blob: b7c5222ce5c0eac2ac7d817666559c1dce9b42f7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
---
---
Dropbear Configuration
======================
== Dropbear Configuration
The Dropbear UCI configuration file is located in **'/etc/config/dropbear'**.
== Sections
The 'dropbear' configuration contains settings for the dropbear SSH server in a single section.
=== Dropbear
The 'dropbear' section contains these settings:
[cols="4*1,4",options="header"]
|====
| Name | Type | Required | Default | Description
| 'enable' | boolean | no | 1 | Set to '0' to disable starting dropbear at system boot.
| 'verbose' | boolean | no | 0 | Set to '1' to enable verbose output by the start script.
| 'BannerFile' | string | no | _(none)_ | Name of a file to be printed before the user has authenticated successfully.
| 'PasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating with passwords.
| 'Port' | integer | no | 22 | Port number to listen on.
| 'RootPasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating as root with passwords.
| 'RootLogin' | boolean | no | 1 | Set to '0' to disable SSH logins as root.
| 'GatewayPorts' | boolean | no | 0 | Set to '1' to allow remote hosts to connect to forwarded ports.
| 'Interface' | string | no | _(none)_ | Tells dropbear to listen only on the specified interface.((e.g. 'lan', 'wan', 'henet'))
| 'rsakeyfile' | file| no | _(none)_ | Path to RSA file
| 'dsskeyfile' | file| no | _(none)_ | Path to DSS/DSA file
| 'SSHKeepAlive' | integer| no | 300 | Keep Alive
| 'IdleTimeout' | integer| no | 0| Idle Timeout
| 'mdns' | integer | no | 1 | Whether to annouce the service via link:mdns.html[mDNS]
|====
This is the default configuration:
----
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
----
=== Multiple dropbear instances
Edit /etc/config/dropbear to add a second instance.
----
vi /etc/config/dropbear
----
The below example shows one on port 22 on the lan side, one on port 2022 on the wan side. Note: wan side is set for PasswordAuth off so make sure you have added an ssh-key.
Also make sure to check your firewall DNAT (port forward) to allow access to the wan side port, 2022 in this case.
----
config dropbear
option PasswordAuth 'on'
option Port '22'
option Interface 'lan'
config dropbear
option PasswordAuth 'off'
option Interface 'wan'
option Port '2022'
----
|
