Mercurial > dropbear
annotate INSTALL @ 1933:e093ddc5b585
Fix extra default -i arguments for multihop
When multihop executes dbclient it should only add -i arguments
from the original commandline, not the default id_dropbear key.
Otherwise multiple -i arguments keep getting added which
results in servers disconnecting with too many auth attempts
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 01 Apr 2022 11:56:10 +0800 |
parents | f78e67527731 |
children |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 Basic Dropbear build instructions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
3 - Edit localoptions.h to set which features you want. Available options |
1524
d35cf9a5e0b5
rename default_options.h.in in docs too
Matt Johnston <matt@ucc.asn.au>
parents:
1493
diff
changeset
|
4 are described in default_options.h, these will be overridden by |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
5 anything set in localoptions.h |
1565
2fd52c383163
mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1524
diff
changeset
|
6 localoptions.h should be located in the build directory if you are |
2fd52c383163
mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1524
diff
changeset
|
7 building out of tree. |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
9 - Configure for your system: |
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
10 ./configure (optionally with --disable-zlib or --disable-syslog, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 or --help for other options) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 |
1814
f78e67527731
Add configure script to version control. Set timezone for release tarball
Matt Johnston <matt@ucc.asn.au>
parents:
1792
diff
changeset
|
13 (you'll need to first run "autoconf; autoheader" if you edit configure.ac) |
f78e67527731
Add configure script to version control. Set timezone for release tarball
Matt Johnston <matt@ucc.asn.au>
parents:
1792
diff
changeset
|
14 |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
15 - Compile: |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
17 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" |
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
18 |
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
19 - Optionally install, or copy the binaries another way |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
21 make install (/usr/local/bin is usual default): |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
23 or |
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
24 |
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
25 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 |
72 | 27 (you can leave items out of the PROGRAMS list to avoid compiling them. If you |
28 recompile after changing the PROGRAMS list, you *MUST* "make clean" before | |
29 recompiling - bad things will happen otherwise) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 |
1717 | 31 DEVELOPING.md has some notes on other developer topics, including debugging. |
32 | |
72 | 33 See MULTI for instructions on making all-in-one binaries. |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 |
1447
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
35 If you want to compile statically use ./configure --enable-static |
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
36 |
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
37 By default Dropbear adds various build flags that improve robustness |
1493
72fd994fe7bd
Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents:
1447
diff
changeset
|
38 against programming bugs (good for security). If these cause problems |
1447
8f88f4290b22
document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents:
443
diff
changeset
|
39 they can be disabled with ./configure --disable-harden |
72 | 40 |
443 | 41 Binaries can be stripped with "make strip" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 ============================================================================ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
245
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
45 If you're compiling for a 386-class CPU, you will probably need to add |
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
46 CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions. |
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
47 |
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
48 ============================================================================ |
b24730e11c83
add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents:
72
diff
changeset
|
49 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 Compiling with uClibc: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 versions is broken. Also note that you may get strange issues if your uClibc |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 headers don't match the library you are running with, ie the headers might |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 say that shadow password support exists, but the libraries don't have it. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
72 | 57 Compiling for uClibc should be the same as normal, just set CC to the magic |
58 uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever). | |
59 You can use "make STATIC=1" to make statically linked binaries, and it is | |
60 advisable to strip the binaries too. If you're looking to make a small binary, | |
1667
986126448688
Update remaining advise to edit options.h
Alexander Dahl <ada@thorsis.com>
parents:
1565
diff
changeset
|
61 you should remove unneeded ciphers and MD5, by editing localoptions.h |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 It is possible to compile zlib in, by copying zlib.h and zconf.h into a |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 subdirectory (ie zlibincludes), and |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 export CFLAGS="-Izlibincludes -I../zlibincludes" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 export LDFLAGS=/usr/lib/libz.a |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 before ./configure and make. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 If you disable zlib, you must explicitly disable compression for the client - |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 OpenSSH is possibly buggy in this regard, it seems you need to disable it |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 globally in ~/.ssh/config, not just in the host entry in that file. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 You may want to manually disable lastlog recording when using uClibc, configure |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 with --disable-lastlog. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 |
69 | 78 One common problem is pty allocation. There are a number of types of pty |
79 allocation which can be used -- if they work properly, the end result is the | |
80 same for each type. Running configure should detect the best type to use | |
81 automatically, however for some systems, this may be incorrect. Some | |
82 things to note: | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 If your system expects /dev/pts to be mounted (this is a uClibc option), |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 make sure that it is. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 Make sure that your libc headers match the library version you are using. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 you can try compiling with --disable-openpty. You will probably then need |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 to create all the /dev/pty?? and /dev/tty?? devices, which can be |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 problematic for devfs. In general, openpty() is the best way to allocate |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 PTYs, so it's best to try and get it working. |