

Dropbear is a small and lightweight SSH server and client that can replace OpenSSH on any POSIX platform such as GNU / Linux, * BSD, Cygwin … Dropbear is free software since it is released under MIT-style licenses.

Features:

A small memory footprint suitable for memory-constrained environments.

Dropbear server implements X11 forwarding, and authentication-agent forwarding for OpenSSH clients

Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication

The server, client, keygen, and key converter can be compiled into a single binary

Multi-hop mode uses SSH TCP forwarding to tunnel through multiple SSH hosts in a single command. dbclient user1@hop1,user2@hop2,destination

1. Install

Fedora

$ sudo dnf -y install dropbear

CentOS

Install EPEL repo.

$ sudo yum -y install epel-release

Install Dropbear.

$ yum -y install dropbear

Alpine

$ sudo apk add dropbear

Debian/Ubuntu/Devuan

$ sudo apt-get -y install dropbear

Android

Before installing Dropbear on Android you must install Termux, see the video: Termux - emulador de terminal para Android (Spanish)

Install Dropbear.

$ apt install dropbear

2. Stop OpenSSH service

Before starting the Dropbear service be sure to stop the sshd service.

systemd based distro: Fedora, CentOS, Debian, Ubuntu

$ sudo bash -c 'systemctl stop sshd && systemctl disable sshd'

OpenRC based distro: Alpine

$ sudo bash -c 'rc-service sshd stop && rc-update del sshd'

sysvinit based distro: Devuan

$ sudo bash -c 'service sshd stop && update-rc.d sshd disable'

Android

For Android it is not necessary to stop the SSH service because it is not installed by default.

3. Start Dropbear service

systemd based distro: Fedora, CentOS, Debian, Ubuntu

$ sudo systemctl start dropbear

OpenRC based distro: Alpine

$ sudo rc-service dropbear start

sysvinit based distro: Devuan

$ sudo service dropbear start

Android

We start Dropbear in foreground, by default Dropbear will be listening in port 8022

$ dropbear -F

4. Start the service with the OS

systemd based distro: Fedora, CentOS, Debian, Ubuntu

$ sudo systemctl enable dropbear

OpenRC based distro: Alpine

$ sudo rc-update add dropbear

sysvinit based distro: Devuan

$ sudo update-rc.d sshd enable

Android

It is not advisable to have an SSH server running on Android permanently for security and performance reasons however you can do it by installing Termux:Boot

5. Connect to Dropbear server

To connect to the Dropbear server you can use the ssh client (OpenSSH) or the dbclient tool. The dbclient tool is part of the Dropbear package. For Android, the recommended way to connect is using public and private keys since you do not have the password for the connecting user (at least in standard mode), for more details see the following video:

Cómo instalar un servidor SSH en Android (Spanish).

For Android you must add the -p 8022 option to the commands: ssh, dbclient.

Using user and password

$ ssh usuario@miservidor.midominio $ dbclient usuario@miservidor.midominio

Using public and private keys

With ssh

To connect to the dropbear server using the ssh client you must use the public and private keys generated by ssh-keygen.

1. Generate public and private keys

$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/sedlav/.ssh/id_ecdsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sedlav/.ssh/id_ecdsa. Your public key has been saved in /home/sedlav/.ssh/id_ecdsa.pub. The key fingerprint is: SHA256:m+Cg8yFD07sWN05oFHI6SXJsSXJe2nGYUtMalQFn2og sedlav@librebyte.net The key's randomart image is: +---[ECDSA 256]---+ |.ooo***o | |.+O=*Xo | | =E*++. | | +.o | | ooo.. S | | . o+++. o | | =.o=..o | | =.o. | | .o | +----[SHA256]-----+

2. Copy the public key to the server

$ ssh-copy-id -i .ssh/id_ecdsa.pub sedlav@dropbearserver /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_ecdsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys sedlav@dropbearserver's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'sedlav@dropbearserver'" and check to make sure that only the key(s) you wanted were added.

3. Connect

$ ssh sedlav@dropbearserver

With dbclient

To connect to the dropbear server using dbclient you must use public and private keys generated by dropbearkey

$ dropbearkey -t ecdsa -f .ssh/id_dropbear_ecdsa | grep "^ecdsa" > .ssh/id_dropbear_ecdsa.pub Generating key, this may take a while...

2. Copy the public key to the server

$ cat .ssh/id_dropbear_ecdsa.pub | dbclient sedlav@dropbearserver 'cat - >> .ssh/authorized_keys' sedlav@dropbearserver's password:

3. Connect

$ dbclient -i .ssh/id_dropbear_ecdsa sedlav@dropbearserver

Note .ssh DIR must have 700 perms mode and authorized_keys file must have 600 perms mode or you will not be able to connect to the Dropbear server.

Further reading

The tutorials here on LibreByte are provided under a free software licence. if you like my work you should consider: Buy a Hosting/VPS or Dedicated Server at MCKHost

Share this: Twitter

Reddit

Print

Email

