Dropbear: Lightweight SSH Server / Client

You may need to remotely access your embedded device, or your embedded systems is simply headless. You could use telnet, but this is insecure. A secure way to access a device remotly is to use SSH protocol. OpenSSH is one implementation but this is relatively too large and may use uncesary space on a device with limited storage.

That’s where Dropbear comes into play. Dropbear is a lightweight implementation of an SSH client and server and is ideal for embedded systems. Dropbear ARM executable is only 200 KB.

Here’s how it’s described on its website:

Dropbear is a relatively small SSH 2 server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers.

The main features of dropbear:

  • A small memory footprint suitable for memory-constrained environments – Dropbear can compile to a110kB statically linked binary with uClibc on x86 (only minimal options selected)
  • Dropbear server implements X11 forwarding, and authentication-agent forwarding for OpenSSH clients
  • Can run from inetd or standalone
  • Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication
  • The server, client, keygen, and key converter can be compiled into a single binary (à la busybox)
  • Features can easily be disabled when compiling to save space
  • TCP forwarding support

If your systems is running an Ubuntu or Debian ARM distribution, you can simply install using apt-get:

sudo apt-get install dropbear

This will install and run dropbear server automatically.

Here are the instructions to follow, if you need to cross-compile it for your system (ARM compiler) and run the server:

  1. Download the latest version of dropbear:

    wget http://matt.ucc.asn.au/dropbear/releases/dropbear-0.53.1.tar.bz2

  2. Extract the archive

    tar xjvf dropbear-0.53.1.tar.bz2
    cd dropbear-0.53.1

  3. Configure, cross-compile and install it in your rootfs/ramdisk:

    CC=armv5tel-redhat-linux-gnueabi-gcc ./configure –target=armv5tel-redhat-linux-gnueabi- –host=armv5tel-redhat-linux-gnueabi –prefix=/home/jaufranc/edev/rootfs –with-zlib=/home/jaufranc/edev/rootfs/lib
    make
    make install

  4. Generate the server keys in the target board:

    dropbearkey -t rsa -f dropbear_rsa_host_key
    dropbearkey -t dss -f dropbear_dss_host_key

  5. Copy debian/dropbear.init (in the source directory) to /etc/init.d/dropbear (in the target board), and dropbear should be started automatically next time the board boots.  You can also start it manually with:

    /etc/init.d/dropbear start

This assumes a cross-compiled zlib library is installed in /home/jaufranc/edev/rootfs. If you don’t have it, you’ll need to cross-compile zlib first as shown in http://www.cnx-software.com/2011/10/06/cross-comping-zlib-for-arm-target/. Alternatively, you could also disable zlib by adding –disable-zlib to the configure script.

If you really need to reduce dropbear size as much as possible, please read SMALL and INSTALL text files in the source code that provide clues on how to achieve the lowest possible footprint.

 

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX Rockchip RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
2 Comments
oldest
newest
Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...