Difference between revisions of "BMC Configure dropbear"

From RCS Wiki
Jump to navigation Jump to search
(Created page with "==Configuring dropbear== Additional arguments can be added to the configuration file to alter the behavior of the dropbear ssh server, on the BMC. ==Configuration File== The...")
 
 
(2 intermediate revisions by the same user not shown)
Line 6: Line 6:
  
 
==Example Configuration File==
 
==Example Configuration File==
Disable root login, password logins, and change port to 1234:
+
Disable root login and password logins:
<pre>DROPBEAR_EXTRA_ARGS="-w -s -p 1234"</pre>
+
<pre>DROPBEAR_EXTRA_ARGS="-w -s"</pre>
  
 
==dropbear options==
 
==dropbear options==
Line 42: Line 42:
 
-V    Version
 
-V    Version
 
</pre>
 
</pre>
 +
==Change Port==
 +
The default port of 22 can be changed by editing /lib/systemd/system/dropbear.socket.
 +
 +
E.g. Set port to 1234:
 +
<pre>
 +
[Unit]
 +
Conflicts=dropbear.service
 +
 +
[Socket]
 +
ListenStream=1234
 +
Accept=yes
 +
 +
[Install]
 +
WantedBy=sockets.target
 +
Also=dropbearkey.service
 +
</pre>
 +
After editing /lib/systemd/system/dropbear.socket, run:
 +
<code>systemctl daemon-reload</code>
 +
and
 +
<code>systemctl restart dropbear*</code>
 +
 +
 +
[[Category:Guides]]

Latest revision as of 21:45, 18 April 2019

Configuring dropbear

Additional arguments can be added to the configuration file to alter the behavior of the dropbear ssh server, on the BMC.

Configuration File

The default location for this is /etc/default/dropbear.

Example Configuration File

Disable root login and password logins:

DROPBEAR_EXTRA_ARGS="-w -s"

dropbear options

-b bannerfile   Display the contents of bannerfile before user login
                (default: none)
-r keyfile  Specify hostkeys (repeatable)
                defaults: 
                dss /etc/dropbear/dropbear_dss_host_key
                rsa /etc/dropbear/dropbear_rsa_host_key
                ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-R              Create hostkeys as required
-F              Don't fork into background
-E              Log to stderr rather than syslog
-m              Don't display the motd on login
-w              Disallow root logins
-s              Disable password logins
-g              Disable password logins for root
-B              Allow blank password logins
-j              Disable local port forwarding
-k              Disable remote port forwarding
-a              Allow connections to forwarded ports from any host
-c command      Force executed command
-p [address:]port
                Listen on specified tcp port (and optionally address),
                up to 10 can be specified
                (default port is 22 if none specified)
-P PidFile      Create pid file PidFile
                (default /var/run/dropbear.pid)
-i              Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version

Change Port

The default port of 22 can be changed by editing /lib/systemd/system/dropbear.socket.

E.g. Set port to 1234:

[Unit]
Conflicts=dropbear.service

[Socket]
ListenStream=1234
Accept=yes

[Install]
WantedBy=sockets.target
Also=dropbearkey.service

After editing /lib/systemd/system/dropbear.socket, run: systemctl daemon-reload and systemctl restart dropbear*