Mercurial > dropbear
annotate INSTALL @ 1659:d32bcb5c557d
Add Ed25519 support (#91)
* Add support for Ed25519 as a public key type
Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.
OpenSSH key import and fuzzer are not supported yet.
Initially inspired by Peter Szabo.
* Add curve25519 and ed25519 fuzzers
* Add import and export of Ed25519 keys
| author | Vladislav Grishenko <themiron@users.noreply.github.com> |
|---|---|
| date | Wed, 11 Mar 2020 21:09:45 +0500 |
| parents | 2fd52c383163 |
| children | 986126448688 |
| rev | line source |
|---|---|
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 Basic Dropbear build instructions: |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
3 - Edit localoptions.h to set which features you want. Available options |
|
1524
d35cf9a5e0b5
rename default_options.h.in in docs too
Matt Johnston <matt@ucc.asn.au>
parents:
1493
diff
changeset
|
4 are described in default_options.h, these will be overridden by |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
5 anything set in localoptions.h |
|
1565
2fd52c383163
mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1524
diff
changeset
|
6 localoptions.h should be located in the build directory if you are |
|
2fd52c383163
mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1524
diff
changeset
|
7 building out of tree. |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
9 - If using a Mercurial or Git checkout, "autoconf; autoheader" |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
11 - Configure for your system: |
|
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
12 ./configure (optionally with --disable-zlib or --disable-syslog, |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 or --help for other options) |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
15 - Compile: |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
17 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" |
|
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
18 |
|
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
19 - Optionally install, or copy the binaries another way |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
21 make install (/usr/local/bin is usual default): |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
23 or |
|
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
24 |
|
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
25 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 |
| 72 | 27 (you can leave items out of the PROGRAMS list to avoid compiling them. If you |
| 28 recompile after changing the PROGRAMS list, you *MUST* "make clean" before | |
| 29 recompiling - bad things will happen otherwise) | |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 |
| 72 | 31 See MULTI for instructions on making all-in-one binaries. |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
|
1447
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
33 If you want to compile statically use ./configure --enable-static |
|
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
34 |
|
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
35 By default Dropbear adds various build flags that improve robustness |
|
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
36 against programming bugs (good for security). If these cause problems |
|
1447
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
37 they can be disabled with ./configure --disable-harden |
| 72 | 38 |
| 443 | 39 Binaries can be stripped with "make strip" |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 ============================================================================ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 |
|
245
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
43 If you're compiling for a 386-class CPU, you will probably need to add |
|
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
44 CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions. |
|
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
45 |
|
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
46 ============================================================================ |
|
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
47 |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 Compiling with uClibc: |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 versions is broken. Also note that you may get strange issues if your uClibc |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 headers don't match the library you are running with, ie the headers might |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 say that shadow password support exists, but the libraries don't have it. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 |
| 72 | 55 Compiling for uClibc should be the same as normal, just set CC to the magic |
| 56 uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever). | |
| 57 You can use "make STATIC=1" to make statically linked binaries, and it is | |
| 58 advisable to strip the binaries too. If you're looking to make a small binary, | |
| 59 you should remove unneeded ciphers and MD5, by editing options.h | |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 It is possible to compile zlib in, by copying zlib.h and zconf.h into a |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 subdirectory (ie zlibincludes), and |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 export CFLAGS="-Izlibincludes -I../zlibincludes" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 export LDFLAGS=/usr/lib/libz.a |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 before ./configure and make. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 If you disable zlib, you must explicitly disable compression for the client - |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 OpenSSH is possibly buggy in this regard, it seems you need to disable it |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 globally in ~/.ssh/config, not just in the host entry in that file. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 You may want to manually disable lastlog recording when using uClibc, configure |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 with --disable-lastlog. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 |
| 69 | 76 One common problem is pty allocation. There are a number of types of pty |
| 77 allocation which can be used -- if they work properly, the end result is the | |
| 78 same for each type. Running configure should detect the best type to use | |
| 79 automatically, however for some systems, this may be incorrect. Some | |
| 80 things to note: | |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 If your system expects /dev/pts to be mounted (this is a uClibc option), |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 make sure that it is. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 Make sure that your libc headers match the library version you are using. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 you can try compiling with --disable-openpty. You will probably then need |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 to create all the /dev/pty?? and /dev/tty?? devices, which can be |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 problematic for devfs. In general, openpty() is the best way to allocate |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 PTYs, so it's best to try and get it working. |