Mercurial > dropbear
comparison SMALL @ 391:00fcf5045160
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head c1db4398d56c56c6d06ae1e20c1e0d04dbb598ed)
to branch 'au.asn.ucc.matt.dropbear' (head d26d5eb2837f46b56a33fb0e7573aa0201abd4d5)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 11 Jan 2007 04:29:08 +0000 |
parents | b9d3f725e00b |
children | 13cb8cc1b0e4 |
comparison
equal
deleted
inserted
replaced
390:d8e44bef7917 | 391:00fcf5045160 |
---|---|
1 Tips for a small system: | |
2 | |
3 If you only want server functionality (for example), compile with | |
4 make PROGRAMS=dropbear | |
5 rather than just | |
6 make dropbear | |
7 so that client functionality in shared portions of Dropbear won't be included. | |
8 The same applies if you are compiling just a client. | |
9 | |
10 --- | |
11 | |
12 The following are set in options.h: | |
13 | |
14 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without | |
15 affecting interoperability | |
16 | |
17 - If you're compiling statically, you can turn off host lookups | |
18 | |
19 - You can disable either password or public-key authentication, though note | |
20 that the IETF draft states that pubkey authentication is required. | |
21 | |
22 - Similarly with DSS and RSA, you can disable one of these if you know that | |
23 all clients will be able to support a particular one. The IETF draft | |
24 states that DSS is required, however you may prefer to use RSA. | |
25 DON'T disable either of these on systems where you aren't 100% sure about | |
26 who will be connecting and what clients they will be using. | |
27 | |
28 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize | |
29 | |
30 - You can disable x11, tcp and agent forwarding as desired. None of these are | |
31 essential, although agent-forwarding is often useful even on firewall boxes. | |
32 | |
33 --- | |
34 | |
35 If you are compiling statically, you may want to disable zlib, as it will use | |
36 a few tens of kB of binary-size (./configure --disable-zlib). | |
37 | |
38 You can create a combined binary, see the file MULTI, which will put all | |
39 the functions into one binary, avoiding repeated code. | |
40 | |
41 If you're compiling with gcc, you might want to look at gcc's options for | |
42 stripping unused code. The relevant vars to set before configure are: | |
43 | |
44 LDFLAGS=-Wl,--gc-sections | |
45 CFLAGS="-ffunction-sections -fdata-sections" | |
46 | |
47 You can also experiment with optimisation flags such as -Os, note that in some | |
48 cases these flags actually seem to increase size, so experiment before | |
49 deciding. | |
50 | |
51 Of course using small C libraries such as uClibc and dietlibc can also help. | |
52 | |
53 If you have any queries, mail me and I'll see if I can help. |