DragonFly On-Line Manual Pages
dbclient(1) DragonFly General Commands Manual dbclient(1)
NAME
dbclient - lightweight SSH client
SYNOPSIS
dbclient [flag arguments] [-p port] [-i id] [-L l:h:p] [-R l:h:p] [-l
user] host [more flags] [command]
dbclient [args] [user1]@host1[^port1],[user2]@host2[^port2],...
DESCRIPTION
dbclient is a small SSH client
OPTIONS
command
A command to run on the remote host. This will normally be run
by the remote host using the user's shell. The command begins at
the first hyphen argument after the host argument. If no command
is specified an interactive terminal will be opened (see -t and
-T).
-p port
Connect to port on the remote host. Alternatively a port can be
specified as hostname^port. Default is 22.
-i idfile
Identity file. Read the identity key from file idfile (multiple
allowed). This file is created with dropbearkey(1) or converted
from OpenSSH with dropbearconvert(1). The default path
~/.ssh/id_dropbear is used
-L [listenaddress]:listenport:host:port
Local port forwarding. Forward the port listenport on the local
host through the SSH connection to port port on the host host.
-R [listenaddress]:listenport:host:port
Remote port forwarding. Forward the port listenport on the
remote host through the SSH connection to port port on the host
host.
-l user
Username. Login as user on the remote host.
-t Allocate a PTY. This is the default when no command is given, it
gives a full interactive remote session. The main effect is that
keystrokes are sent remotely immediately as opposed to local
line-based editing.
-T Don't allocate a PTY. This is the default a command is given.
See -t.
-N Don't request a remote shell or run any commands. Any command
arguments are ignored.
-f Fork into the background after authentication. A command
argument (or -N) is required. This is useful when using
password authentication.
-g Allow non-local hosts to connect to forwarded ports. Applies to
-L and -R forwarded ports, though remote connections to -R
forwarded ports may be limited by the ssh server.
-y Always accept hostkeys if they are unknown. If a hostkey
mismatch occurs the connection will abort as normal. If
specified a second time no host key checking is performed at
all, this is usually undesirable.
-A Forward agent connections to the remote host. dbclient will use
any OpenSSH-style agent program if available ($SSH_AUTH_SOCK
will be set) for public key authentication. Forwarding is only
enabled if -A is specified.
-W windowsize
Specify the per-channel receive window buffer size. Increasing
this may improve network performance at the expense of memory
use. Use -h to see the default buffer size.
-K timeout_seconds
Ensure that traffic is transmitted at a certain interval in
seconds. This is useful for working around firewalls or routers
that drop connections after a certain period of inactivity. The
trade-off is that a session may be closed if there is a
temporary lapse of network connectivity. A setting if 0 disables
keepalives. If no response is received for 3 consecutive
keepalives the connection will be closed.
-I idle_timeout
Disconnect the session if no traffic is transmitted or received
for idle_timeout seconds.
-J proxy_command
Use the standard input/output of the program proxy_command
rather than using a normal TCP connection. A hostname should be
still be provided, as this is used for comparing saved hostkeys.
-B endhost:endport
"Netcat-alike" mode, where Dropbear will connect to the given
host, then create a forwarded connection to endhost. This will
then be presented as dbclient's standard input/output.
-c cipherlist
Specify a comma separated list of ciphers to enable. Use -c help
to list possibilities.
-m MAClist
Specify a comma separated list of authentication MACs to enable.
Use -m help to list possibilities.
-s The specified command will be requested as a subsystem, used for
sftp. Dropbear doesn't implement sftp itself but the OpenSSH
sftp client can be used eg sftp -S dbclient user@host
-V Print the version
MULTI-HOP
Dropbear will also allow multiple "hops" to be specified, separated by
commas. In this case a connection will be made to the first host, then
a TCP forwarded connection will be made through that to the second
host, and so on. Hosts other than the final destination will not see
anything other than the encrypted SSH stream. A port for a host can be
specified with a caret (eg matt@martello^44 ). This syntax can also be
used with scp or rsync (specifying dbclient as the ssh/rsh command). A
file can be "bounced" through multiple SSH hops, eg
scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
Note that hostnames are resolved by the prior hop (so "canyons" would
be resolved by the host "wrt") in the example above, the same way as
other -L TCP forwarded hosts are. Host keys are checked locally based
on the given hostname.
ESCAPE CHARACTERS
Typing a newline followed by the key sequence ~. (tilde, dot) will
terminate a connection. The sequence ~^Z (tilde, ctrl-z) will
background the connection. This behaviour only applies when a PTY is
used.
ENVIRONMENT
DROPBEAR_PASSWORD
A password to use for remote authentication can be specified in
the environment variable DROPBEAR_PASSWORD. Care should be taken
that the password is not exposed to other users on a multi-user
system, or stored in accessible files.
SSH_ASKPASS
dbclient can use an external program to request a password from
a user. SSH_ASKPASS should be set to the path of a program that
will return a password on standard output. This program will
only be used if either DISPLAY is set and standard input is not
a TTY, or the environment variable SSH_ASKPASS_ALWAYS is set.
NOTES
If compiled with zlib support and if the server supports it, dbclient
will always use compression.
AUTHOR
Matt Johnston (matt@ucc.asn.au).
Mihnea Stoenescu wrote initial Dropbear client support
Gerrit Pape (pape@smarden.org) wrote this manual page.
SEE ALSO
dropbear(8), dropbearkey(1)
https://matt.ucc.asn.au/dropbear/dropbear.html
dbclient(1)