25
25
Use the contents of the file
27
for the dss host key (default: /etc/dropbear/dropbear_dss_host_key).
27
for the DSS host key (default: /etc/dropbear/dropbear_dss_host_key).
29
some SSH implementations
30
use the term "DSA" rather than "DSS", they mean the same thing.
28
31
This file is generated with
29
32
.BR dropbearkey (8).
94
97
a certain period of inactivity. The trade-off is that a session may be
95
98
closed if there is a temporary lapse of network connectivity. A setting
96
99
if 0 disables keepalives.
101
.B \-I \fIidle_timeout
102
Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
108
~/.ssh/authorized_keys can be set up to allow remote login with a RSA or DSS
109
key. Each line is of the form
111
[restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
113
and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored).
114
Restrictions are comma separated, with double quotes around spaces in arguments.
115
Available restrictions are:
118
.B no-port-forwarding
119
Don't allow port forwarding for this connection
122
.B no-agent-forwarding
123
Don't allow agent forwarding for this connection
127
Don't allow X11 forwarding for this connection
131
Disable PTY allocation. Note that a user can still obtain most of the
132
same functionality with other means even if no-pty is set.
135
.B command="\fIforced_command\fR"
136
Disregard the command provided by the user and always run \fIforced_command\fR.
138
The authorized_keys file and its containing ~/.ssh directory must only be
139
writable by the user, otherwise Dropbear will not allow a login using public
145
Host key files are read at startup from a standard location, by default
146
/etc/dropbear/dropbear_dss_host_key and /etc/dropbear/dropbear_rsa_host_key
147
or specified on the commandline with -d or -r. These are of the form generated
153
By default the file /etc/motd will be printed for any login shell (unless
154
disabled at compile-time). This can also be disabled per-user
155
by creating a file ~/.hushlogin .
98
158
Matt Johnston (matt@ucc.asn.au).