Dropbear: A Lightweight SSH Solution

What is Dropbear SSH?

Created by Matt Johnston, Dropbear is a relatively small SSH 2 server and client. It is designed to replace OpenSSH in environments where memory and processor resources are limited. Unlike OpenSSH, which is a massive suite of tools, Dropbear is often compiled as a single multi-call binary. This single file can act as a server, client, key generator, and key converter. This makes it incredibly easy to “drop” into an embedded system (hence the name).

Why Dropbear?

If you’re running a massive cloud server, Dropbear might not be on your radar. But in the IoT and low resource micro servers, it’s legendary for a few reasons:

It’s Tiny: While OpenSSH is a suite of tools that can take up several megabytes, a fully functional Dropbear binary can be as small as 110kB.
Security through Simplicity: Dropbear strips away the legacy junk. It doesn’t support the old, insecure SSH 1 protocol, and it skips the complex configuration “Match” blocks that most people never use anyway. This smaller “attack surface” makes it a favorite for security-conscious developers.
It Saves RAM: On a modern PC, saving 1MB of RAM doesn’t matter. But on an IoT sensor or a tiny virtual server or a docker container that extra 1MB can be the difference between your app running smoothly or the system killing processes because it’s out of memory.

Memory Usages in a Dropbear Container vs Openssh Container

				
					alpine-openssh-1-f4d5bc689-6wrcv:~# ps -o pid,comm,%cpu,%mem,rss,vsz -C sshd
    PID COMMAND         %CPU %MEM   RSS    VSZ
      1 sshd             0.0  0.0  5120   6880

				
					alpine-dropbear-1-754d779575-j87hq:~# ps -o pid,comm,%cpu,%mem,rss,vsz -C dropbear
    PID COMMAND         %CPU %MEM   RSS    VSZ
      1 dropbear         0.0  0.0   512   1212

Dropbear vs. OpenSSH: A Quick Comparison

Feature	Dropbear SSH	OpenSSH
Primary Target	Embedded systems, IoT, Low-RAM VPS, Docker / Kubernetes Containers	Servers, Desktops, Cloud Infrastructure
Binary Size	~110KB – 200KB	Multiple Megabytes
Modern Ciphers	Supports the essentials (Ed25519, etc.)	Supports almost everything under the sun
SFTP Support	Requires external binary (like OpenSSH’s)	Built-in
Configuration	Minimal, mostly command-line flags	Extensive (sshd_config)
Complexity	Very Low	High

What Dropbear actually supports?

Despite its size, Dropbear covers the essentials extremely well:

Secure remote shell access
Public-key authentication
SCP for file transfers
TCP port forwarding
Compatibility with OpenSSH keys and clients

In practice, this means you can:

SSH into a device from your laptop like normal
Use existing ~/.ssh/authorized_keys
Tunnel ports for debugging or services
Automate access using keys instead of passwords

All of this comes in a footprint that can be an order of magnitude smaller than OpenSSH when built with minimal options.

The Drawbacks to Consider:

Dropbear’s strength is also its limitation: it intentionally does less.

Things you won’t get:

Built-in SFTP support
Deep configuration flexibility
The full spread of modern cryptographic options found in OpenSSH

And that’s fine — because Dropbear is not meant for:

Large multi-user servers
Complex access control environments
Highly customized enterprise SSH policies

If you need all of that, OpenSSH is the right tool.
If you just need secure access to a small device, Dropbear is hard to beat.

Installing & Running Dropbear

On most Linux systems (including Debian, Fedora, and Alpine), Dropbear can be installed via the package manager:

				
					# Example for Alpine Linux
apk add dropbear
rc-service dropbear start

Configuration options range from basic key setup to custom flags:

				
					dropbear -p 2222          # Listen on port 2222
dropbear -w -s            # Disable root password login

Public key management is similar to OpenSSH: just place authorized keys in the appropriate file and start the service.

Is Dropbear still relevant in 2026?

You might wonder if we still need a “lightweight” SSH client when even a cheap smartphone has 8GB of RAM. The answer is a nuanced “Yes, but for different reasons.” Dropbear is seeing a massive second life in the containerization and microservices era.

We aren’t just trying to save RAM on old hardware; we’re trying to make Docker containers and Micro-VMs as small as possible. If you’re building a fleet of 1,000 microservices, using a tiny SSH server like Dropbear instead of the full OpenSSH suite saves a massive amount of overhead across your entire infrastructure.

Final Thoughts

Dropbear isn’t flashy. It doesn’t chase trends. It doesn’t try to be everything. What it does instead is solve a real problem extremely well:

Secure remote access on systems that don’t have room for anything else.

If you work with embedded Linux, routers, IoT devices, or small docker images, Dropbear isn’t just an alternative SSH server — it’s often the right one. And judging by its continued use, it’s not going away anytime soon.