Mercurial > dropbear
view dropbear.8 @ 1819:5120e22882de
pass on sever process environment to child processes (option -e) (#118)
author | Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com> |
---|---|
date | Thu, 19 Aug 2021 17:13:41 +0200 |
parents | 587c76726b5f |
children | e9854650d45b |
line wrap: on
line source
.TH dropbear 8 .SH NAME dropbear \- lightweight SSH server .SH SYNOPSIS .B dropbear [\fIflag arguments\fR] [\-b .I banner\fR] [\-r .I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR] .SH DESCRIPTION .B dropbear is a small SSH server .SH OPTIONS .TP .B \-b \fIbanner bannerfile. Display the contents of the file .I banner before user login (default: none). .TP .B \-r \fIhostkey Use the contents of the file .I hostkey for the SSH hostkey. This file is generated with .BR dropbearkey (1) or automatically with the '-R' option. See "Host Key Files" below. .TP .B \-R Generate hostkeys automatically. See "Host Key Files" below. .TP .B \-F Don't fork into background. .TP .B \-E Log to standard error rather than syslog. .TP .B \-e Pass on the server environment to all child processes. This is required, for example, if dropbear is launched on the fly from a SLURM workload manager. The enviroment is not passed by default. Note that this can be a potential security risk. .TP .B \-m Don't display the message of the day on login. .TP .B \-w Disallow root logins. .TP .B \-s Disable password logins. .TP .B \-g Disable password logins for root. .TP .B \-j Disable local port forwarding. .TP .B \-k Disable remote port forwarding. .TP .B \-p\fR [\fIaddress\fR:]\fIport Listen on specified .I address and TCP .I port. If just a port is given listen on all addresses. Up to 10 can be specified (default 22 if none specified). .TP .B \-i Service program mode. Use this option to run .B dropbear under TCP/IP servers like inetd, tcpsvd, or tcpserver. In program mode the \-F option is implied, and \-p options are ignored. .TP .B \-P \fIpidfile Specify a pidfile to create when running as a daemon. If not specified, the default is /var/run/dropbear.pid .TP .B \-a Allow remote hosts to connect to forwarded ports. .TP .B \-W \fIwindowsize Specify the per-channel receive window buffer size. Increasing this may improve network performance at the expense of memory use. Use -h to see the default buffer size. .TP .B \-K \fItimeout_seconds Ensure that traffic is transmitted at a certain interval in seconds. This is useful for working around firewalls or routers that drop connections after a certain period of inactivity. The trade-off is that a session may be closed if there is a temporary lapse of network connectivity. A setting of 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed. .TP .B \-I \fIidle_timeout Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. .TP .B \-T \fImax_authentication_attempts Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES) .TP .B \-c \fIforced_command Disregard the command provided by the user and always run \fIforced_command\fR. This also overrides any authorized_keys command= option. The original command is saved in the SSH_ORIGINAL_COMMAND environment variable (see below). .TP .B \-V Print the version .SH FILES .TP Authorized Keys ~/.ssh/authorized_keys can be set up to allow remote login with a RSA, ECDSA, Ed25519 or DSS key. Each line is of the form .TP [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment] and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored). Restrictions are comma separated, with double quotes around spaces in arguments. Available restrictions are: .TP .B no-port-forwarding Don't allow port forwarding for this connection .TP .B no-agent-forwarding Don't allow agent forwarding for this connection .TP .B no-X11-forwarding Don't allow X11 forwarding for this connection .TP .B no-pty Disable PTY allocation. Note that a user can still obtain most of the same functionality with other means even if no-pty is set. .TP .B restrict Applies all the no- restrictions listed above. .TP .B command=\fR"\fIforced_command\fR" Disregard the command provided by the user and always run \fIforced_command\fR. The -c command line option overrides this. The authorized_keys file and its containing ~/.ssh directory must only be writable by the user, otherwise Dropbear will not allow a login using public key authentication. .TP Host Key Files Host key files are read at startup from a standard location, by default /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, /etc/dropbear/dropbear_ecdsa_host_key and /etc/dropbear/dropbear_ed25519_host_key If the -r command line option is specified the default files are not loaded. Host key files are of the form generated by dropbearkey. The -R option can be used to automatically generate keys in the default location - keys will be generated after startup when the first connection is established. This had the benefit that the system /dev/urandom random number source has a better chance of being securely seeded. .TP Message Of The Day By default the file /etc/motd will be printed for any login shell (unless disabled at compile-time). This can also be disabled per-user by creating a file ~/.hushlogin . .SH ENVIRONMENT VARIABLES Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM. The variables below are set for sessions as appropriate. .TP .B SSH_TTY This is set to the allocated TTY if a PTY was used. .TP .B SSH_CONNECTION Contains "<remote_ip> <remote_port> <local_ip> <local_port>". .TP .B DISPLAY Set X11 forwarding is used. .TP .B SSH_ORIGINAL_COMMAND If a 'command=' authorized_keys option was used, the original command is specified in this variable. If a shell was requested this is set to an empty value. .TP .B SSH_AUTH_SOCK Set to a forwarded ssh-agent connection. .SH NOTES Dropbear only supports SSH protocol version 2. .SH AUTHOR Matt Johnston ([email protected]). .br Gerrit Pape ([email protected]) wrote this manual page. .SH SEE ALSO dropbearkey(1), dbclient(1), dropbearconvert(1) .P https://matt.ucc.asn.au/dropbear/dropbear.html