docs/uci_dropbear.txt

   1 ---
   2 ---
   3 Dropbear Configuration
   4 ======================
   5
   6 == Dropbear Configuration
   7
   8 The Dropbear UCI configuration file is located in **'/etc/config/dropbear'**.
   9
  10 == Sections
  11
  12 The 'dropbear' configuration contains settings for the dropbear SSH server in a single section.
  13
  14 === Dropbear
  15
  16 The 'dropbear' section contains these settings:
  17
  18 [cols="4*1,4",options="header"]
  19 |====
  20 | Name | Type | Required | Default | Description
  21 | 'enable' | boolean | no | 1 | Set to '0' to disable starting dropbear at system boot.
  22 | 'verbose' | boolean | no | 0 | Set to '1' to enable verbose output by the start script.
  23 | 'BannerFile' | string | no | _(none)_ | Name of a file to be printed before the user has authenticated successfully.
  24 | 'PasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating with passwords.
  25 | 'Port' | integer | no | 22 | Port number to listen on.
  26 | 'RootPasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating as root with passwords.
  27 | 'RootLogin' | boolean | no | 1 | Set to '0' to disable SSH logins as root.
  28 | 'GatewayPorts' | boolean | no | 0 | Set to '1' to allow remote hosts to connect to forwarded ports.
  29 | 'Interface' | string | no | _(none)_ | Tells dropbear to listen only on the specified interface.((e.g. 'lan', 'wan', 'henet'))
  30 | 'rsakeyfile' | file| no | _(none)_ | Path to RSA file
  31 | 'dsskeyfile' | file| no | _(none)_ | Path to DSS/DSA file
  32 | 'SSHKeepAlive' | integer| no | 300 | Keep Alive
  33 | 'IdleTimeout' | integer| no | 0| Idle Timeout
  34 | 'mdns' | integer | no | 1 | Whether to annouce the service via link:mdns.html[mDNS]
  35 |====
  36
  37 This is the default configuration:
  38
  39 ----
  40 config dropbear
  41         option PasswordAuth 'on'
  42         option RootPasswordAuth 'on'
  43         option Port         '22'
  44 ----
  45
  46 === Multiple dropbear instances
  47
  48 Edit /etc/config/dropbear to add a second instance.
  49 ----
  50 vi /etc/config/dropbear
  51 ----
  52
  53 The below example shows one on port 22 on the lan side, one on port 2022 on the wan side.  Note: wan side is set for PasswordAuth off so make sure you have added an ssh-key.
  54
  55 Also make sure to check your firewall DNAT (port forward) to allow access to the wan side port, 2022 in this case.
  56
  57 ----
  58 config dropbear
  59         option PasswordAuth 'on'
  60         option Port '22'
  61         option Interface 'lan'
  62
  63 config dropbear
  64         option PasswordAuth 'off'
  65         option Interface 'wan'
  66         option Port '2022'
  67 ----