User Tools

Site Tools


Dropbear Configuration


The dropbear configuration contains settings for the dropbear SSH server in a single section.


The dropbear section contains these settings:

Name Type Required Default Description
enable boolean no 1 Set to 0 to disable starting dropbear at system boot.
verbose boolean no 0 Set to 1 to enable verbose output by the start script.
BannerFile string no (none) Name of a file to be printed before the user has authenticated successfully.
PasswordAuth boolean no 1 Set to 0 to disable authenticating with passwords.
Port integer no 22 Port number to listen on.
RootPasswordAuth boolean no 1 Set to 0 to disable authenticating as root with passwords.
RootLogin boolean no 1 Set to 0 to disable SSH logins as root.
GatewayPorts boolean no 0 Set to 1 to allow remote hosts to connect to forwarded ports.
Interface string no (none) Tells dropbear to listen only on the specified interface. (e.g. lan, wan, wan6)
rsakeyfile file no (none) Path to RSA file
dsskeyfile file no (none) Path to DSS/DSA file
SSHKeepAlive integer no 300 Keep Alive
IdleTimeout integer no 0 Idle Timeout

This is the default configuration:

config dropbear
        option PasswordAuth 'on'
        option RootPasswordAuth 'on'
        option Port         '22'

Multiple Dropbear Instances

Edit /etc/config/dropbear to add a second instance.

vi /etc/config/dropbear

The below example shows one on port 22 on the lan side, one on port 2022 on the wan side. Note: wan side is set for PasswordAuth off so make sure you have added an ssh-key.

Also make sure to check your firewall DNAT (port forward) to allow access to the wan side port, 2022 in this case.

config dropbear
        option PasswordAuth 'on'
        option Port '22'
        option Interface 'lan'
config dropbear
        option PasswordAuth 'off'
        option Interface 'wan'
        option Port '2022'

If you try to run multiple dropbear instances and they are not started you probably have a timing issue. To fix the timing issue just create a small hotplug script in /etc/hotplug.d/iface/40-dropbear that simply restarts dropbear after the WAN interface is restarted.

cat << "EOF" > /etc/hotplug.d/iface/40-dropbear
if [ "$INTERFACE" = "wan" ] && [ "$ACTION" = "ifup" -o "$ACTION" == "ifupdate" ]
        /etc/init.d/dropbear restart

From forum thread: Getting dropbear to listen on multiple ports

Window Title

Fix window title to display correct user@host information when connected via SSH.

mkdir -p /etc/profile.d
cat << "EOF" > /etc/profile.d/
echo -e -n "\033];${USER}@${HOSTNAME}\007"

Public Key Authentication

docs/guide-user/base-system/dropbear.txt · Last modified: 2019/03/19 15:58 by vgaetera