3 dbclient \- lightweight SSH client
9 .I l\fR:\fIh\fR:\fIr\fR] [\-R
10 .I l\fR:\fIh\fR:\fIr\fR] [\-l
18 .I [user1]@host1[^port1],[user2]@host2[^port2],...
28 on the remote host. Alternatively a port can be specified as hostname^port.
33 Read the identity key from file
35 (multiple allowed). This file is created with dropbearkey(1) or converted
36 from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used
38 .B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
39 Local port forwarding.
42 on the local host through the SSH connection to port
47 .B \-R [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
48 Remote port forwarding.
51 on the remote host through the SSH connection to port
69 Don't request a remote shell or run any commands. Any command arguments are ignored.
72 Fork into the background after authentication. A command argument (or -N) is required.
73 This is useful when using password authentication.
76 Allow non-local hosts to connect to forwarded ports. Applies to -L and -R
77 forwarded ports, though remote connections to -R forwarded ports may be limited
81 Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
82 connection will abort as normal. If specified a second time no host key checking
83 is performed at all, this is usually undesirable.
86 Forward agent connections to the remote host. dbclient will use any
87 OpenSSH-style agent program if available ($SSH_AUTH_SOCK will be set) for
88 public key authentication. Forwarding is only enabled if -A is specified.
91 Specify the per-channel receive window buffer size. Increasing this
92 may improve network performance at the expense of memory use. Use -h to see the
95 .B \-K \fItimeout_seconds
96 Ensure that traffic is transmitted at a certain interval in seconds. This is
97 useful for working around firewalls or routers that drop connections after
98 a certain period of inactivity. The trade-off is that a session may be
99 closed if there is a temporary lapse of network connectivity. A setting
100 if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
102 .B \-I \fIidle_timeout
103 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
105 .B \-J \fIproxy_command
106 Use the standard input/output of the program \fIproxy_command\fR rather than using
107 a normal TCP connection. A hostname should be still be provided, as this is used for
108 comparing saved hostkeys.
110 .B \-B \fIendhost:endport
111 "Netcat-alike" mode, where Dropbear will connect to the given host, then create a
112 forwarded connection to \fIendhost\fR. This will then be presented as dbclient's
113 standard input/output.
116 Specify a comma separated list of ciphers to enable. Use \fI-c help\fR to list possibilities.
119 Specify a comma separated list of authentication MACs to enable. Use \fI-m help\fR to list possibilities.
122 The specified command will be requested as a subsystem, used for sftp. Dropbear doesn't implement sftp itself but the OpenSSH sftp client can be used eg \fIsftp -S dbclient user@host\fR
128 Dropbear will also allow multiple "hops" to be specified, separated by commas. In
129 this case a connection will be made to the first host, then a TCP forwarded
130 connection will be made through that to the second host, and so on. Hosts other than
131 the final destination will not see anything other than the encrypted SSH stream.
132 A port for a host can be specified with a hash (eg matt@martello^44 ).
133 This syntax can also be used with scp or rsync (specifying dbclient as the
134 ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg
136 scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
138 Note that hostnames are resolved by the prior hop (so "canyons" would be resolved by the host "wrt")
139 in the example above, the same way as other -L TCP forwarded hosts are. Host keys are
140 checked locally based on the given hostname.
142 .SH ESCAPE CHARACTERS
143 Typing a newline followed by the key sequence \fI~.\fR (tilde, dot) will terminate a connection.
144 The sequence \fI~^Z\fR (tilde, ctrl-z) will background the connection. This behaviour only
145 applies when a PTY is used.
150 A password to use for remote authentication can be specified in the environment
151 variable DROPBEAR_PASSWORD. Care should be taken that the password is not
152 exposed to other users on a multi-user system, or stored in accessible files.
155 dbclient can use an external program to request a password from a user.
156 SSH_ASKPASS should be set to the path of a program that will return a password
157 on standard output. This program will only be used if either DISPLAY is set and
158 standard input is not a TTY, or the environment variable SSH_ASKPASS_ALWAYS is
161 Matt Johnston (matt@ucc.asn.au).
163 Mihnea Stoenescu wrote initial Dropbear client support
165 Gerrit Pape (pape@smarden.org) wrote this manual page.
167 dropbear(8), dropbearkey(1)
169 https://matt.ucc.asn.au/dropbear/dropbear.html