config dropbear option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22'
The firewall configuration located in /etc/config/dropbear.
The dropbear configuration contains settings for the dropbear SSH server in a single section.
The dropbear section contains these settings:
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
enable |
boolean |
no |
1 |
Set to 0 to disable starting dropbear at system boot. |
verbose |
boolean |
no |
0 |
Set to 1 to enable verbose output by the start script. |
BannerFile |
string |
no |
(none) |
Name of a file to be printed before the user has authenticated successfully. |
PasswordAuth |
boolean |
no |
1 |
Set to 0 to disable authenticating with passwords. |
Port |
integer |
no |
22 |
Port number to listen on. |
RootPasswordAuth |
boolean |
no |
1 |
Set to 0 to disable authenticating as root with passwords. |
RootLogin |
boolean |
no |
1 |
Set to 0 to disable SSH logins as root. |
GatewayPorts |
boolean |
no |
0 |
Set to 1 to allow remote hosts to connect to forwarded ports. |
Interface |
string |
no |
(none) |
Tells dropbear to listen only on the specified interface.e.g. lan, wan, henet |
rsakeyfile |
file |
no |
(none) |
Path to RSA file |
dsskeyfile |
file |
no |
(none) |
Path to DSS/DSA file |
SSHKeepAlive |
integer |
no |
300 |
Keep Alive |
IdleTimeout |
integer |
no |
0 |
Idle Timeout |
This is the default configuration:
config dropbear option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22'
Edit /etc/config/dropbear to add a second instance.
vi /etc/config/dropbear
The below example shows one on port 22 on the lan side, one on port 2022 on the wan side. Note: wan side is set for PasswordAuth off so make sure you have added an ssh-key.
Also make sure to check your firewall DNAT (port forward) to allow access to the wan side port, 2022 in this case.
config dropbear option PasswordAuth 'on' option Port '22' option Interface 'lan' config dropbear option PasswordAuth 'off' option Interface 'wan' option Port '2022'