docs/uci_dropbear.txt

   1 ---
   2 ---
   3 Dropbear Configuration
   4 ======================
   5
   6 include::uci_menu.inc[]
   7
   8 == Dropbear Configuration
   9
  10 The firewall configuration located in **'/etc/config/dropbear'**.
  11
  12 == Sections
  13
  14 The 'dropbear' configuration contains settings for the dropbear SSH server in a single section.
  15
  16 === Dropbear
  17
  18 The 'dropbear' section contains these settings:
  19
  20 [cols="4*1,4",options="header"]
  21 |====
  22 | Name | Type | Required | Default | Description
  23 | 'enable' | boolean | no | 1 | Set to '0' to disable starting dropbear at system boot.
  24 | 'verbose' | boolean | no | 0 | Set to '1' to enable verbose output by the start script.
  25 | 'BannerFile' | string | no | _(none)_ | Name of a file to be printed before the user has authenticated successfully.
  26 | 'PasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating with passwords.
  27 | 'Port' | integer | no | 22 | Port number to listen on.
  28 | 'RootPasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating as root with passwords.
  29 | 'RootLogin' | boolean | no | 1 | Set to '0' to disable SSH logins as root.
  30 | 'GatewayPorts' | boolean | no | 0 | Set to '1' to allow remote hosts to connect to forwarded ports.
  31 | 'Interface' | string | no | _(none)_ | Tells dropbear to listen only on the specified interface.((e.g. 'lan', 'wan', 'henet'))
  32 | 'rsakeyfile' | file| no | _(none)_ | Path to RSA file
  33 | 'dsskeyfile' | file| no | _(none)_ | Path to DSS/DSA file
  34 | 'SSHKeepAlive' | integer| no | 300 | Keep Alive
  35 | 'IdleTimeout' | integer| no | 0| Idle Timeout
  36 |====
  37
  38 This is the default configuration:
  39
  40 ----
  41 config dropbear
  42         option PasswordAuth 'on'
  43         option RootPasswordAuth 'on'
  44         option Port         '22'
  45 ----
  46
  47 === Multiple dropbear instances
  48
  49 Edit /etc/config/dropbear to add a second instance.
  50 ----
  51 vi /etc/config/dropbear
  52 ----
  53
  54 The below example shows one on port 22 on the lan side, one on port 2022 on the wan side.  Note: wan side is set for PasswordAuth off so make sure you have added an ssh-key.
  55
  56 Also make sure to check your firewall DNAT (port forward) to allow access to the wan side port, 2022 in this case.
  57
  58 ----
  59 config dropbear
  60         option PasswordAuth 'on'
  61         option Port '22'
  62         option Interface 'lan'
  63
  64 config dropbear
  65         option PasswordAuth 'off'
  66         option Interface 'wan'
  67         option Port '2022'
  68 ----