Indeks
Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.
If you want to be notified of new releases, or for general discussion of Dropbear, you can subscribe to the relatively low volume mailing list.
Features
A small memory footprint suitable for memory-constrained environments – Dropbear can compile to a 110kB statically linked binary with uClibc on x86 (only minimal options selected)
Dropbear server implements X11 forwarding, and authentication-agent forwarding for OpenSSH clients
Can run from inetd or standalone
Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication
The server, client, keygen, and key converter can be compiled into a single binary (like busybox)
Features can easily be disabled when compiling to save space
Multi-hop mode uses SSH TCP forwarding to tunnel through multiple SSH hosts in a single command. dbclient user1@hop1,user2@hop2,destination
Platforms
Linux – standard distributions, uClibc >=0.9.17, dietlibc, musl libc, uClinux from inetd
Mac OS X (compile with PAM support)
FreeBSD, NetBSD and OpenBSD
Solaris – tested v8 x86 and v9 Sparc
IRIX 6.5 (with /dev/urandom, or prngd should work)
Tru64 5.1 (using prngd for entropy)
AIX 4.3.3 (with gcc and Linux Affinity Toolkit), AIX 5.2 (with /dev/urandom).
HPUX 11.00 (+prngd), TCP forwarding doesn't work
Cygwin – tested 1.5.19 on Windows XP
It shouldn't be hard to get it to work on other POSIX platforms, it is mostly a case of setting up the configure and Makefile settings.
Distributions
LEAF Bering uClibc – a small Linux firewall/network appliance distribution.
OpenWRT – a very nice distro for many wireless routers.
BuildRoot – an easy way to build a toolchain and programs for a uClibc Linux system
sabotage – a radical and experimental distribution based on musl libc and busybox
SSHDroid is another SSH server UI for Android
Gentoo
Fedora
cam.ly wireless security cameras.
FREESCO is is a single floppy NAT/firewall router/server.
Tomato Firmware for wrt54g and similar.
gumstix – tiny embedded Linux boards
PSPSSH is a port to run on PlayStation Portables.
Debian has outdated packages available.
Ubuntu (outdated like Debian)
Maemo packages – for Nokia N800/N810. Server-only or Client-only packages are available.
FreeWRT – a Linux distro for various embedded devices (particularly wireless routers).
DD-WRT is another Linux router distribution including Dropbear.
OpenMoko includes Dropbear in the default install.
VMware ESXi – a hypervisor OS for virtualisation.
Bent Linux – a uClibc based Linux distribution, statically linked cpio.bz2 packages (should work on any distro)
NetBSD Packages Collection
FreeBSD Ports
fli4l – a one-disk-router Linux distribution
Ångström - the successor to OpenZaurus, for Sharp Zaurus handhelds.
floppyfw – a single floppy firewall Linux distribution
ttylinux – Linux to fit in 4 megabytes of disk space and run on 386es, as an internet terminal
BrazilFW – a fork to continue Coyote Linux floppy firewall
Trinux – a lightweight Linux security toolkit
T2 System Development Environment – a build system for distributions
LyconSys make various industrial routers that run Dropbear.
SliTaz is a small Linux distro that includes Dropbear.
Dreambox linux-based DVB recorder has Dropbear on the default firmware.
US Robotics USR9108 DSL/wireless gateway uses Dropbear.
Slackware package
kboot – a proof-of-concept Linux boot loader.
Motorola a780/e680/e680i phones (login or bugmenot required)
Zipit Z2 shell environment for a handheld wifi messenger.
iPhone – Dropbear works if they're jailbroken. Get it from iBrickr or the PXL site.
Please let me know of any others which should be added to this list.
Acknowledgements
The cryptographic code utilises Tom St Denis's LibTomCrypt, and uses his LibTomMath library for the bignum parts. PTY handling code is taken from OpenSSH (from Tatu Ylönen's original ssh), login recording (utmp/wtmp) code is from OpenSSH by Andre Lucas, and some implementation details were gleaned from PuTTY. Numerous people have contributed patches and bug reports, see CHANGES. Particular thanks go to Mihnea Stoenescu for his work on the client portion.
If you want to be notified of new releases, or for general discussion of Dropbear, you can subscribe to the relatively low volume mailing list.
Features
A small memory footprint suitable for memory-constrained environments – Dropbear can compile to a 110kB statically linked binary with uClibc on x86 (only minimal options selected)
Dropbear server implements X11 forwarding, and authentication-agent forwarding for OpenSSH clients
Can run from inetd or standalone
Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication
The server, client, keygen, and key converter can be compiled into a single binary (like busybox)
Features can easily be disabled when compiling to save space
Multi-hop mode uses SSH TCP forwarding to tunnel through multiple SSH hosts in a single command. dbclient user1@hop1,user2@hop2,destination
Platforms
Linux – standard distributions, uClibc >=0.9.17, dietlibc, musl libc, uClinux from inetd
Mac OS X (compile with PAM support)
FreeBSD, NetBSD and OpenBSD
Solaris – tested v8 x86 and v9 Sparc
IRIX 6.5 (with /dev/urandom, or prngd should work)
Tru64 5.1 (using prngd for entropy)
AIX 4.3.3 (with gcc and Linux Affinity Toolkit), AIX 5.2 (with /dev/urandom).
HPUX 11.00 (+prngd), TCP forwarding doesn't work
Cygwin – tested 1.5.19 on Windows XP
It shouldn't be hard to get it to work on other POSIX platforms, it is mostly a case of setting up the configure and Makefile settings.
Distributions
LEAF Bering uClibc – a small Linux firewall/network appliance distribution.
OpenWRT – a very nice distro for many wireless routers.
BuildRoot – an easy way to build a toolchain and programs for a uClibc Linux system
sabotage – a radical and experimental distribution based on musl libc and busybox
SSHDroid is another SSH server UI for Android
Gentoo
Fedora
cam.ly wireless security cameras.
FREESCO is is a single floppy NAT/firewall router/server.
Tomato Firmware for wrt54g and similar.
gumstix – tiny embedded Linux boards
PSPSSH is a port to run on PlayStation Portables.
Debian has outdated packages available.
Ubuntu (outdated like Debian)
Maemo packages – for Nokia N800/N810. Server-only or Client-only packages are available.
FreeWRT – a Linux distro for various embedded devices (particularly wireless routers).
DD-WRT is another Linux router distribution including Dropbear.
OpenMoko includes Dropbear in the default install.
VMware ESXi – a hypervisor OS for virtualisation.
Bent Linux – a uClibc based Linux distribution, statically linked cpio.bz2 packages (should work on any distro)
NetBSD Packages Collection
FreeBSD Ports
fli4l – a one-disk-router Linux distribution
Ångström - the successor to OpenZaurus, for Sharp Zaurus handhelds.
floppyfw – a single floppy firewall Linux distribution
ttylinux – Linux to fit in 4 megabytes of disk space and run on 386es, as an internet terminal
BrazilFW – a fork to continue Coyote Linux floppy firewall
Trinux – a lightweight Linux security toolkit
T2 System Development Environment – a build system for distributions
LyconSys make various industrial routers that run Dropbear.
SliTaz is a small Linux distro that includes Dropbear.
Dreambox linux-based DVB recorder has Dropbear on the default firmware.
US Robotics USR9108 DSL/wireless gateway uses Dropbear.
Slackware package
kboot – a proof-of-concept Linux boot loader.
Motorola a780/e680/e680i phones (login or bugmenot required)
Zipit Z2 shell environment for a handheld wifi messenger.
iPhone – Dropbear works if they're jailbroken. Get it from iBrickr or the PXL site.
Please let me know of any others which should be added to this list.
Acknowledgements
The cryptographic code utilises Tom St Denis's LibTomCrypt, and uses his LibTomMath library for the bignum parts. PTY handling code is taken from OpenSSH (from Tatu Ylönen's original ssh), login recording (utmp/wtmp) code is from OpenSSH by Andre Lucas, and some implementation details were gleaned from PuTTY. Numerous people have contributed patches and bug reports, see CHANGES. Particular thanks go to Mihnea Stoenescu for his work on the client portion.
