comparison DEVELOPING.md @ 1717:295377ecbf49

Add DEVELOPING.md
author Matt Johnston <matt@ucc.asn.au>
date Mon, 15 Jun 2020 22:30:28 +0800
parents
children 57226fc75cb5
comparison
equal deleted inserted replaced
1716:6ea18ca8fc03 1717:295377ecbf49
1 # Developer Notes
2
3 ## Building
4
5 See [INSTALL](INSTALL) for build instructions.
6 [SMALL](SMALL) has hints for building smaller binaries, also see comments
7 in default_options.h.
8
9 ## Debug printing
10
11 Set `#define DEBUG_TRACE 1` in localoptions.h to enable a `-v` option
12 for dropbear and dbclient. That prints various details of the session. For
13 development running `dropbear -F -E` is useful to run in the foreground. You
14 can set `#define DEBUG_NOFORK 1` to make dropbear a one-shot server, easy to
15 run under a debugger.
16
17 ## Random sources
18
19 Most cryptography requires a good random entropy source, both to generate secret
20 keys and in the course of a session. Dropbear uses the Linux kernel's
21 `getrandom()` syscall to ensure that the system RNG has been initialised before
22 using it. On some systems there is insufficient entropy gathered during early
23 boot - generating hostkeys then will block for some amount of time.
24 Dropbear has a `-R` option to generate hostkeys upon the first connection
25 as required - that will allow the system more time to gather entropy.
26
27 ## Algorithms
28
29 Default algorithm lists are specified in [common-algo.c](common-algo.c).
30 They are in priority order, the client's first matching choice is used
31 (see rfc4253).
32 Dropbear client has `-c` and `-m` arguments to choose which are enabled at
33 runtime (doesn't work for server as of June 2020).
34
35 Enabling/disabling algorithms is done in [localoptions.h](localoptions.h),
36 see [default_options.h](default_options.h).
37
38 ## Non-root user
39
40 Dropbear server will run fine as a non-root user, allowing logins only for
41 that user. Password authentication probably won't work (can't read shadow
42 passwords). You will need to create hostkeys that are readable.
43
44 ## Connection setup
45
46 Dropbear implements first_kex_packet_follows to reduce
47 handshake latency (rfc 4253 7.1). Some less common implementations don't
48 handle that, it can be a cause of problems connecting. Note also that
49 Dropbear may send several ssh packets within a single TCP packet - it's just a
50 stream.
51