annotate dropbear.8 @ 1659:d32bcb5c557d

Add Ed25519 support (#91) * Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Wed, 11 Mar 2020 21:09:45 +0500
parents 2e9b6d9c7e7d
children 94323a20e572
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 .TH dropbear 8
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 .SH NAME
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
3 dropbear \- lightweight SSH server
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 .SH SYNOPSIS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 .B dropbear
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
6 [\fIflag arguments\fR] [\-b
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
7 .I banner\fR]
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
8 [\-r
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
9 .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR]
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 .SH DESCRIPTION
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 .B dropbear
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
12 is a small SSH server
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 .SH OPTIONS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 .B \-b \fIbanner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 bannerfile.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 Display the contents of the file
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 .I banner
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 before user login (default: none).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 .TP
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
21 .B \-r \fIhostkey
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 Use the contents of the file
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
23 .I hostkey
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
24 for the SSH hostkey.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 This file is generated with
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
26 .BR dropbearkey (1)
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
27 or automatically with the '-R' option. See "Host Key Files" below.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 .TP
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
29 .B \-R
875
6c7a15668d5a Log when generating a hostkey
Matt Johnston <matt@ucc.asn.au>
parents: 860
diff changeset
30 Generate hostkeys automatically. See "Host Key Files" below.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 .B \-F
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 Don't fork into background.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 .B \-E
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 Log to standard error rather than syslog.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 .B \-m
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 Don't display the message of the day on login.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 .B \-w
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 Disallow root logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 .B \-s
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 Disable password logins.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 .B \-g
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 Disable password logins for root.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 .B \-j
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 Disable local port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 .B \-k
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 Disable remote port forwarding.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 .TP
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
56 .B \-p\fR [\fIaddress\fR:]\fIport
438
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
57 Listen on specified
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
58 .I address
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
59 and TCP
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
60 .I port.
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
61 If just a port is given listen
4bfd22bac1dc Document -p [address:]port
Matt Johnston <matt@ucc.asn.au>
parents: 325
diff changeset
62 on all addresses.
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 up to 10 can be specified (default 22 if none specified).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 .B \-i
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 Service program mode.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 Use this option to run
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 .B dropbear
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 under TCP/IP servers like inetd, tcpsvd, or tcpserver.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 In program mode the \-F option is implied, and \-p options are ignored.
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
71 .TP
325
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
72 .B \-P \fIpidfile
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
73 Specify a pidfile to create when running as a daemon. If not specified, the
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
74 default is /var/run/dropbear.pid
0e4f225b7e07 Add -N "no remote command" dbclient option.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
75 .TP
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
76 .B \-a
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 181
diff changeset
77 Allow remote hosts to connect to forwarded ports.
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
78 .TP
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
79 .B \-W \fIwindowsize
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
80 Specify the per-channel receive window buffer size. Increasing this
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
81 may improve network performance at the expense of memory use. Use -h to see the
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
82 default buffer size.
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
83 .TP
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
84 .B \-K \fItimeout_seconds
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
85 Ensure that traffic is transmitted at a certain interval in seconds. This is
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
86 useful for working around firewalls or routers that drop connections after
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
87 a certain period of inactivity. The trade-off is that a session may be
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
88 closed if there is a temporary lapse of network connectivity. A setting
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
89 if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
90 .TP
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
91 .B \-I \fIidle_timeout
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 514
diff changeset
92 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
93 .TP
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1290
diff changeset
94 .B \-T \fImax_authentication_attempts
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
95 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1290
diff changeset
96 .TP
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
97 .B \-c \fIforced_command
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
98 Disregard the command provided by the user and always run \fIforced_command\fR. This also
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
99 overrides any authorized_keys command= option.
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
100 .TP
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
101 .B \-V
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
102 Print the version
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 875
diff changeset
103
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
104 .SH FILES
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
105
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
106 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
107 Authorized Keys
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
108
1146
3c8403f4669d Fix typo in dropbear(8)'s manpage
Guilhem Moulin <guilhem@fripost.org>
parents: 946
diff changeset
109 ~/.ssh/authorized_keys can be set up to allow remote login with a RSA,
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
110 ECDSA, Ed25519 or DSS
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
111 key. Each line is of the form
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
112 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
113 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
114
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
115 and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored).
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
116 Restrictions are comma separated, with double quotes around spaces in arguments.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
117 Available restrictions are:
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
118
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
119 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
120 .B no-port-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
121 Don't allow port forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
122
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
123 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
124 .B no-agent-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
125 Don't allow agent forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
126
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
127 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
128 .B no-X11-forwarding
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
129 Don't allow X11 forwarding for this connection
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
130
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
131 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
132 .B no-pty
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
133 Disable PTY allocation. Note that a user can still obtain most of the
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
134 same functionality with other means even if no-pty is set.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
135
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
136 .TP
1174
80cacacfec23 Fix minor manpage formatting issues
Guilhem Moulin <guilhem@fripost.org>
parents: 1153
diff changeset
137 .B command=\fR"\fIforced_command\fR"
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
138 Disregard the command provided by the user and always run \fIforced_command\fR.
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1174
diff changeset
139 The -c command line option overrides this.
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
140
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
141 The authorized_keys file and its containing ~/.ssh directory must only be
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
142 writable by the user, otherwise Dropbear will not allow a login using public
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
143 key authentication.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
144
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
145 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
146 Host Key Files
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
147
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
148 Host key files are read at startup from a standard location, by default
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
149 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key,
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1533
diff changeset
150 /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key
1533
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
151
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
152 If the -r command line option is specified the default files are not loaded.
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
153 Host key files are of the form generated by dropbearkey.
2e9b6d9c7e7d clarify that -r skips default hostkeys
Matt Johnston <matt@ucc.asn.au>
parents: 1445
diff changeset
154 The -R option can be used to automatically generate keys
860
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
155 in the default location - keys will be generated after startup when the first
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
156 connection is established. This had the benefit that the system /dev/urandom
057204b3dd61 docs for ecdsa
Matt Johnston <matt@ucc.asn.au>
parents: 821
diff changeset
157 random number source has a better chance of being securely seeded.
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
158
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
159 .TP
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
160 Message Of The Day
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
161
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
162 By default the file /etc/motd will be printed for any login shell (unless
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
163 disabled at compile-time). This can also be disabled per-user
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
164 by creating a file ~/.hushlogin .
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 454
diff changeset
165
569
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
166 .SH ENVIRONMENT VARIABLES
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
167 Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
168
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
169 The variables below are set for sessions as appropriate.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
170
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
171 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
172 .B SSH_TTY
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
173 This is set to the allocated TTY if a PTY was used.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
174
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
175 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
176 .B SSH_CONNECTION
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
177 Contains "<remote_ip> <remote_port> <local_ip> <local_port>".
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
178
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
179 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
180 .B DISPLAY
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
181 Set X11 forwarding is used.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
182
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
183 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
184 .B SSH_ORIGINAL_COMMAND
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
185 If a 'command=' authorized_keys option was used, the original command is specified
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
186 in this variable. If a shell was requested this is set to an empty value.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
187
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
188 .TP
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
189 .B SSH_AUTH_SOCK
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
190 Set to a forwarded ssh-agent connection.
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
191
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
192 .SH NOTES
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
193 Dropbear only supports SSH protocol version 2.
569
6f472dc54da7 - Set $SSH_CONNECTION
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
194
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195 .SH AUTHOR
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
196 Matt Johnston ([email protected]).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197 .br
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198 Gerrit Pape ([email protected]) wrote this manual page.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199 .SH SEE ALSO
821
f8b28a3de6cb Don't say "SSH 2" any more since protocol version 1 is irrelevant
Matt Johnston <matt@ucc.asn.au>
parents: 690
diff changeset
200 dropbearkey(1), dbclient(1), dropbearconvert(1)
128
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
201 .P
690
4b47ff154ff6 Document "-m" and "-c"
Matt Johnston <matt@ucc.asn.au>
parents: 576
diff changeset
202 https://matt.ucc.asn.au/dropbear/dropbear.html