SSH Server Choices¶

The SSH server can be connected directly from Unix with the ssh command line program or other SSH client programs:

• Address = Your IP address (e.g.: 192.168.0.100)
• Port = 22
• Username = root
• Password = dietpi

Root logins via Dropbear can be restricted from first boot on with the SOFTWARE_DISABLE_SSH_PASSWORD_LOGINS setting in the dietpi.txt file. Valid options are:

• 0 : Allow password logins for all users, including root (default case)
• root : Disable password login for root user only
• 1 : Disable password logins for all users (assure that you have a valid SSH key applied!)

The first boot scripts apply them via DROPBEAR_EXTRA_ARGS setting in /etc/default/dropbear, before the SSH server starts and before the network is set up.

Later on (after the first installation run has completed), these options can be changed by the command

/boot/dietpi/func/dietpi-set_software disable_ssh_password_logins <option>

If <option> is skipped/empty, the one from /boot/dietpi.txt will be reapplied to /etc/default/dropbear.

Public SSH authentication keys for the users root and dietpi can be added from first boot on with the AUTO_SETUP_SSH_PUBKEY setting in the dietpi.txt file. The first boot procedure apply them to ~/.ssh/authorized_keys of both users, before the SSH server starts and before the network is set up.
If multiple keys are used in dietpi.txt, each key will be added to both users root and dietpi. Multiple keys can be relevant in case multiple SSH clients which each have their on key pair(s) are used.

A key pair can be generated with most SSH clients, e.g. with OpenSSH or Dropbear from the console (dropbearkey is only available if Dropbear is selected as the SSH server option):

# OpenSSH client:
ssh-keygen -t ed25519
# Dropbear client:
dropbearkey -t ed25519 -f ~/.ssh/id_dropbear

An example output or ~/.ssh/id_ed25519.pub content (for the AUTO_SETUP_SSH_PUBKEY setting in dietpi.txt) could be

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcoZfa+8uivetL4FTstsMl1MsnkjM1ssYW9wQh77xaS root@dietpi

Other key types are supported, but we suggest Ed25519, a modern scheme which provides best security with a small key size.
The commands generate a public key with an additional key comment at the end of the generated line, root@dietpi in the above example. This comment has generally no function, but is shown by SSH clients when performing a key authentication, and can be used to understand the entry better. It can be set or omitted in dietpi.txt for the users convenience.

ssh-keygen asks for an optional passphrase and file path, where we suggest to use the default ~/.ssh/id_ed25519, where the client will be able to use it OOTB. The file id_ed25519.pub holds the public key to be used within /boot/dietpi.txt. See the comments in /boot/dietpi.txt and man ssh-keygen for further details.

dropbearkey prints the public key portion to the console instead. The command can also be extended with the option -C <key comment>. See man dropbearkey for further details.

On Windows, PuTTY and KiTTY are recommended SSH clients.

The SSH server can be connected directly from Unix with the ssh command line program or other SSH client programs:

• Address = Your IP address (e.g.: 192.168.0.100)
• Username = root
• Password = dietpi
• Port = 22

Root logins via Dropbear can be restricted from first boot on with the SOFTWARE_DISABLE_SSH_PASSWORD_LOGINS setting in the dietpi.txt file. Valid options are:

• 0 : Allow password logins for all users, including root (default case)
• root : Disable password login for root user only
• 1 : Disable password logins for all users (assure that you have a valid SSH key applied!)

The options will lead in changes of the file /etc/ssh/sshd_config (values PubkeyAuthentication, PasswordAuthentication and PermitRootLogin) and can be set by the configuration option SOFTWARE_DISABLE_SSH_PASSWORD_LOGINS in the file /boot/dietpi.txt to be examined during the initial first boot sequence.

Later on (after the first installation run has completed), these options can be changed by the command

/boot/dietpi/func/dietpi-set_software disable_ssh_password_logins <option>

If <option> is skipped/empty, the one from /boot/dietpi.txt will be reapplied to /etc/default/dropbear.

Public SSH authentication keys for the users root and dietpi can be added from first boot on with the AUTO_SETUP_SSH_PUBKEY setting in the dietpi.txt file. The first boot procedure apply them to ~/.ssh/authorized_keys of both users, before the SSH server starts and before the network is set up.
If multiple keys are used in dietpi.txt, each key will be added to both users root and dietpi. Multiple keys can be relevant in case multiple SSH clients which each have their on key pair(s) are used.

A key pair can be generated with most SSH clients, e.g. with OpenSSH or Dropbear from the console (dropbearkey is only available if Dropbear is selected as the SSH server option):

# OpenSSH client:
ssh-keygen -t ed25519
# Dropbear client:
dropbearkey -t ed25519 -f ~/.ssh/id_dropbear

An example output or ~/.ssh/id_ed25519.pub content (for the AUTO_SETUP_SSH_PUBKEY setting in dietpi.txt) could be

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcoZfa+8uivetL4FTstsMl1MsnkjM1ssYW9wQh77xaS root@dietpi

Other key types are supported, but we suggest Ed25519, a modern scheme which provides best security with a small key size.
The commands generate a public key with an additional key comment at the end of the generated line, root@dietpi in the above example. This comment has generally no function, but is shown by SSH clients when performing a key authentication, and can be used to understand the entry better. It can be set or omitted in dietpi.txt for the users convenience.

ssh-keygen asks for an optional passphrase and file path, where we suggest to use the default ~/.ssh/id_ed25519, where the client will be able to use it OOTB. The file id_ed25519.pub holds the public key to be used within /boot/dietpi.txt. See the comments in /boot/dietpi.txt and man ssh-keygen for further details.

dropbearkey prints the public key portion to the console instead. The command can also be extended with the option -C <key comment>. See man dropbearkey for further details.

On Windows, PuTTY and KiTTY are recommended SSH clients.

WinSCP will allow you to transfer files and folders on your DietPi device (WinSCP downloads page).