Difference between revisions of "BMC Configure dropbear"
Jump to navigation
Jump to search
(Created page with "==Configuring dropbear== Additional arguments can be added to the configuration file to alter the behavior of the dropbear ssh server, on the BMC. ==Configuration File== The...") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
==Example Configuration File== | ==Example Configuration File== | ||
− | Disable root login | + | Disable root login and password logins: |
− | <pre>DROPBEAR_EXTRA_ARGS="-w -s | + | <pre>DROPBEAR_EXTRA_ARGS="-w -s"</pre> |
==dropbear options== | ==dropbear options== | ||
Line 42: | Line 42: | ||
-V Version | -V Version | ||
</pre> | </pre> | ||
+ | ==Change Port== | ||
+ | The default port of 22 can be changed by editing /lib/systemd/system/dropbear.socket. | ||
+ | |||
+ | E.g. Set port to 1234: | ||
+ | <pre> | ||
+ | [Unit] | ||
+ | Conflicts=dropbear.service | ||
+ | |||
+ | [Socket] | ||
+ | ListenStream=1234 | ||
+ | Accept=yes | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=sockets.target | ||
+ | Also=dropbearkey.service | ||
+ | </pre> | ||
+ | After editing /lib/systemd/system/dropbear.socket, run: | ||
+ | <code>systemctl daemon-reload</code> | ||
+ | and | ||
+ | <code>systemctl restart dropbear*</code> | ||
+ | |||
+ | |||
+ | [[Category:Guides]] |
Latest revision as of 21:45, 18 April 2019
Contents
Configuring dropbear
Additional arguments can be added to the configuration file to alter the behavior of the dropbear ssh server, on the BMC.
Configuration File
The default location for this is /etc/default/dropbear.
Example Configuration File
Disable root login and password logins:
DROPBEAR_EXTRA_ARGS="-w -s"
dropbear options
-b bannerfile Display the contents of bannerfile before user login (default: none) -r keyfile Specify hostkeys (repeatable) defaults: dss /etc/dropbear/dropbear_dss_host_key rsa /etc/dropbear/dropbear_rsa_host_key ecdsa /etc/dropbear/dropbear_ecdsa_host_key -R Create hostkeys as required -F Don't fork into background -E Log to stderr rather than syslog -m Don't display the motd on login -w Disallow root logins -s Disable password logins -g Disable password logins for root -B Allow blank password logins -j Disable local port forwarding -k Disable remote port forwarding -a Allow connections to forwarded ports from any host -c command Force executed command -p [address:]port Listen on specified tcp port (and optionally address), up to 10 can be specified (default port is 22 if none specified) -P PidFile Create pid file PidFile (default /var/run/dropbear.pid) -i Start for inetd -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB) -K <keepalive> (0 is never, default 0, in seconds) -I <idle_timeout> (0 is never, default 0, in seconds) -V Version
Change Port
The default port of 22 can be changed by editing /lib/systemd/system/dropbear.socket.
E.g. Set port to 1234:
[Unit] Conflicts=dropbear.service [Socket] ListenStream=1234 Accept=yes [Install] WantedBy=sockets.target Also=dropbearkey.service
After editing /lib/systemd/system/dropbear.socket, run:
systemctl daemon-reload
and
systemctl restart dropbear*