Mercurial > dropbear
comparison DEVELOPING.md @ 1717:295377ecbf49
Add DEVELOPING.md
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 15 Jun 2020 22:30:28 +0800 |
| parents | |
| children | 57226fc75cb5 |
comparison
equal
deleted
inserted
replaced
| 1716:6ea18ca8fc03 | 1717:295377ecbf49 |
|---|---|
| 1 # Developer Notes | |
| 2 | |
| 3 ## Building | |
| 4 | |
| 5 See [INSTALL](INSTALL) for build instructions. | |
| 6 [SMALL](SMALL) has hints for building smaller binaries, also see comments | |
| 7 in default_options.h. | |
| 8 | |
| 9 ## Debug printing | |
| 10 | |
| 11 Set `#define DEBUG_TRACE 1` in localoptions.h to enable a `-v` option | |
| 12 for dropbear and dbclient. That prints various details of the session. For | |
| 13 development running `dropbear -F -E` is useful to run in the foreground. You | |
| 14 can set `#define DEBUG_NOFORK 1` to make dropbear a one-shot server, easy to | |
| 15 run under a debugger. | |
| 16 | |
| 17 ## Random sources | |
| 18 | |
| 19 Most cryptography requires a good random entropy source, both to generate secret | |
| 20 keys and in the course of a session. Dropbear uses the Linux kernel's | |
| 21 `getrandom()` syscall to ensure that the system RNG has been initialised before | |
| 22 using it. On some systems there is insufficient entropy gathered during early | |
| 23 boot - generating hostkeys then will block for some amount of time. | |
| 24 Dropbear has a `-R` option to generate hostkeys upon the first connection | |
| 25 as required - that will allow the system more time to gather entropy. | |
| 26 | |
| 27 ## Algorithms | |
| 28 | |
| 29 Default algorithm lists are specified in [common-algo.c](common-algo.c). | |
| 30 They are in priority order, the client's first matching choice is used | |
| 31 (see rfc4253). | |
| 32 Dropbear client has `-c` and `-m` arguments to choose which are enabled at | |
| 33 runtime (doesn't work for server as of June 2020). | |
| 34 | |
| 35 Enabling/disabling algorithms is done in [localoptions.h](localoptions.h), | |
| 36 see [default_options.h](default_options.h). | |
| 37 | |
| 38 ## Non-root user | |
| 39 | |
| 40 Dropbear server will run fine as a non-root user, allowing logins only for | |
| 41 that user. Password authentication probably won't work (can't read shadow | |
| 42 passwords). You will need to create hostkeys that are readable. | |
| 43 | |
| 44 ## Connection setup | |
| 45 | |
| 46 Dropbear implements first_kex_packet_follows to reduce | |
| 47 handshake latency (rfc 4253 7.1). Some less common implementations don't | |
| 48 handle that, it can be a cause of problems connecting. Note also that | |
| 49 Dropbear may send several ssh packets within a single TCP packet - it's just a | |
| 50 stream. | |
| 51 |