3 dbclient \- lightweight SSH client
6 [\fIflag arguments\fR] [\-p
9 .I l\fR:\fIh\fR:\fIp\fR] [\-R
10 .I l\fR:\fIh\fR:\fIp\fR] [\-l
13 .RI [ \fImore\ flags\fR ]
18 [\fIuser1\fR]@\fIhost1\fR[^\fIport1\fR],[\fIuser2\fR]@\fIhost2\fR[^\fIport2\fR],...
27 A command to run on the remote host. This will normally be run by the remote host
28 using the user's shell. The command begins at the first hyphen argument after the
29 host argument. If no command is specified an interactive terminal will be opened
35 on the remote host. Alternatively a port can be specified as hostname^port.
40 Read the identity key from file
42 (multiple allowed). This file is created with dropbearkey(1) or converted
43 from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used
45 .B \-L\fR [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
46 Local port forwarding.
49 on the local host through the SSH connection to port
54 .B \-R\fR [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
55 Remote port forwarding.
58 on the remote host through the SSH connection to port
70 Allocate a PTY. This is the default when no command is given, it gives a full
71 interactive remote session. The main effect is that keystrokes are sent remotely
72 immediately as opposed to local line-based editing.
75 Don't allocate a PTY. This is the default a command is given. See -t.
78 Don't request a remote shell or run any commands. Any command arguments are ignored.
81 Fork into the background after authentication. A command argument (or -N) is required.
82 This is useful when using password authentication.
85 Allow non-local hosts to connect to forwarded ports. Applies to -L and -R
86 forwarded ports, though remote connections to -R forwarded ports may be limited
90 Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
91 connection will abort as normal. If specified a second time no host key checking
92 is performed at all, this is usually undesirable.
95 Forward agent connections to the remote host. dbclient will use any
96 OpenSSH-style agent program if available ($SSH_AUTH_SOCK will be set) for
97 public key authentication. Forwarding is only enabled if -A is specified.
100 Specify the per-channel receive window buffer size. Increasing this
101 may improve network performance at the expense of memory use. Use -h to see the
104 .B \-K \fItimeout_seconds
105 Ensure that traffic is transmitted at a certain interval in seconds. This is
106 useful for working around firewalls or routers that drop connections after
107 a certain period of inactivity. The trade-off is that a session may be
108 closed if there is a temporary lapse of network connectivity. A setting
109 if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
111 .B \-I \fIidle_timeout
112 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
114 .B \-J \fIproxy_command
115 Use the standard input/output of the program \fIproxy_command\fR rather than using
116 a normal TCP connection. A hostname should be still be provided, as this is used for
117 comparing saved hostkeys. This command will be executed as "exec proxy_command ..." with the
120 .B \-B \fIendhost:endport
121 "Netcat-alike" mode, where Dropbear will connect to the given host, then create a
122 forwarded connection to \fIendhost\fR. This will then be presented as dbclient's
123 standard input/output.
126 Specify a comma separated list of ciphers to enable. Use \fI-c help\fR to list possibilities.
129 Specify a comma separated list of authentication MACs to enable. Use \fI-m help\fR to list possibilities.
132 Can be used to give options in the format used by OpenSSH config file. This is
133 useful for specifying options for which there is no separate command-line flag.
134 For full details of the options listed below, and their possible values, see
137 For now following options have been implemented:
140 .B ExitOnForwardFailure
141 Specifies whether dbclient should terminate the connection if it cannot set up all requested local and remote port forwardings. The argument must be “yes” or “no”. The default is “no”.
144 Send dbclient log messages to syslog in addition to stderr.
148 The specified command will be requested as a subsystem, used for sftp. Dropbear doesn't implement sftp itself but the OpenSSH sftp client can be used eg \fIsftp -S dbclient user@host\fR
154 Dropbear will also allow multiple "hops" to be specified, separated by commas. In
155 this case a connection will be made to the first host, then a TCP forwarded
156 connection will be made through that to the second host, and so on. Hosts other than
157 the final destination will not see anything other than the encrypted SSH stream.
158 A port for a host can be specified with a caret (eg matt@martello^44 ).
159 This syntax can also be used with scp or rsync (specifying dbclient as the
160 ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg
162 scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
164 Note that hostnames are resolved by the prior hop (so "canyons" would be resolved by the host "wrt")
165 in the example above, the same way as other -L TCP forwarded hosts are. Host keys are
166 checked locally based on the given hostname.
168 .SH ESCAPE CHARACTERS
169 Typing a newline followed by the key sequence \fI~.\fR (tilde, dot) will terminate a connection.
170 The sequence \fI~^Z\fR (tilde, ctrl-z) will background the connection. This behaviour only
171 applies when a PTY is used.
176 A password to use for remote authentication can be specified in the environment
177 variable DROPBEAR_PASSWORD. Care should be taken that the password is not
178 exposed to other users on a multi-user system, or stored in accessible files.
181 dbclient can use an external program to request a password from a user.
182 SSH_ASKPASS should be set to the path of a program that will return a password
183 on standard output. This program will only be used if either DISPLAY is set and
184 standard input is not a TTY, or the environment variable SSH_ASKPASS_ALWAYS is
187 If compiled with zlib support and if the server supports it, dbclient will
188 always use compression.
191 Matt Johnston (matt@ucc.asn.au).
193 Mihnea Stoenescu wrote initial Dropbear client support
195 Gerrit Pape (pape@smarden.org) wrote this manual page.
197 dropbear(8), dropbearkey(1)
199 https://matt.ucc.asn.au/dropbear/dropbear.html