From: John Crispin Date: Tue, 5 Apr 2016 19:35:30 +0000 (+0200) Subject: add dropbear uci docs X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=aec87d43b4d3d4d0ea6cc74b75a60c31231d2a80;p=web.git add dropbear uci docs Signed-off-by: John Crispin --- diff --git a/docs/uci_dropbear.txt b/docs/uci_dropbear.txt new file mode 100644 index 0000000..532828f --- /dev/null +++ b/docs/uci_dropbear.txt @@ -0,0 +1,75 @@ +Dropbear Configuration +====================== + +'/etc/config/dropbear'. + +== Sections + +The 'dropbear' configuration contains settings for the dropbear SSH server in a single section. + +=== Dropbear + +The 'dropbear' section contains these settings: + +[options="header"] +|==== +| Name | Type | Required | Default | Description +| 'enable' | boolean | no | 1 | Set to '0' to disable starting dropbear at system boot. +| 'verbose' | boolean | no | 0 | Set to '1' to enable verbose output by the start script. +| 'BannerFile' | string | no | _(none)_ | Name of a file to be printed before the user has authenticated successfully. +| 'PasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating with passwords. +| 'Port' | integer | no | 22 | Port number to listen on. +| 'RootPasswordAuth' | boolean | no | 1 | Set to '0' to disable authenticating as root with passwords. +| 'RootLogin' | boolean | no | 1 | Set to '0' to disable SSH logins as root. +| 'GatewayPorts' | boolean | no | 0 | Set to '1' to allow remote hosts to connect to forwarded ports. +| 'Interface' | string | no | _(none)_ | Tells dropbear to listen only on the specified interface.((e.g. 'lan', 'wan', 'henet')) +| 'rsakeyfile' | file| no | _(none)_ | Path to RSA file +| 'dsskeyfile' | file| no | _(none)_ | Path to DSS/DSA file +| 'SSHKeepAlive' | integer| no | 300 | Keep Alive +| 'IdleTimeout' | integer| no | 0| Idle Timeout +|==== + +This is the default configuration: + +---- +config dropbear + option PasswordAuth 'on' + option RootPasswordAuth 'on' + option Port '22' +---- + +=== Multiple dropbear instances + +Edit /etc/config/dropbear to add a second instance. +---- +vi /etc/config/dropbear +---- + +The below example shows one on port 22 on the lan side, one on port 2022 on the wan side. Note: wan side is set for PasswordAuth off so make sure you have added an ssh-key. + +Also make sure to check your firewall DNAT (port forward) to allow access to the wan side port, 2022 in this case. + +---- +config dropbear + option PasswordAuth 'on' + option Port '22' + option Interface 'lan' + +config dropbear + option PasswordAuth 'off' + option Interface 'wan' + option Port '2022' +---- + +If you try to run multiple dropbear instances and they are not started you probably have a timing issue. To fix the timing issue just create a small hotplug script in /etc/hotplug.d/iface/40-dropbear that simply restarts dropbear after the WAN interface is restarted. + +/etc/hotplug.d/iface/40-dropbear + +---- +#!/bin/sh + +if [ "$INTERFACE" = "wan" ] && [ "$ACTION" = "ifup" ] +then +/etc/init.d/dropbear restart +fi +----