Port Forwarding in background?

Matt Johnston matt at ucc.asn.au
Thu Apr 6 13:06:53 WST 2006

On Wed, Apr 05, 2006 at 11:45:10PM -0400, David George wrote:
> Using dbclient 0.48.1 on the client attempting to forward a local port 
> to dropbear server 0.48.1 on another machine, how do I get the client to 
> go into the background?  I have read the messages in the list archives 
> re: port forwarding and tunnelling and didn't find anything that applies.
> I am using dbclient -L 20001:localhost:10001 root at  It does 
> work, but it actually logs into the remote server and I am presented 
> with a shell.  If I telnet localhost 20001 I am connected to the remote 
> server on port 10001, so it is working.  If I use OpenSSH on another 
> machine I can ssh -N -f -L 20001:localhost:10001 root at and 
> it will go into the background and the port forwarding also works.

I'll look at adding this as a feature in a future release,
it should bfairly straightforward. Running dbclient with
a -T option (disabling ttys) and & at the end seems to work
for now (as long as you have a public key). Alternatively,
you should be able to run with -T but without the &, enter
your password, then ctrl-z, "bg".

> But I really need the dbclient port forwarding to run in the 
> background.  I did try putting it into background with &, but I can't 
> get the public key authentication to work.  I did a dropbearkey -t rsa 
> -f /etc/dropbear/dropbear_rsa_host_key -y on the server and copied the 
> public key part to ~/.ssh/authorized_keys, but it still asks for 
> password.  I tried dbclient -i ~/.ssh/authorized_keys root at 
> and it returns dbclient: exited: string too long.

The host key (used by the server) and the client auth key
(used by dbclient) are different things.

Generate a key with

dropbearkey -t rsa -f ~/.ssh/dbkey.rsa

on the machine where you run dbclient, then paste the public
key line to ~root/.ssh/authorized_keys on the server


dbclient -T -i ~/.ssh/dbkey.rsa -L 20001:localhost:10001 root at &

and it should work - let me know if it doesn't.


More information about the Dropbear mailing list