Mercurial > dropbear
annotate SMALL @ 1933:e093ddc5b585
Fix extra default -i arguments for multihop
When multihop executes dbclient it should only add -i arguments
from the original commandline, not the default id_dropbear key.
Otherwise multiple -i arguments keep getting added which
results in servers disconnecting with too many auth attempts
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 01 Apr 2022 11:56:10 +0800 |
parents | 13cb8cc1b0e4 |
children |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 Tips for a small system: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 |
161 | 3 If you only want server functionality (for example), compile with |
4 make PROGRAMS=dropbear | |
5 rather than just | |
6 make dropbear | |
7 so that client functionality in shared portions of Dropbear won't be included. | |
8 The same applies if you are compiling just a client. | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 |
161 | 10 --- |
11 | |
1915
13cb8cc1b0e4
Remove twofish and remnants of blowfish
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
12 The following are set in localoptions.h: |
161 | 13 |
14 - If you're compiling statically, you can turn off host lookups | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 |
161 | 16 - You can disable either password or public-key authentication, though note |
17 that the IETF draft states that pubkey authentication is required. | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 |
161 | 19 - Similarly with DSS and RSA, you can disable one of these if you know that |
20 all clients will be able to support a particular one. The IETF draft | |
21 states that DSS is required, however you may prefer to use RSA. | |
22 DON'T disable either of these on systems where you aren't 100% sure about | |
23 who will be connecting and what clients they will be using. | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
161 | 25 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize |
26 | |
27 - You can disable x11, tcp and agent forwarding as desired. None of these are | |
28 essential, although agent-forwarding is often useful even on firewall boxes. | |
29 | |
30 --- | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 If you are compiling statically, you may want to disable zlib, as it will use |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 a few tens of kB of binary-size (./configure --disable-zlib). |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 You can create a combined binary, see the file MULTI, which will put all |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 the functions into one binary, avoiding repeated code. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 If you're compiling with gcc, you might want to look at gcc's options for |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 stripping unused code. The relevant vars to set before configure are: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 LDFLAGS=-Wl,--gc-sections |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 CFLAGS="-ffunction-sections -fdata-sections" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 You can also experiment with optimisation flags such as -Os, note that in some |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 cases these flags actually seem to increase size, so experiment before |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 deciding. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 Of course using small C libraries such as uClibc and dietlibc can also help. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 If you have any queries, mail me and I'll see if I can help. |