Table of Contents
This chapter describes the initial installation and configuration of the light weight ssh server "Dropbear" which is part of the base Bering-uClibc distribution.
Dropbear was developed by Matt Johnston and for more information on Dropbear itself you should visit his webpages.
Export of cryptographic software from Australia is subject to export controls - you should ensure that you are not breaching these controls. See Crypto Law Survey for some good research.
Comments on this chapter should be addressed to its maintainer: Eric
de Thouars <dorus at users.sourceforge.net>.
For Bering-uClibc, dropbear and dropbearkey have been compiled
into one binary, just like busybox that also provides different
applications in one binary. Therefore only one package
(dropbear.lrp) is needed. This is a difference from
other ssh applications (sshd, lshd) used with LEAF packages, where key
generation utility and daemon are provided in two separate
packages.
If you start with a fresh Bering-uClibc image you can skip this step
because the default leaf.cfg file provided with
Bering-uClibc looks like this:
LRP="root config etc local modules iptables dhcpcd keyboard shorwall ulogd dnsmasq dropbear sh-httpd weblet"
The package dropbear.lrp is loaded on
startup.
If you have edited leaf.cfg in the past, and
dropbear.lrp is currently not installed on your
system, you can do two things:
add the package again to leaf.cfg and
reboot (Check the Bering-uClibc Installation
Guide to learn how to do that.)
add dropbear.lrp to lrpkg.cfg/leaf.cfg and
load package manually.
The keys necessary for the ssh server can be generated with the command gendropbearkeys. After giving this command, sit back and enjoy a cup of coffee while your machine generates the RSA and DSS keys.
tip: use weblet to generate entropy.
Backup the dropbear.lrp package to save the
keys
Dropbear will not let you log in as "root" without a password. Set the root password with the command passwd while logged in as "root".
Backup the etc.lrp package
The default configuration of the Shorewall package provided with Bering-uClibc should allow you to login to your LEAF box with ssh from the local network. Nevertheless it is wise to make sure that this is really so.
Assuming that you have not renamed the zone for the local network,
this zone is called "loc". The file
/etc/shorewall/rules should then have lines like
this:
############################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST (...) # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 (...)
If this is not the case, add these lines and backup the
shorwall.lrp package.
Reboot your machine and watch dropbear start. You can now remotely log in to your Bering-uClibc box with an ssh client or scp files from/to your Bering-uClibc box.