The very first tutorial ever published on LowEndTalk – way back in 2008 – was on replacing OpenSSH with Dropbear.

When you are using a low-end server with only 64MB of memory, sometimes you just have to look for alternate software packages with less bloat to leave more memory for your (often more bloated) applications. OpenSSH is the essential application on a Linux/xBSD server, however I think it is eating up one or two more megabytes of memory than it should, and it can be easily replaced by a lighter weight SSH server like Dropbear.

In one of our seminal, community-founding articles, Yes, You Can Run 18 Static Sites on a 64MB Link-1 VPS, LowEndAdmin switched out Debian 5’s OpenSSH for Dropbear, and saved 500KB.  On a 64MB VPS, that’s significant…but today most VMs start at 1GB.  What was once .8% is now .04%.

To be honest, I’d kind of forgotten about Dropbear, but I recently setup Alpine Linux and it’s one of the options, so I thought I’d take a look again.

Dropbear Drawbacks

Dropbear is really intended for embedded systems, where every kilobyte of memory is precious.  So the main selling point is smaller memory.

This is achieved, however, by stripping out features.  Some example:

• Dropbear supports fewer encryption, key exchange, and MAC (message authentication code) algorithms compared to OpenSSH.
• No subsystem support, so if you need SFTP, you’re out of luck.
• Dropbear is engineered for small systems, so there’s no effort put into making sure it scales for a high volume of simultaneous connections.
• Advanced OpenSSH configurations, like Match blocks for user-specific rules or fine-grained controls, are unavailable in Dropbear.
• No X11 forwarding
• No support for older protocols like SSH 1 but you shouldn’t be using it anyway.

Also worth noting that the Dropbear community is much smaller than the universe of OpenSSH users.  A security flaw in OpenSSH is very likely to be noticed quickly and remediated quickly, just based on the scale of usage.

Given that typical RAM on a VM has grown 16x since 2008, perhaps it’s time to leave Dropbear for embedded systems and not try to scrape out those last few kilobytes of RAM.

raindog308

Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.