The very first tutorial ever published on LowEndTalk – way back in 2008 – was on replacing OpenSSH with Dropbear.

When you are using a low-end server with only 64MB of memory, sometimes you just have to look for alternate software packages with less bloat to leave more memory for your (often more bloated) applications. OpenSSH is the essential application on a Linux/xBSD server, however I think it is eating up one or two more megabytes of memory than it should, and it can be easily replaced by a lighter weight SSH server like Dropbear.

In one of our seminal, community-founding articles, Yes, You Can Run 18 Static Sites on a 64MB Link-1 VPS, LowEndAdmin switched out Debian 5’s OpenSSH for Dropbear, and saved 500KB.  On a 64MB VPS, that’s significant…but today most VMs start at 1GB.  What was once .8% is now .04%.

To be honest, I’d kind of forgotten about Dropbear, but I recently setup Alpine Linux and it’s one of the options, so I thought I’d take a look again.

Dropbear Drawbacks

Dropbear is really intended for embedded systems, where every kilobyte of memory is precious.  So the main selling point is smaller memory.

This is achieved, however, by stripping out features.  Some example:

• Dropbear supports fewer encryption, key exchange, and MAC (message authentication code) algorithms compared to OpenSSH.
• No subsystem support, so if you need SFTP, you’re out of luck.
• Dropbear is engineered for small systems, so there’s no effort put into making sure it scales for a high volume of simultaneous connections.
• Advanced OpenSSH configurations, like Match blocks for user-specific rules or fine-grained controls, are unavailable in Dropbear.
• No X11 forwarding
• No support for older protocols like SSH 1 but you shouldn’t be using it anyway.

Also worth noting that the Dropbear community is much smaller than the universe of OpenSSH users.  A security flaw in OpenSSH is very likely to be noticed quickly and remediated quickly, just based on the scale of usage.

Given that typical RAM on a VM has grown 16x since 2008, perhaps it’s time to leave Dropbear for embedded systems and not try to scrape out those last few kilobytes of RAM.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Dropbear in 2025: Still the LowEnd SSH Server of Choice? - January 20, 2025
• “OMG! I Never Knew That!”: The Simply Linux Tip That Has Got Me More Thanks Than Anything I’ve Ever Shared in 30+ Years - January 19, 2025
• Bluesky has Flopped: How Mashable is Lying To You - January 18, 2025