Mercurial > dropbear
annotate debian/dropbear.README.Debian @ 454:7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
- Try to reduce the frequency of select() timeouts
- Add a max receive window size of 1MB
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 08 Aug 2007 15:12:06 +0000 |
parents | 1857c2c551ea |
children | 8c2d2edadf2a |
rev | line source |
---|---|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 Dropbear for Debian |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 ------------------- |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 This package will attempt to listen on port 22. If the OpenSSH |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 package ("ssh") is installed, the file /etc/default/dropbear |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 will be set up so that the server does not start by default. |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 You can run Dropbear concurrently with OpenSSH 'sshd' by |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 modifying /etc/default/dropbear so that "NO_START" is set to |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 "0" and changing the port number that Dropbear runs on. Follow |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 the instructions in the file. |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 This package suggests you install the "ssh" package. This package |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 provides the "ssh" client program, as well as the "/usr/bin/scp" |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 binary you will need to be able to retrieve files from a server |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 running Dropbear via SCP. |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 Replacing OpenSSH "sshd" with Dropbear |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 -------------------------------------- |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 You will still want to have the "ssh" package installed, as it |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 provides the "ssh" and "scp" binaries. When you install this |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 package, it checks for existing OpenSSH host keys and if found, |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 converts them to the Dropbear format. |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 If this appears to have worked, you should be able to change over |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 by following these steps: |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 1. Stop the OpenSSH server |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 % /etc/init.d/ssh stop |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 2. Prevent the OpenSSH server from starting in the future |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 % touch /etc/ssh/sshd_not_to_be_run |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 3. Modify the Dropbear defaults file, set NO_START to 0 and |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 ensure DROPBEAR_PORT is set to 22. |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 % editor /etc/default/dropbear |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 4. Restart the Dropbear server. |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 % /etc/init.d/dropbear restart |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 See the Dropbear homepage for more information: |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 http://matt.ucc.asn.au/dropbear/dropbear.html |
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
327
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
42 |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
43 Entropy from /dev/random |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
44 ------------------------ |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
45 |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
46 The dropbear binary package is configured at compile time to read |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
47 entropy from /dev/random. If /dev/random on a system blocks when |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
48 reading data from it, client logins may be delayed until the client |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
49 times out. The dropbear server writes a notice to the logs when it |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
50 sees /dev/random blocking. A workaround for such systems is to |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
51 re-compile the package with DROPBEAR_RANDOM_DEV set to /dev/urandom |
1857c2c551ea
Bring in changes from Debian 0.48.1-1
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
52 in options.h. |