Mercurial > dropbear
annotate dropbear.8 @ 1800:c584b5602bd8
Return errstring on connect failure
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 05 Mar 2021 21:13:20 +0800 |
parents | 94323a20e572 |
children | 587c76726b5f |
rev | line source |
---|---|
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 .TH dropbear 8 |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 .SH NAME |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
3 dropbear \- lightweight SSH server |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 .SH SYNOPSIS |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 .B dropbear |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
6 [\fIflag arguments\fR] [\-b |
860 | 7 .I banner\fR] |
8 [\-r | |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
9 .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR] |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 .SH DESCRIPTION |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 .B dropbear |
946 | 12 is a small SSH server |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 .SH OPTIONS |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 .B \-b \fIbanner |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 bannerfile. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 Display the contents of the file |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 .I banner |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 before user login (default: none). |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 .TP |
860 | 21 .B \-r \fIhostkey |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 Use the contents of the file |
860 | 23 .I hostkey |
24 for the SSH hostkey. | |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 This file is generated with |
860 | 26 .BR dropbearkey (1) |
27 or automatically with the '-R' option. See "Host Key Files" below. | |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 .TP |
860 | 29 .B \-R |
875
6c7a15668d5a
Log when generating a hostkey
Matt Johnston <matt@ucc.asn.au>
parents:
860
diff
changeset
|
30 Generate hostkeys automatically. See "Host Key Files" below. |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 .B \-F |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 Don't fork into background. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 .B \-E |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 Log to standard error rather than syslog. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 .B \-m |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 Don't display the message of the day on login. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 .B \-w |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 Disallow root logins. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 .B \-s |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 Disable password logins. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 .B \-g |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 Disable password logins for root. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 .B \-j |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 Disable local port forwarding. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 .B \-k |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 Disable remote port forwarding. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 .TP |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
56 .B \-p\fR [\fIaddress\fR:]\fIport |
438 | 57 Listen on specified |
58 .I address | |
59 and TCP | |
60 .I port. | |
61 If just a port is given listen | |
62 on all addresses. | |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
63 Up to 10 can be specified (default 22 if none specified). |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 .TP |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 .B \-i |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 Service program mode. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 Use this option to run |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 .B dropbear |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 under TCP/IP servers like inetd, tcpsvd, or tcpserver. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 In program mode the \-F option is implied, and \-p options are ignored. |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
71 .TP |
325
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
72 .B \-P \fIpidfile |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
73 Specify a pidfile to create when running as a daemon. If not specified, the |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
74 default is /var/run/dropbear.pid |
0e4f225b7e07
Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
75 .TP |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
76 .B \-a |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
181
diff
changeset
|
77 Allow remote hosts to connect to forwarded ports. |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
78 .TP |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
79 .B \-W \fIwindowsize |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
80 Specify the per-channel receive window buffer size. Increasing this |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
81 may improve network performance at the expense of memory use. Use -h to see the |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
82 default buffer size. |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
83 .TP |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
84 .B \-K \fItimeout_seconds |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
85 Ensure that traffic is transmitted at a certain interval in seconds. This is |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
86 useful for working around firewalls or routers that drop connections after |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
87 a certain period of inactivity. The trade-off is that a session may be |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
88 closed if there is a temporary lapse of network connectivity. A setting |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
89 of 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed. |
515 | 90 .TP |
91 .B \-I \fIidle_timeout | |
92 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. | |
946 | 93 .TP |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1290
diff
changeset
|
94 .B \-T \fImax_authentication_attempts |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
95 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES) |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1290
diff
changeset
|
96 .TP |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
97 .B \-c \fIforced_command |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
98 Disregard the command provided by the user and always run \fIforced_command\fR. This also |
1784
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
99 overrides any authorized_keys command= option. The original command is saved in the |
94323a20e572
Some minor manpage improvements
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
100 SSH_ORIGINAL_COMMAND environment variable (see below). |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
101 .TP |
946 | 102 .B \-V |
103 Print the version | |
104 | |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
105 .SH FILES |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
106 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
107 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
108 Authorized Keys |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
109 |
1146
3c8403f4669d
Fix typo in dropbear(8)'s manpage
Guilhem Moulin <guilhem@fripost.org>
parents:
946
diff
changeset
|
110 ~/.ssh/authorized_keys can be set up to allow remote login with a RSA, |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
111 ECDSA, Ed25519 or DSS |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
112 key. Each line is of the form |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
113 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
114 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment] |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
115 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
116 and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored). |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
117 Restrictions are comma separated, with double quotes around spaces in arguments. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
118 Available restrictions are: |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
119 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
120 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
121 .B no-port-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
122 Don't allow port forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
123 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
124 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
125 .B no-agent-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
126 Don't allow agent forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
127 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
128 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
129 .B no-X11-forwarding |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
130 Don't allow X11 forwarding for this connection |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
131 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
132 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
133 .B no-pty |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
134 Disable PTY allocation. Note that a user can still obtain most of the |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
135 same functionality with other means even if no-pty is set. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
136 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
137 .TP |
1174
80cacacfec23
Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents:
1153
diff
changeset
|
138 .B command=\fR"\fIforced_command\fR" |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
139 Disregard the command provided by the user and always run \fIforced_command\fR. |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1174
diff
changeset
|
140 The -c command line option overrides this. |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
141 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
142 The authorized_keys file and its containing ~/.ssh directory must only be |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
143 writable by the user, otherwise Dropbear will not allow a login using public |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
144 key authentication. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
145 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
146 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
147 Host Key Files |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
148 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
149 Host key files are read at startup from a standard location, by default |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
150 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1533
diff
changeset
|
151 /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key |
1533
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
152 |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
153 If the -r command line option is specified the default files are not loaded. |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
154 Host key files are of the form generated by dropbearkey. |
2e9b6d9c7e7d
clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents:
1445
diff
changeset
|
155 The -R option can be used to automatically generate keys |
860 | 156 in the default location - keys will be generated after startup when the first |
157 connection is established. This had the benefit that the system /dev/urandom | |
158 random number source has a better chance of being securely seeded. | |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
159 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
160 .TP |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
161 Message Of The Day |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
162 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
163 By default the file /etc/motd will be printed for any login shell (unless |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
164 disabled at compile-time). This can also be disabled per-user |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
165 by creating a file ~/.hushlogin . |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
166 |
569 | 167 .SH ENVIRONMENT VARIABLES |
168 Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM. | |
169 | |
170 The variables below are set for sessions as appropriate. | |
171 | |
172 .TP | |
173 .B SSH_TTY | |
174 This is set to the allocated TTY if a PTY was used. | |
175 | |
176 .TP | |
177 .B SSH_CONNECTION | |
178 Contains "<remote_ip> <remote_port> <local_ip> <local_port>". | |
179 | |
180 .TP | |
181 .B DISPLAY | |
182 Set X11 forwarding is used. | |
183 | |
184 .TP | |
185 .B SSH_ORIGINAL_COMMAND | |
186 If a 'command=' authorized_keys option was used, the original command is specified | |
187 in this variable. If a shell was requested this is set to an empty value. | |
188 | |
189 .TP | |
190 .B SSH_AUTH_SOCK | |
191 Set to a forwarded ssh-agent connection. | |
192 | |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
193 .SH NOTES |
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
194 Dropbear only supports SSH protocol version 2. |
569 | 195 |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 .SH AUTHOR |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 Matt Johnston ([email protected]). |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 .br |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 Gerrit Pape ([email protected]) wrote this manual page. |
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 .SH SEE ALSO |
821
f8b28a3de6cb
Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents:
690
diff
changeset
|
201 dropbearkey(1), dbclient(1), dropbearconvert(1) |
128
a9dddd13c4ba
Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 .P |
690 | 203 https://matt.ucc.asn.au/dropbear/dropbear.html |