annotate INSTALL @ 1534:ed930fd6f60f

Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
author stellarpower <stellarpower@googlemail.com>
date Tue, 20 Feb 2018 02:11:55 +0000
parents 72fd994fe7bd
children d35cf9a5e0b5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 Basic Dropbear build instructions:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
3 - Edit localoptions.h to set which features you want. Available options
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
4 are described in default_options.h.in, these will be overridden by
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
5 anything set in localoptions.h
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
7 - If using a Mercurial or Git checkout, "autoconf; autoheader"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
9 - Configure for your system:
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
10 ./configure (optionally with --disable-zlib or --disable-syslog,
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 or --help for other options)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
13 - Compile:
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
15 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
16
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
17 - Optionally install, or copy the binaries another way
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
19 make install (/usr/local/bin is usual default):
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
21 or
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
22
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
23 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
72
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
25 (you can leave items out of the PROGRAMS list to avoid compiling them. If you
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
26 recompile after changing the PROGRAMS list, you *MUST* "make clean" before
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
27 recompiling - bad things will happen otherwise)
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28
72
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
29 See MULTI for instructions on making all-in-one binaries.
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30
1447
8f88f4290b22 document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents: 443
diff changeset
31 If you want to compile statically use ./configure --enable-static
8f88f4290b22 document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents: 443
diff changeset
32
8f88f4290b22 document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents: 443
diff changeset
33 By default Dropbear adds various build flags that improve robustness
1493
72fd994fe7bd Update build instructions for localoptions, and tidy
Matt Johnston <matt@ucc.asn.au>
parents: 1447
diff changeset
34 against programming bugs (good for security). If these cause problems
1447
8f88f4290b22 document --enable-static in place of STATIC=1
Matt Johnston <matt@ucc.asn.au>
parents: 443
diff changeset
35 they can be disabled with ./configure --disable-harden
72
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
36
443
2d943453cecf Fix spelling typo
Matt Johnston <matt@ucc.asn.au>
parents: 245
diff changeset
37 Binaries can be stripped with "make strip"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 ============================================================================
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40
245
b24730e11c83 add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents: 72
diff changeset
41 If you're compiling for a 386-class CPU, you will probably need to add
b24730e11c83 add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents: 72
diff changeset
42 CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.
b24730e11c83 add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents: 72
diff changeset
43
b24730e11c83 add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents: 72
diff changeset
44 ============================================================================
b24730e11c83 add note about compiling for 386
Matt Johnston <matt@ucc.asn.au>
parents: 72
diff changeset
45
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 Compiling with uClibc:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 versions is broken. Also note that you may get strange issues if your uClibc
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 headers don't match the library you are running with, ie the headers might
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 say that shadow password support exists, but the libraries don't have it.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52
72
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
53 Compiling for uClibc should be the same as normal, just set CC to the magic
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
54 uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever).
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
55 You can use "make STATIC=1" to make statically linked binaries, and it is
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
56 advisable to strip the binaries too. If you're looking to make a small binary,
9597c2e3b9d4 Some doc changes
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
57 you should remove unneeded ciphers and MD5, by editing options.h
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 It is possible to compile zlib in, by copying zlib.h and zconf.h into a
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 subdirectory (ie zlibincludes), and
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 export CFLAGS="-Izlibincludes -I../zlibincludes"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 export LDFLAGS=/usr/lib/libz.a
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 before ./configure and make.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 If you disable zlib, you must explicitly disable compression for the client -
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 OpenSSH is possibly buggy in this regard, it seems you need to disable it
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 globally in ~/.ssh/config, not just in the host entry in that file.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 You may want to manually disable lastlog recording when using uClibc, configure
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 with --disable-lastlog.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73
69
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
74 One common problem is pty allocation. There are a number of types of pty
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
75 allocation which can be used -- if they work properly, the end result is the
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
76 same for each type. Running configure should detect the best type to use
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
77 automatically, however for some systems, this may be incorrect. Some
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
78 things to note:
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
80 If your system expects /dev/pts to be mounted (this is a uClibc option),
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81 make sure that it is.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
83 Make sure that your libc headers match the library version you are using.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85 If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 you can try compiling with --disable-openpty. You will probably then need
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 to create all the /dev/pty?? and /dev/tty?? devices, which can be
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 problematic for devfs. In general, openpty() is the best way to allocate
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
89 PTYs, so it's best to try and get it working.