Dropbear: Lightweight SSH Server / Client
You may need to remotely access your embedded device, or your embedded systems is simply headless. You could use telnet, but this is insecure. A secure way to access a device remotly is to use SSH protocol. OpenSSH is one implementation but this is relatively too large and may use uncesary space on a device with limited storage.
That’s where Dropbear comes into play. Dropbear is a lightweight implementation of an SSH client and server and is ideal for embedded systems. Dropbear ARM executable is only 200 KB.
Here’s how it’s described on its website:
Dropbear is a relatively small SSH 2 server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers.
The main features of dropbear:
- A small memory footprint suitable for memory-constrained environments – Dropbear can compile to a110kB statically linked binary with uClibc on x86 (only minimal options selected)
- Dropbear server implements X11 forwarding, and authentication-agent forwarding for OpenSSH clients
- Can run from inetd or standalone
- Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication
- The server, client, keygen, and key converter can be compiled into a single binary (à la busybox)
- Features can easily be disabled when compiling to save space
- TCP forwarding support
If your systems is running an Ubuntu or Debian ARM distribution, you can simply install using apt-get:
sudo apt-get install dropbear
This will install and run dropbear server automatically.
Here are the instructions to follow, if you need to cross-compile it for your system (ARM compiler) and run the server:
- Download the latest version of dropbear:
- Extract the archive
tar xjvf dropbear-0.53.1.tar.bz2
- Configure, cross-compile and install it in your rootfs/ramdisk:
CC=armv5tel-redhat-linux-gnueabi-gcc ./configure –target=armv5tel-redhat-linux-gnueabi- –host=armv5tel-redhat-linux-gnueabi –prefix=/home/jaufranc/edev/rootfs –with-zlib=/home/jaufranc/edev/rootfs/lib
- Generate the server keys in the target board:
dropbearkey -t rsa -f dropbear_rsa_host_key
dropbearkey -t dss -f dropbear_dss_host_key
- Copy debian/dropbear.init (in the source directory) to /etc/init.d/dropbear (in the target board), and dropbear should be started automatically next time the board boots. You can also start it manually with:
This assumes a cross-compiled zlib library is installed in /home/jaufranc/edev/rootfs. If you don’t have it, you’ll need to cross-compile zlib first as shown in http://www.cnx-software.com/2011/10/06/cross-comping-zlib-for-arm-target/. Alternatively, you could also disable zlib by adding –disable-zlib to the configure script.
If you really need to reduce dropbear size as much as possible, please read SMALL and INSTALL text files in the source code that provide clues on how to achieve the lowest possible footprint.