--- --- Dropbear Configuration ====================== == Dropbear Configuration The Dropbear UCI configuration file is located in **'/etc/config/dropbear'**. == Sections The 'dropbear' configuration contains settings for the dropbear SSH server in a single section. === Dropbear The 'dropbear' section contains these settings: [cols="4*1,4",options="header"] |==== | Name | Type | Required | Default | Description | 'enable' | boolean | no | 1 | Set to '0' to disable starting dropbear at system boot. | 'verbose' | boolean | no | 0 | Set to '1' to enable verbose output by the start script. | 'BannerFile' | string | no | _(none)_ | Name of a file to be printed before the user has authenticated successfully. | 'PasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating with passwords. | 'Port' | integer | no | 22 | Port number to listen on. | 'RootPasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating as root with passwords. | 'RootLogin' | boolean | no | 1 | Set to '0' to disable SSH logins as root. | 'GatewayPorts' | boolean | no | 0 | Set to '1' to allow remote hosts to connect to forwarded ports. | 'Interface' | string | no | _(none)_ | Tells dropbear to listen only on the specified interface.((e.g. 'lan', 'wan', 'henet')) | 'rsakeyfile' | file| no | _(none)_ | Path to RSA file | 'dsskeyfile' | file| no | _(none)_ | Path to DSS/DSA file | 'SSHKeepAlive' | integer| no | 300 | Keep Alive | 'IdleTimeout' | integer| no | 0| Idle Timeout | 'mdns' | integer | no | 1 | Whether to annouce the service via link:mdns.html[mDNS] |==== This is the default configuration: ---- config dropbear option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22' ---- === Multiple dropbear instances Edit /etc/config/dropbear to add a second instance. ---- vi /etc/config/dropbear ---- The below example shows one on port 22 on the lan side, one on port 2022 on the wan side. Note: wan side is set for PasswordAuth off so make sure you have added an ssh-key. Also make sure to check your firewall DNAT (port forward) to allow access to the wan side port, 2022 in this case. ---- config dropbear option PasswordAuth 'on' option Port '22' option Interface 'lan' config dropbear option PasswordAuth 'off' option Interface 'wan' option Port '2022' ----