diff --git a/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000..99adcfd
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,23 @@
+Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
+
+Upstream-Status: Inappropriate [configuration]
+---
+ default_options.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/default_options.h b/default_options.h
+index 349338c..5ffac25 100644
+--- a/default_options.h
++++ b/default_options.h
+@@ -289,7 +289,7 @@ group1 in Dropbear server too */
+ 
+ /* The command to invoke for xauth when using X11 forwarding.
+  * "-q" for quiet */
+-#define XAUTH_COMMAND "/usr/bin/xauth -q"
++#define XAUTH_COMMAND "xauth -q"
+ 
+ 
+ /* If you want to enable running an sftp server (such as the one included with
+-- 
+2.25.1
+
diff --git a/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
new file mode 100644
index 0000000..32c3ea5
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
@@ -0,0 +1,41 @@
+From b8cece92ba19aa77ac013ea161bfe4c7147747c9 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Wed, 2 Dec 2015 11:36:02 +0200
+Subject: Enable pam
+
+We need modify file default_options.h besides enabling pam in
+configure if we want dropbear to support pam.
+
+Upstream-Status: Pending
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ default_options.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/default_options.h b/default_options.h
+index 0e3d027..349338c 100644
+--- a/default_options.h
++++ b/default_options.h
+@@ -210,7 +210,7 @@ group1 in Dropbear server too */
+ 
+ /* Authentication Types - at least one required.
+    RFC Draft requires pubkey auth, and recommends password */
+-#define DROPBEAR_SVR_PASSWORD_AUTH 1
++#define DROPBEAR_SVR_PASSWORD_AUTH 0
+ 
+ /* Note: PAM auth is quite simple and only works for PAM modules which just do
+  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
+@@ -218,7 +218,7 @@ group1 in Dropbear server too */
+  * but there's an interface via a PAM module. It won't work for more complex
+  * PAM challenge/response.
+  * You can't enable both PASSWORD and PAM. */
+-#define DROPBEAR_SVR_PAM_AUTH 0
++#define DROPBEAR_SVR_PAM_AUTH 1
+ 
+ /* ~/.ssh/authorized_keys authentication.
+  * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */
+-- 
+2.25.1
+
diff --git a/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
new file mode 100644
index 0000000..deed78f
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
@@ -0,0 +1,33 @@
+From e3a5db1b6d3f6382a15b2266458c26c645a10f18 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Thu, 6 Sep 2018 15:54:00 +0800
+Subject: [PATCH] dropbear configuration file
+
+dropbear: Change the path ("/etc/pam.d/sshd" as default) to find a pam configuration file \
+to "/etc/pam.d/dropbear for dropbear when enabling pam supporting"
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ svr-authpam.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/svr-authpam.c b/svr-authpam.c
+index d201bc9..165ec5c 100644
+--- a/svr-authpam.c
++++ b/svr-authpam.c
+@@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {
+ 	}
+ 
+ 	/* Init pam */
+-	if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
++	if ((rc = pam_start("dropbear", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
+ 		dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", 
+ 				rc, pam_strerror(pamHandlep, rc));
+ 		goto cleanup;
+-- 
+2.7.4
+
diff --git a/recipes-core/dropbear/dropbear/dropbear b/recipes-core/dropbear/dropbear/dropbear
new file mode 100644
index 0000000..47e787f
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/dropbear
@@ -0,0 +1,4 @@
+#%PAM-1.0
+
+auth     include  common-auth
+account  include  common-account
diff --git a/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
new file mode 100644
index 0000000..5c60868
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -0,0 +1,31 @@
+From c347ece05a7fdbf50d76cb136b9ed45caed333f6 Mon Sep 17 00:00:00 2001
+From: Joseph Reynolds <joseph.reynolds1@ibm.com>
+Date: Thu, 20 Jun 2019 16:29:15 -0500
+Subject: [PATCH] dropbear: new feature: disable-weak-ciphers
+
+This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers
+in the dropbear ssh server and client since they're considered weak ciphers
+and we want to support the stong algorithms.
+
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
+---
+ default_options.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/default_options.h b/default_options.h
+index d417588..bc5200f 100644
+--- a/default_options.h
++++ b/default_options.h
+@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
+  * Small systems should generally include either curve25519 or ecdh for performance.
+  * curve25519 is less widely supported but is faster
+  */
+-#define DROPBEAR_DH_GROUP14_SHA1 1
++#define DROPBEAR_DH_GROUP14_SHA1 0
+ #define DROPBEAR_DH_GROUP14_SHA256 1
+ #define DROPBEAR_DH_GROUP16 0
+ #define DROPBEAR_CURVE25519 1
+-- 
+2.25.1
+
diff --git a/recipes-core/dropbear/dropbear/dropbear.default b/recipes-core/dropbear/dropbear/dropbear.default
new file mode 100644
index 0000000..522453a
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/dropbear.default
@@ -0,0 +1,2 @@
+# Disallow root logins by default
+DROPBEAR_EXTRA_ARGS="-w"
diff --git a/recipes-core/dropbear/dropbear/dropbear.socket b/recipes-core/dropbear/dropbear/dropbear.socket
new file mode 100644
index 0000000..e5c61b7
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/dropbear.socket
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=dropbear.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
+Also=dropbearkey.service
diff --git a/recipes-core/dropbear/dropbear/dropbear@.service b/recipes-core/dropbear/dropbear/dropbear@.service
new file mode 100644
index 0000000..b420bcd
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/dropbear@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=SSH Per-Connection Server
+Wants=dropbearkey.service
+After=syslog.target dropbearkey.service
+
+[Service]
+Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"
+EnvironmentFile=-/etc/default/dropbear
+ExecStart=-@SBINDIR@/dropbear -i -r ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key $DROPBEAR_EXTRA_ARGS
+ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+StandardInput=socket
+KillMode=process
diff --git a/recipes-core/dropbear/dropbear/dropbearkey.service b/recipes-core/dropbear/dropbear/dropbearkey.service
new file mode 100644
index 0000000..71a12a6
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/dropbearkey.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=SSH Key Generation
+RequiresMountsFor=/var /var/lib
+ConditionPathExists=!/etc/dropbear/dropbear_rsa_host_key
+ConditionPathExists=!/var/lib/dropbear/dropbear_rsa_host_key
+
+[Service]
+Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"
+EnvironmentFile=-/etc/default/dropbear
+Type=oneshot
+ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}
+ExecStart=@SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
+RemainAfterExit=yes
+Nice=10
diff --git a/recipes-core/dropbear/dropbear/init b/recipes-core/dropbear/dropbear/init
new file mode 100755
index 0000000..ffab7a2
--- /dev/null
+++ b/recipes-core/dropbear/dropbear/init
@@ -0,0 +1,79 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:		sshd
+# Required-Start:	$remote_fs $syslog $networking
+# Required-Stop:	$remote_fs $syslog
+# Default-Start:	2 3 4 5
+# Default-Stop:		1
+# Short-Description:	Dropbear Secure Shell server
+### END INIT INFO
+#
+# Do not configure this file. Edit /etc/default/dropbear instead!
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/dropbear
+NAME=dropbear
+DESC="Dropbear SSH server"
+PIDFILE=/var/run/dropbear.pid
+
+# These values may be replaced by those from /etc/default/dropbear
+DROPBEAR_RSAKEY_DIR="/etc/dropbear"
+DROPBEAR_PORT=22
+DROPBEAR_EXTRA_ARGS=
+DROPBEAR_RSAKEY_ARGS=
+NO_START=0
+
+set -e
+
+test ! -r /etc/default/dropbear || . /etc/default/dropbear
+test "$NO_START" = "0" || exit 0
+test -x "$DAEMON" || exit 0
+test ! -h /var/service/dropbear || exit 0
+
+test -z "$DROPBEAR_BANNER" || \
+  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
+test -n "$DROPBEAR_RSAKEY" || \
+  DROPBEAR_RSAKEY="${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key"
+
+gen_keys() {
+    if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
+        rm $DROPBEAR_RSAKEY || true
+    fi
+    if [ ! -f "$DROPBEAR_RSAKEY" ]; then
+        mkdir -p ${DROPBEAR_RSAKEY%/*}
+        dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+    fi
+}
+
+case "$1" in
+  start)
+	echo -n "Starting $DESC: "
+	gen_keys
+	start-stop-daemon -S -p $PIDFILE \
+	  -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
+	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+	echo "$NAME."
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+	start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
+	echo "$NAME."
+	;;
+  restart|force-reload)
+	echo -n "Restarting $DESC: "
+	start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
+	sleep 1
+	start-stop-daemon -S -p $PIDFILE \
+	  -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
+	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+	echo "$NAME."
+	;;
+  *)
+	N=/etc/init.d/$NAME
+	echo "Usage: $N {start|stop|restart|force-reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
diff --git a/recipes-core/dropbear/dropbear_2022.83.bb b/recipes-core/dropbear/dropbear_2022.83.bb
new file mode 100644
index 0000000..0c7a8f4
--- /dev/null
+++ b/recipes-core/dropbear/dropbear_2022.83.bb
@@ -0,0 +1,133 @@
+SUMMARY = "A lightweight SSH and SCP implementation"
+HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
+DESCRIPTION = "Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers."
+SECTION = "console/network"
+
+# some files are from other projects and have others license terms:
+#   public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
+LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f"
+
+DEPENDS = "zlib virtual/crypt"
+RPROVIDES:${PN} = "ssh sshd"
+RCONFLICTS:${PN} = "openssh-sshd openssh"
+
+SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
+           file://0001-urandom-xauth-changes-to-options.h.patch \
+           file://init \
+           file://dropbearkey.service \
+           file://dropbear@.service \
+           file://dropbear.socket \
+           file://dropbear.default \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
+           "
+
+SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
+
+PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
+               file://0006-dropbear-configuration-file.patch \
+               file://dropbear"
+
+PAM_PLUGINS = "libpam-runtime \
+	pam-plugin-deny \
+	pam-plugin-permit \
+	pam-plugin-unix \
+	"
+inherit autotools update-rc.d systemd
+
+CVE_PRODUCT = "dropbear_ssh"
+
+INITSCRIPT_NAME = "dropbear"
+INITSCRIPT_PARAMS = "defaults 10"
+
+SYSTEMD_SERVICE:${PN} = "dropbear.socket"
+
+SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
+BINCOMMANDS = "dbclient ssh scp"
+EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+
+PACKAGECONFIG ?= "disable-weak-ciphers ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
+PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,${PAM_PLUGINS}"
+PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt"
+PACKAGECONFIG[disable-weak-ciphers] = ""
+PACKAGECONFIG[enable-x11-forwarding] = ""
+
+# This option appends to CFLAGS and LDFLAGS from OE
+# This is causing [textrel] QA warning
+EXTRA_OECONF += "--disable-harden"
+
+# musl does not implement wtmp/logwtmp APIs
+EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
+
+do_configure:append() {
+	echo "/* Dropbear features */" > ${B}/localoptions.h
+	if ${@bb.utils.contains('PACKAGECONFIG', 'enable-x11-forwarding', 'true', 'false', d)}; then
+		echo "#define DROPBEAR_X11FWD 1" >> ${B}/localoptions.h
+	fi
+}
+
+do_install() {
+	install -d ${D}${sysconfdir} \
+		${D}${sysconfdir}/init.d \
+		${D}${sysconfdir}/default \
+		${D}${sysconfdir}/dropbear \
+		${D}${bindir} \
+		${D}${sbindir} \
+		${D}${localstatedir}
+
+	install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear
+
+	install -m 0755 dropbearmulti ${D}${sbindir}/
+
+	for i in ${BINCOMMANDS}
+	do
+		# ssh and scp symlinks are created by update-alternatives
+		if [ $i = ssh ] || [ $i = scp ]; then continue; fi
+		ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i
+	done
+	for i in ${SBINCOMMANDS}
+	do
+		ln -s ./dropbearmulti ${D}${sbindir}/$i
+	done
+	sed -e 's,/etc,${sysconfdir},g' \
+		-e 's,/usr/sbin,${sbindir},g' \
+		-e 's,/var,${localstatedir},g' \
+		-e 's,/usr/bin,${bindir},g' \
+		-e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear
+	chmod 755 ${D}${sysconfdir}/init.d/dropbear
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+		install -d ${D}${sysconfdir}/pam.d
+		install -m 0644 ${WORKDIR}/dropbear  ${D}${sysconfdir}/pam.d/
+	fi
+
+	# deal with systemd unit files
+	install -d ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_system_unitdir}
+	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+		-e 's,@BINDIR@,${bindir},g' \
+		-e 's,@SBINDIR@,${sbindir},g' \
+		${D}${systemd_system_unitdir}/dropbear.socket ${D}${systemd_system_unitdir}/*.service
+}
+
+inherit update-alternatives
+
+ALTERNATIVE_PRIORITY = "20"
+ALTERNATIVE:${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}"
+
+ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti"
+
+pkg_postrm:${PN} () {
+  if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
+  fi
+  if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_dss_host_key
+  fi
+}
+
+CONFFILES:${PN} = "${sysconfdir}/default/dropbear"
+
+FILES:${PN} += "${bindir}"