Dropbear: Lightweight SSH Server / Client

You may need to remotely access your embedded device, or your embedded systems is simply headless. You could use telnet, but this is insecure. A secure way to access a device remotly is to use SSH protocol. OpenSSH is one implementation but this is relatively too large and may use uncesary space on a device with limited storage.

That’s where Dropbear comes into play. Dropbear is a lightweight implementation of an SSH client and server and is ideal for embedded systems. Dropbear ARM executable is only 200 KB.

Here’s how it’s described on its website:

Dropbear is a relatively small SSH 2 server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers.

The main features of dropbear:

  • A small memory footprint suitable for memory-constrained environments – Dropbear can compile to a110kB statically linked binary with uClibc on x86 (only minimal options selected)
  • Dropbear server implements X11 forwarding, and authentication-agent forwarding for OpenSSH clients
  • Can run from inetd or standalone
  • Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication
  • The server, client, keygen, and key converter can be compiled into a single binary (à la busybox)
  • Features can easily be disabled when compiling to save space
  • TCP forwarding support

If your systems is running an Ubuntu or Debian ARM distribution, you can simply install using apt-get:

sudo apt-get install dropbear

This will install and run dropbear server automatically.

Here are the instructions to follow, if you need to cross-compile it for your system (ARM compiler) and run the server:

  1. Download the latest version of dropbear:

    wget http://matt.ucc.asn.au/dropbear/releases/dropbear-0.53.1.tar.bz2

  2. Extract the archive

    tar xjvf dropbear-0.53.1.tar.bz2
    cd dropbear-0.53.1

  3. Configure, cross-compile and install it in your rootfs/ramdisk:

    CC=armv5tel-redhat-linux-gnueabi-gcc ./configure –target=armv5tel-redhat-linux-gnueabi- –host=armv5tel-redhat-linux-gnueabi –prefix=/home/jaufranc/edev/rootfs –with-zlib=/home/jaufranc/edev/rootfs/lib
    make install

  4. Generate the server keys in the target board:

    dropbearkey -t rsa -f dropbear_rsa_host_key
    dropbearkey -t dss -f dropbear_dss_host_key

  5. Copy debian/dropbear.init (in the source directory) to /etc/init.d/dropbear (in the target board), and dropbear should be started automatically next time the board boots.  You can also start it manually with:

    /etc/init.d/dropbear start

This assumes a cross-compiled zlib library is installed in /home/jaufranc/edev/rootfs. If you don’t have it, you’ll need to cross-compile zlib first as shown in http://www.cnx-software.com/2011/10/06/cross-comping-zlib-for-arm-target/. Alternatively, you could also disable zlib by adding –disable-zlib to the configure script.

If you really need to reduce dropbear size as much as possible, please read SMALL and INSTALL text files in the source code that provide clues on how to achieve the lowest possible footprint.


Leave a Reply

2 Comments on "Dropbear: Lightweight SSH Server / Client"

newest oldest most voted
Notify of

[…] access, but we don’t need to use the default sshd, and we can replace it with the lightweight dropbear ssh server:sudo apt-get remove sudo dpkg --get-selections | grep -v "deinstall" | grep ssh | sed s/install// […]


[…] telnet is not exactly secure, and want to access the device over the network, you should probably install dropbear, There’s only 796 KB left on the SPI flash, so what you can do is probably limited, although […]