Flexion.Org
Bad grammar and typos for total strangers
Wiki › Dropbear SSHServer
Wiki Index All Recent Edit Bottom

Dropbear SSH Server

1.   Instroduction
1.1   Installing Dropbear
1.2   Key based authentication
1.3   Securing Dropbear

Instroduction

The NSLU2 only has 32mb of RAM. One easy way to save memory is to remove the openssh-server package (approx 9 mb ram) and install dropbear (approx 1 mb ram).

Installing Dropbear

 apt-get install openssh-client dropbear

Configure Dropbear to start automatically

This was only required on my NLSU2 which previously had OpenSSH installed. 

 vi /etc/default/dropbear

Sample 

 # disabled because OpenSSH is installed
 # change to NO_START=0 to enable Dropbear
 NO_START=0

Stop OpenSSH and start Dropbear. 

 /etc/init.d/ssh stop ; /etc/init.d/dropbear start

Remove OpenSSH.

Again, this was only required on my NLSU2 which previously had OpenSSH installed. 

 apt-get remove openssh-server
 update-rc.d -f ssh remove

Key based authentication

I want to secure Dropbear, whilst still preserving the capability to connect remotely as root in order to do rsync or rdiff backups.

Securing Dropbear

When you are happy that you can log in via all your accounts it is time to better secure Dropbear by disabling password only logins for root and users, therefore all SSH logins will require a key pair for authentication.

From the Dropbear man page, I have some options open to me.

  • -w Disallow root logins.
  • -s Disable password logins.
  • -g Disable password logins for root.
 vi /etc/default/dropbear

Sample

Find the DROPBEAR_EXTRA_ARGS parameter and change it as shown below. 

 # any additional arguments for Dropbear
 DROPBEAR_EXTRA_ARGS="-s -g"

Finally, restart dropbear. 

 /etc/init.d/dropbear restart

Fixing Entropy Issues

I found that Dropbear has a delay in starting up correctly, eventually dropbear does start. After read through the logs files, dropbear was claiming entropy was poor, I don't recall the exact error. I have seen this on arm and i386 platforms, here is a dirty fix.

NOTE! This dirty fix will not be required for Debian packages of Dropbear 0.49 onward, as '/dev/urandom' is now used by default. 

 vi /etc/init.d/dropbear

Find... 

 case "$1" in
    start)

...and add the BEFORE it... 

 rm -rf /dev/random
 ln -sf /dev/urandom /dev/random

If you want to implement a proper fix for this, see '/usr/share/doc/dropbear/README.Debian'

References

$Id: DropbearSSHServer,v 1.11 2008/04/14 09:38:42 martin Exp www-data $

Wiki Index All Recent Edit Top

Menu

 
© 2008 Flexion.Org. Design by Arcsin
 
Valid XHTML Valid CSS Hacker