Setting up dropbear - beginner's guide

Rob Landley rob at
Wed Apr 2 02:10:59 WST 2008

On Monday 31 March 2008 10:52:01 sindi keesan wrote:
> I have compiled dbclient scp dropbear dropbearkey for version 0.49, both
> dynamically against glibc 2.2.5 using gcc 2.95.3 and statically against
> uclibc 0.9.27.

So, every step in the chain is at least a year out of date. :)

> I am not a computer professional and do not have and have never set up
> openssh.  I use a small slackware-based 'basiclinux' that came without
> ssh.  dbclient and scp work fine (kernel 2.4.31).  I don't have dropbear
> working.
> The instructions in README say to use dropbearkey to generate rsa and dss
> keys and put them in /etc/dropbear.  Do I also need to make and put public
> keys there?  The instructions tell me only how to use dropbear -y to
> display the public part of the key on the screen.

Dropbear has "host" keys.  If you've ever sshed to a machine and it said 
unknown host key (or if it was reinstalled, complains "the host key has 
changed!" and refuses to proceed), that's the key it's talking about.

As root, go:
  mkdir -p /etc/dropbear
  ./dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss -s 2048

(You can leave off the -s if you want, that just says to make a nice big 
paranoid sized key.)

> Please could someone write a very brief instruction for beginners on how 
> to set up dropbear, assuming you don't already have openssh keys, to add 
> to or supplement README.

If you're ever curious what dropbear is actually _doing_, run it this way:

  dropbear -F -E

That way it'll log everything it's doing to stdout.  (It'll also only handle 
one incoming connection and then exit, because it's been put into a debugging 
mode, but oh well.)  So if it can't find a file or has some other problem, 
it'll complain and you can fix it.

"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.

More information about the Dropbear mailing list