dbclient(1)dbclient(1)NAMEdbclient - lightweight SSH client
SYNOPSISdbclient [flag arguments] [-p port] [-i id] [-L l:h:p] [-R l:h:p] [-l
user] host [more flags] [command]
dbclient [args] [user1]@host1[^port1],[user2]@host2[^port2],...
DESCRIPTIONdbclient is a small SSH client
OPTIONS
command
A command to run on the remote host. This will normally
be run by the remote host using the user's shell. The
command begins at the first hyphen argument after the
host argument. If no command is specified an interactive
terminal will be opened (see -t and -T).
-p port
Connect to port on the remote host. Alternatively a port
can be specified as hostname^port. Default is 22.
-i idfile
Identity file. Read the identity key from file idfile
(multiple allowed). This file is created with dropbear‐
key(1) or converted from OpenSSH with dropbearconvert(1).
The default path ~/.ssh/id_dropbear is used
-L [listenaddress]:listenport:host:port
Local port forwarding. Forward the port listenport on
the local host through the SSH connection to port port on
the host host.
-R [listenaddress]:listenport:host:port
Remote port forwarding. Forward the port listenport on
the remote host through the SSH connection to port port
on the host host.
-l user
Username. Login as user on the remote host.
-t Allocate a PTY. This is the default when no command is
given, it gives a full interactive remote session. The
main effect is that keystrokes are sent remotely immedi‐
ately as opposed to local line-based editing.
-T Don't allocate a PTY. This is the default a command is
given. See -t.
-N Don't request a remote shell or run any commands. Any
command arguments are ignored.
-f Fork into the background after authentication. A command
argument (or -N) is required. This is useful when using
password authentication.
-g Allow non-local hosts to connect to forwarded ports.
Applies to -L and -R forwarded ports, though remote con‐
nections to -R forwarded ports may be limited by the ssh
server.
-y Always accept hostkeys if they are unknown. If a hostkey
mismatch occurs the connection will abort as normal. If
specified a second time no host key checking is performed
at all, this is usually undesirable.
-A Forward agent connections to the remote host. dbclient
will use any OpenSSH-style agent program if available
($SSH_AUTH_SOCK will be set) for public key authentica‐
tion. Forwarding is only enabled if -A is specified.
-W windowsize
Specify the per-channel receive window buffer size.
Increasing this may improve network performance at the
expense of memory use. Use -h to see the default buffer
size.
-K timeout_seconds
Ensure that traffic is transmitted at a certain interval
in seconds. This is useful for working around firewalls
or routers that drop connections after a certain period
of inactivity. The trade-off is that a session may be
closed if there is a temporary lapse of network connec‐
tivity. A setting if 0 disables keepalives. If no
response is received for 3 consecutive keepalives the
connection will be closed.
-I idle_timeout
Disconnect the session if no traffic is transmitted or
received for idle_timeout seconds.
-J proxy_command
Use the standard input/output of the program proxy_com‐
mand rather than using a normal TCP connection. A host‐
name should be still be provided, as this is used for
comparing saved hostkeys.
-B endhost:endport
"Netcat-alike" mode, where Dropbear will connect to the
given host, then create a forwarded connection to end‐
host. This will then be presented as dbclient's standard
input/output.
-c cipherlist
Specify a comma separated list of ciphers to enable. Use
-c help to list possibilities.
-m MAClist
Specify a comma separated list of authentication MACs to
enable. Use -m help to list possibilities.
-s The specified command will be requested as a subsystem,
used for sftp. Dropbear doesn't implement sftp itself but
the OpenSSH sftp client can be used eg sftp -Sdbclient
user@host
-V Print the version
MULTI-HOP
Dropbear will also allow multiple "hops" to be specified, sepa‐
rated by commas. In this case a connection will be made to the
first host, then a TCP forwarded connection will be made through
that to the second host, and so on. Hosts other than the final
destination will not see anything other than the encrypted SSH
stream. A port for a host can be specified with a caret (eg
matt@martello^44 ). This syntax can also be used with scp or
rsync (specifying dbclient as the ssh/rsh command). A file can
be "bounced" through multiple SSH hops, eg
scp -Sdbclient matt@martello,root@wrt,canyons:/tmp/dump .
Note that hostnames are resolved by the prior hop (so "canyons"
would be resolved by the host "wrt") in the example above, the
same way as other -L TCP forwarded hosts are. Host keys are
checked locally based on the given hostname.
ESCAPE CHARACTERS
Typing a newline followed by the key sequence ~. (tilde, dot)
will terminate a connection. The sequence ~^Z (tilde, ctrl-z)
will background the connection. This behaviour only applies when
a PTY is used.
ENVIRONMENT
DROPBEAR_PASSWORD
A password to use for remote authentication can be speci‐
fied in the environment variable DROPBEAR_PASSWORD. Care
should be taken that the password is not exposed to other
users on a multi-user system, or stored in accessible
files.
SSH_ASKPASS
dbclient can use an external program to request a pass‐
word from a user. SSH_ASKPASS should be set to the path
of a program that will return a password on standard out‐
put. This program will only be used if either DISPLAY is
set and standard input is not a TTY, or the environment
variable SSH_ASKPASS_ALWAYS is set.
NOTES
If compiled with zlib support and if the server supports it,
dbclient will always use compression.
AUTHOR
Matt Johnston (matt@ucc.asn.au).
Mihnea Stoenescu wrote initial Dropbear client support
Gerrit Pape (pape@smarden.org) wrote this manual page.
SEE ALSOdropbear(8), dropbearkey(1)
https://matt.ucc.asn.au/dropbear/dropbear.html
dbclient(1)