children |
rev | line source |
---|---|
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 .TH dropbear 8 |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 .SH NAME |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
3 dropbear \- lightweight SSH server |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 .SH SYNOPSIS |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 .B dropbear |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
6 [\fIflag arguments\fR] [\-b |
860 | 7 .I banner\fR] |
8 [\-r | |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
9 .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR] |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 .SH DESCRIPTION |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 .B dropbear |
946 | 12 is a small SSH server |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 .SH OPTIONS |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 .B \-b \fIbanner |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 bannerfile. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 Display the contents of the file |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 .I banner |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 before user login (default: none). |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 .TP |
860 | 21 .B \-r \fIhostkey |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 Use the contents of the file |
860 | 23 .I hostkey |
24 for the SSH hostkey. | |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 This file is generated with |
860 | 26 .BR dropbearkey (1) |
27 or automatically with the '-R' option. See "Host Key Files" below. | |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 .TP |
860 | 29 .B \-R |
875
6c7a15668d5a
Log when generating a hostkey
Matt Johnston <matt@ucc.asn.au>
parents:
860
diff
changeset
|
30 Generate hostkeys automatically. See "Host Key Files" below. |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 .B \-F |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 Don't fork into background. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 .B \-E |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 Log to standard error rather than syslog. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 .TP |
1819
5120e22882de
pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents:
1818
diff
changeset
|
38 .B \-e |
5120e22882de
pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents:
1818
diff
changeset
|
39 Pass on the server environment to all child processes. This is required, for example, |
1820
e9854650d45b
Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents:
1819
diff
changeset
|
40 if Dropbear is launched on the fly from a SLURM workload manager. The environment is not |
e9854650d45b
Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents:
1819
diff
changeset
|
41 passed by default. Note that this could expose secrets in environment variables from |
e9854650d45b
Clarify help text for dropbear -e environment option
Matt Johnston <matt@ucc.asn.au>
parents:
1819
diff
changeset
|
42 the calling process - use with caution. |
1819
5120e22882de
pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents:
1818
diff
changeset
|
43 .TP |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 .B \-m |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 Don't display the message of the day on login. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 .B \-w |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 Disallow root logins. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 .B \-s |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 Disable password logins. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 .B \-g |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 Disable password logins for root. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 .B \-j |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 Disable local port forwarding. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 .B \-k |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 Disable remote port forwarding. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 .TP |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
62 .B \-p\fR [\fIaddress\fR:]\fIport |
438 | 63 Listen on specified |
64 .I address | |
65 and TCP | |
66 .I port. | |
67 If just a port is given listen | |
68 on all addresses. | |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
69 Up to 10 can be specified (default 22 if none specified). |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 .B \-i |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 Service program mode. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 Use this option to run |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 .B dropbear |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 under TCP/IP servers like inetd, tcpsvd, or tcpserver. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 In program mode the \-F option is implied, and \-p options are ignored. |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
77 .TP |
325
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
78 .B \-P \fIpidfile |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
79 Specify a pidfile to create when running as a daemon. If not specified, the |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
80 default is /var/run/dropbear.pid |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
81 .TP |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
82 .B \-a |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
83 Allow remote hosts to connect to forwarded ports. |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
84 .TP |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
85 .B \-W \fIwindowsize |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
86 Specify the per-channel receive window buffer size. Increasing this |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
87 may improve network performance at the expense of memory use. Use -h to see the |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
88 default buffer size. |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
89 .TP |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
90 .B \-K \fItimeout_seconds |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
91 Ensure that traffic is transmitted at a certain interval in seconds. This is |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
92 useful for working around firewalls or routers that drop connections after |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
93 a certain period of inactivity. The trade-off is that a session may be |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
94 closed if there is a temporary lapse of network connectivity. A setting |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
95 of 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed. |
515 | 96 .TP |
97 .B \-I \fIidle_timeout | |
98 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. | |
946 | 99 .TP |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1290
diff
changeset
|
100 .B \-T \fImax_authentication_attempts |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
101 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES) |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1290
diff
changeset
|
102 .TP |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
103 .B \-c \fIforced_command |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
104 Disregard the command provided by the user and always run \fIforced_command\fR. This also |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
105 overrides any authorized_keys command= option. The original command is saved in the |
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
106 SSH_ORIGINAL_COMMAND environment variable (see below). |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
107 .TP |
946 | 108 .B \-V |
109 Print the version | |
110 | |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
111 .SH FILES |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
112 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
113 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
114 Authorized Keys |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
115 |
1146
3c8403f4669d
Fix typo in dropbear(8)'s manpage
Guilhem Moulin <guilhem@fripost.org>
parents:
946
diff
changeset
|
116 ~/.ssh/authorized_keys can be set up to allow remote login with a RSA, |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
117 ECDSA, Ed25519 or DSS |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
118 key. Each line is of the form |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
119 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
120 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment] |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
121 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
122 and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored). |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
123 Restrictions are comma separated, with double quotes around spaces in arguments. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
124 Available restrictions are: |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
125 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
126 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
127 .B no-port-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
128 Don't allow port forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
129 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
130 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
131 .B no-agent-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
132 Don't allow agent forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
133 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
134 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
135 .B no-X11-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
136 Don't allow X11 forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
137 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
138 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
139 .B no-pty |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
140 Disable PTY allocation. Note that a user can still obtain most of the |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
141 same functionality with other means even if no-pty is set. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
142 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
143 .TP |
1818
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
144 .B restrict |
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
145 Applies all the no- restrictions listed above. |
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
146 |
587c76726b5f
Add "restrict" authorized_keys option
Matt Johnston <matt@ucc.asn.au>
parents:
1784
diff
changeset
|
147 .TP |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
148 .B command=\fR"\fIforced_command\fR" |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
149 Disregard the command provided by the user and always run \fIforced_command\fR. |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
150 The -c command line option overrides this. |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
151 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
152 The authorized_keys file and its containing ~/.ssh directory must only be |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
153 writable by the user, otherwise Dropbear will not allow a login using public |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
154 key authentication. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
155 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
156 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
157 Host Key Files |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
158 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
159 Host key files are read at startup from a standard location, by default |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
160 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
161 /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key |
1533
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
162 |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
163 If the -r command line option is specified the default files are not loaded. |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
164 Host key files are of the form generated by dropbearkey. |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
165 The -R option can be used to automatically generate keys |
860 | 166 in the default location - keys will be generated after startup when the first |
167 connection is established. This had the benefit that the system /dev/urandom | |
168 random number source has a better chance of being securely seeded. | |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
169 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
170 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
171 Message Of The Day |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
172 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
173 By default the file /etc/motd will be printed for any login shell (unless |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
174 disabled at compile-time). This can also be disabled per-user |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
175 by creating a file ~/.hushlogin . |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
176 |
569 | 177 .SH ENVIRONMENT VARIABLES |
178 Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM. | |
179 | |
180 The variables below are set for sessions as appropriate. | |
181 | |
182 .TP | |
183 .B SSH_TTY | |
184 This is set to the allocated TTY if a PTY was used. | |
185 | |
186 .TP | |
187 .B SSH_CONNECTION | |
188 Contains "<remote_ip> <remote_port> <local_ip> <local_port>". | |
189 | |
190 .TP | |
191 .B DISPLAY | |
192 Set X11 forwarding is used. | |
193 | |
194 .TP | |
195 .B SSH_ORIGINAL_COMMAND | |
196 If a 'command=' authorized_keys option was used, the original command is specified | |
197 in this variable. If a shell was requested this is set to an empty value. | |
198 | |
199 .TP | |
200 .B SSH_AUTH_SOCK | |
201 Set to a forwarded ssh-agent connection. | |
202 | |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
203 .SH NOTES |
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
204 Dropbear only supports SSH protocol version 2. |
569 | 205 |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 .SH AUTHOR |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 Matt Johnston ([email protected]). |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 .br |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 Gerrit Pape ([email protected]) wrote this manual page. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 .SH SEE ALSO |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
211 dropbearkey(1), dbclient(1), dropbearconvert(1) |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 .P |
690 | 213 https://matt.ucc.asn.au/dropbear/dropbear.html |