annotate SMALL @ 1933:e093ddc5b585

Fix extra default -i arguments for multihop When multihop executes dbclient it should only add -i arguments from the original commandline, not the default id_dropbear key. Otherwise multiple -i arguments keep getting added which results in servers disconnecting with too many auth attempts
author Matt Johnston <matt@ucc.asn.au>
date Fri, 01 Apr 2022 11:56:10 +0800
parents 13cb8cc1b0e4
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 Tips for a small system:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
3 If you only want server functionality (for example), compile with
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
4 make PROGRAMS=dropbear
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
5 rather than just
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
6 make dropbear
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
7 so that client functionality in shared portions of Dropbear won't be included.
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
8 The same applies if you are compiling just a client.
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
10 ---
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
11
1915
13cb8cc1b0e4 Remove twofish and remnants of blowfish
Matt Johnston <matt@ucc.asn.au>
parents: 161
diff changeset
12 The following are set in localoptions.h:
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
13
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
14 - If you're compiling statically, you can turn off host lookups
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
16 - You can disable either password or public-key authentication, though note
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
17 that the IETF draft states that pubkey authentication is required.
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
19 - Similarly with DSS and RSA, you can disable one of these if you know that
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
20 all clients will be able to support a particular one. The IETF draft
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
21 states that DSS is required, however you may prefer to use RSA.
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
22 DON'T disable either of these on systems where you aren't 100% sure about
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
23 who will be connecting and what clients they will be using.
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
25 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
26
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
27 - You can disable x11, tcp and agent forwarding as desired. None of these are
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
28 essential, although agent-forwarding is often useful even on firewall boxes.
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
29
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
30 ---
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 If you are compiling statically, you may want to disable zlib, as it will use
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 a few tens of kB of binary-size (./configure --disable-zlib).
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 You can create a combined binary, see the file MULTI, which will put all
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 the functions into one binary, avoiding repeated code.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 If you're compiling with gcc, you might want to look at gcc's options for
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 stripping unused code. The relevant vars to set before configure are:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 LDFLAGS=-Wl,--gc-sections
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 CFLAGS="-ffunction-sections -fdata-sections"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 You can also experiment with optimisation flags such as -Os, note that in some
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 cases these flags actually seem to increase size, so experiment before
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 deciding.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 Of course using small C libraries such as uClibc and dietlibc can also help.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 If you have any queries, mail me and I'll see if I can help.