Setting up dropbear - beginner's guide
rob at landley.net
Wed Apr 2 02:10:59 WST 2008
On Monday 31 March 2008 10:52:01 sindi keesan wrote:
> I have compiled dbclient scp dropbear dropbearkey for version 0.49, both
> dynamically against glibc 2.2.5 using gcc 2.95.3 and statically against
> uclibc 0.9.27.
So, every step in the chain is at least a year out of date. :)
> I am not a computer professional and do not have and have never set up
> openssh. I use a small slackware-based 'basiclinux' that came without
> ssh. dbclient and scp work fine (kernel 2.4.31). I don't have dropbear
> The instructions in README say to use dropbearkey to generate rsa and dss
> keys and put them in /etc/dropbear. Do I also need to make and put public
> keys there? The instructions tell me only how to use dropbear -y to
> display the public part of the key on the screen.
Dropbear has "host" keys. If you've ever sshed to a machine and it said
unknown host key (or if it was reinstalled, complains "the host key has
changed!" and refuses to proceed), that's the key it's talking about.
As root, go:
mkdir -p /etc/dropbear
./dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss -s 2048
(You can leave off the -s if you want, that just says to make a nice big
paranoid sized key.)
> Please could someone write a very brief instruction for beginners on how
> to set up dropbear, assuming you don't already have openssh keys, to add
> to or supplement README.
If you're ever curious what dropbear is actually _doing_, run it this way:
dropbear -F -E
That way it'll log everything it's doing to stdout. (It'll also only handle
one incoming connection and then exit, because it's been put into a debugging
mode, but oh well.) So if it can't find a file or has some other problem,
it'll complain and you can fix it.
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
More information about the Dropbear