comparison SMALL @ 391:00fcf5045160

propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head c1db4398d56c56c6d06ae1e20c1e0d04dbb598ed) to branch 'au.asn.ucc.matt.dropbear' (head d26d5eb2837f46b56a33fb0e7573aa0201abd4d5)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 11 Jan 2007 04:29:08 +0000
parents b9d3f725e00b
children 13cb8cc1b0e4
comparison
equal deleted inserted replaced
390:d8e44bef7917 391:00fcf5045160
1 Tips for a small system:
2
3 If you only want server functionality (for example), compile with
4 make PROGRAMS=dropbear
5 rather than just
6 make dropbear
7 so that client functionality in shared portions of Dropbear won't be included.
8 The same applies if you are compiling just a client.
9
10 ---
11
12 The following are set in options.h:
13
14 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
15 affecting interoperability
16
17 - If you're compiling statically, you can turn off host lookups
18
19 - You can disable either password or public-key authentication, though note
20 that the IETF draft states that pubkey authentication is required.
21
22 - Similarly with DSS and RSA, you can disable one of these if you know that
23 all clients will be able to support a particular one. The IETF draft
24 states that DSS is required, however you may prefer to use RSA.
25 DON'T disable either of these on systems where you aren't 100% sure about
26 who will be connecting and what clients they will be using.
27
28 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
29
30 - You can disable x11, tcp and agent forwarding as desired. None of these are
31 essential, although agent-forwarding is often useful even on firewall boxes.
32
33 ---
34
35 If you are compiling statically, you may want to disable zlib, as it will use
36 a few tens of kB of binary-size (./configure --disable-zlib).
37
38 You can create a combined binary, see the file MULTI, which will put all
39 the functions into one binary, avoiding repeated code.
40
41 If you're compiling with gcc, you might want to look at gcc's options for
42 stripping unused code. The relevant vars to set before configure are:
43
44 LDFLAGS=-Wl,--gc-sections
45 CFLAGS="-ffunction-sections -fdata-sections"
46
47 You can also experiment with optimisation flags such as -Os, note that in some
48 cases these flags actually seem to increase size, so experiment before
49 deciding.
50
51 Of course using small C libraries such as uClibc and dietlibc can also help.
52
53 If you have any queries, mail me and I'll see if I can help.