Difference between revisions of "Bering-uClibc 7.x - User Guide - Basic Configuration - Using dropbear - a small SSH replacement"
(Created page with "{| summary="Navigation header" width="100%" ! colspan="3" align="center" | Bering-uClibc 7.x - User Guide - Basic Configuration - Using dropbear - a small SSH replacement|Ba...") |
(No difference)
|
Latest revision as of 16:20, 25 January 2020
Basic Configuration - Using Dropbear - a small SSH replacement | ||
---|---|---|
Prev | Bering-uClibc 7.x - User Guide | Next |
Contents
Objectives
This article describes the initial installation and configuration of the
light weight ssh server dropbear
which is part of the base Bering-uClibc
distribution.
dropbear
was developed by Matt Johnston and for more information on
dropbear
itself you should visit his webpages
(http://matt.ucc.asn.au/dropbear/dropbear.html).
Load the dropbear package
Note: For Bering-uClibc,dropbear
anddropbearkey
have been compiled into one binary, just likebusybox
that also provides different applications in one binary. Therefore only one package (dropbear.lrp
) is needed. This is a difference from other ssh applications (sshd
,lshd
) used with LEAF packages, where key generation utility and daemon are provided in two separate packages.
If you start with a fresh Bering-uClibc installation you can skip this step because the default leaf.cfg file provided with Bering-uClibc looks like this:
LRP="root license dhcpcd keyboard shorwall dnsmasq dropbear mhttpd webconf"
The package dropbear.lrp
is loaded on startup.
If you have edited leaf.cfg in the past, and dropbear.lrp
is currently not
installed on your system, you can do two things:
- add the package again to leaf.cfg and reboot.
- add dropbear.lrp
to leaf.cfg and load package manually.
Key generation
If you boot Bering-uClibc and no the keys are found, they'll generated at boot time. Don't forget to save your configuration, otherwise they'll be generated again during next boot.
To create new keys manually, run the command gendropbearkeys.
After giving this command, sit back and enjoy a cup of coffee while your
machine generates the RSA and DSS keys.
Set root password
Dropbear will not let you log in as "root" without a password. Set the root
password with the command passwd
while logged in as "root".
Check Shorewall rules
The default configuration of the Shorewall package provided with
Bering-uClibc should allow you to login to your LEAF box with ssh from the
local network. Nevertheless it is wise to make sure that this is really so.
Assuming that you have not renamed the zone for the local network, this
zone is called "loc". The file /etc/shorewall/rules
should then have lines
like this:
########################################################################### ### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST (...) # Accept SSH connections from the local network for administration # SSH(ACCEPT) loc fw (...)
If this is not the case, add these lines and backup the shorwall.lrp
package.
Finishing up
Save your configuration with 'lrcfg -> s', reboot your machine and watch
dropbear
start. You can now remotely log in to your Bering-uClibc box with
an ssh client or scp files from/to your Bering-uClibc box.
Miscellaneous
Note that you can't run dropbear
and sshd
at the same time, unless you
change dropbear
or sshd
's port.
/etc/default/dropbear
is the configuration file
for dropbear
.
Legal Notice
Export of cryptographic software from Australia is subject to export controls - you should ensure that you are not breaching these controls. See Crypto Law Survey for some good research.
Prev | Up | Next |