Differences
This shows you the differences between two versions of the page.
dropbear [2014/07/31 10:17] |
dropbear [2014/07/31 10:17] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== dropbear ====== | ||
+ | * [[monit]] | ||
+ | * [[OpenSSH]] | ||
+ | |||
+ | === Configuration === | ||
+ | |||
+ | * Port 222 | ||
+ | * Disallow root password logins | ||
+ | |||
+ | **Gentoo** | ||
+ | |||
+ | <code>DROPBEAR_OPTS="-p 222 -g"</code> | ||
+ | |||
+ | **CentOS** | ||
+ | |||
+ | Edit ''/etc/sysconfig/dropbear'' and add: | ||
+ | |||
+ | <code>DROPBEAR_OPTS="-p 222 -g"</code> | ||
+ | |||
+ | === Debug Configuration / Login Issues === | ||
+ | |||
+ | Disable background fork and log to stdout. | ||
+ | |||
+ | <code> | ||
+ | dropbear -F -E -p 222 | ||
+ | </code> | ||
+ | |||
+ | == Options == | ||
+ | |||
+ | Dropbear options: | ||
+ | |||
+ | * **-w** - disable root login | ||
+ | * **-s** - disable password authentication | ||
+ | * **-p** - use port # | ||
+ | * **-F** - Don't fork in background (for inittab) | ||
+ | * **-g** - no root password logins | ||
+ | |||
+ | == inittab == | ||
+ | |||
+ | <code> | ||
+ | /usr/sbin/dropbear -F -g -p 222 | ||
+ | </code> | ||
+ | |||
+ | === FreeBSD === | ||
+ | |||
+ | You need to patch ''/usr/ports/security/dropbear/files/dropbear.in'' with this file: [[http://freebsd.digitaltrike.com/deployment/dropbear.patch|dropbear_args patch]] | ||
+ | |||
+ | <code> | ||
+ | cd /usr/ports/security/dropbear && make clean install | ||
+ | mkdir -p /usr/local/etc/dropbear | ||
+ | echo dropbear_enable=YES >> /etc/rc.conf | ||
+ | echo dropbear_args=\"-p 222\" >> /etc/rc.conf | ||
+ | /usr/local/etc/rc.d/dropbear keygen | ||
+ | /usr/local/etc/rc.d/dropbear start | ||
+ | </code> | ||
+ | |||
+ | ==== Ubuntu ==== | ||
+ | |||
+ | Configuration file is at ''/etc/default/dropbear'': | ||
+ | |||
+ | <code> | ||
+ | NO_START=0 | ||
+ | DROPBEAR_PORT=222 | ||
+ | DROPBEAR_EXTRA_ARGS="" | ||
+ | |||
+ | # Disable root logins | ||
+ | DROPBEAR_EXTRA_ARGS="-w $DROPBEAR_EXTRA_ARGS" | ||
+ | |||
+ | # Disable password logins | ||
+ | DROPBEAR_EXTRA_ARGS="-s $DROPBEAR_EXTRA_ARGS" | ||
+ | |||
+ | # Disable password logins for root | ||
+ | DROPBEAR_EXTRA_ARGS="-g $DROPBEAR_EXTRA_ARGS" | ||
+ | </code> |