Mercurial > dropbear

comparison INSTALL @ 118:5312ca05ed48 private-rez

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate of 717950f4061f1123659ee87c7c168805af920ab7 and 839f98f136788cc1466e4641bf796f96040a085d from branch 'matt.dbclient.authpam' to 'matt.dbclient.rez'
author Matt Johnston <matt@ucc.asn.au>
date Sun, 12 Sep 2004 04:56:50 +0000
parents 9597c2e3b9d4
children b24730e11c83
comparison
equal deleted inserted replaced
57:3b2a5a1c4347 118:5312ca05ed48
1 Basic Dropbear build instructions: 1 Basic Dropbear build instructions:
2 2
3 - First, edit options.h to choose user-defined features to choose, such as 3 - Edit options.h to set which features you want.
4 which ciphers/hashes you want, which forwarding you want, etc. 4 - Edit debug.h if you want any debug options (not usually required).
5 5
6 - Edit debug.h if you want any debug options 6 (If using a non-tarball copy, "autoconf; autoheader")
7
8 - Now configure Dropbear's host-specific options
9 (if you are using a cvs copy, "autoconf; autoheader" first)
10 7
11 ./configure (optionally with --disable-zlib or --disable-syslog, 8 ./configure (optionally with --disable-zlib or --disable-syslog,
12 or --help for other options) 9 or --help for other options)
13 10
14 - Then compile and optionally install Dropbear: 11 Now compile:
15 12
16 (the Makefile requires GNU make, if you want to make it portable, send me 13 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
17 some patches)
18 14
19 make 15 And install (/usr/local/bin is usual default):
20 make install (installs to /usr/local/sbin, /usr/local/bin by default)
21 16
22 You need to generate server keys, this is one-off: 17 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
23 ./dropbearkey -t rsa -f dropbear_rsa_host_key
24 ./dropbearkey -t dss -f dropbear_dss_host_key
25 18
26 or alternatively convert OpenSSH keys to Dropbear: 19 (you can leave items out of the PROGRAMS list to avoid compiling them. If you
27 ./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key 20 recompile after changing the PROGRAMS list, you *MUST* "make clean" before
21 recompiling - bad things will happen otherwise)
28 22
29 And you can now run the server. 23 See MULTI for instructions on making all-in-one binaries.
30 ./dropbear
31 24
32 or './dropbear -h' to get options. 25 If you want to compile statically, add "STATIC=1" to the make command-line.
33 26
34 If the server is run as non-root, you most likely won't be able to allocate a 27 Binaries can be strippd with "make strip"
35 pty, and you cannot login as any user other than that running the daemon
36 (obviously). Shadow passwords will also be unusable as non-root.
37
38 The Dropbear distribution includes a standalone version of OpenSSH's scp
39 program. You can compile it with "make scp", you may want to change the path
40 of the ssh binary, specified near the top of the scp.c file. By default
41 the progress meter isn't compiled in to save space, you can enable it with
42 "make scp-progress".
43 28
44 ============================================================================ 29 ============================================================================
45 30
46 Compiling with uClibc: 31 Compiling with uClibc:
47 32
48 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior 33 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior
49 versions is broken. Also note that you may get strange issues if your uClibc 34 versions is broken. Also note that you may get strange issues if your uClibc
50 headers don't match the library you are running with, ie the headers might 35 headers don't match the library you are running with, ie the headers might
51 say that shadow password support exists, but the libraries don't have it. 36 say that shadow password support exists, but the libraries don't have it.
52 37
53 To compile for uClibc the following should work: 38 Compiling for uClibc should be the same as normal, just set CC to the magic
54 39 uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever).
55 rm config.cache 40 You can use "make STATIC=1" to make statically linked binaries, and it is
56 CC=i386-uclib-gcc ./configure --disable-zlib 41 advisable to strip the binaries too. If you're looking to make a small binary,
57 make clean 42 you should remove unneeded ciphers and MD5, by editing options.h
58 make
59 make strip
60
61 ... and that should be it. You can use "make static" to make statically linked
62 binaries, and it is advisable to strip the binaries too. If you're looking
63 to make a small binary, you should remove unneeded ciphers and MD5, by
64 editing options.h
65 43
66 It is possible to compile zlib in, by copying zlib.h and zconf.h into a 44 It is possible to compile zlib in, by copying zlib.h and zconf.h into a
67 subdirectory (ie zlibincludes), and 45 subdirectory (ie zlibincludes), and
68 46
69 export CFLAGS="-Izlibincludes -I../zlibincludes" 47 export CFLAGS="-Izlibincludes -I../zlibincludes"
76 globally in ~/.ssh/config, not just in the host entry in that file. 54 globally in ~/.ssh/config, not just in the host entry in that file.
77 55
78 You may want to manually disable lastlog recording when using uClibc, configure 56 You may want to manually disable lastlog recording when using uClibc, configure
79 with --disable-lastlog. 57 with --disable-lastlog.
80 58
81 One common problem is pty allocation. There are a number of types of pty allocation which can be used -- if they work properly, the end result is the same for each type. Running configure should detect the best type to use automatically, however for some embedded systems, this may be incorrect. Some things to note: 59 One common problem is pty allocation. There are a number of types of pty
60 allocation which can be used -- if they work properly, the end result is the
61 same for each type. Running configure should detect the best type to use
62 automatically, however for some systems, this may be incorrect. Some
63 things to note:
82 64
83 If your system expects /dev/pts to be mounted (this is a uClibc option), 65 If your system expects /dev/pts to be mounted (this is a uClibc option),
84 make sure that it is. 66 make sure that it is.
85 67
86 Make sure that your libc headers match the library version you are using. 68 Make sure that your libc headers match the library version you are using.
88 If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails, 70 If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails,
89 you can try compiling with --disable-openpty. You will probably then need 71 you can try compiling with --disable-openpty. You will probably then need
90 to create all the /dev/pty?? and /dev/tty?? devices, which can be 72 to create all the /dev/pty?? and /dev/tty?? devices, which can be
91 problematic for devfs. In general, openpty() is the best way to allocate 73 problematic for devfs. In general, openpty() is the best way to allocate
92 PTYs, so it's best to try and get it working. 74 PTYs, so it's best to try and get it working.
93
94
95 ============================================================================
96
97 Public key auth:
98
99 You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
100 the key entries in that file. They should be of the form:
101
102 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
103
104 You must make sure that ~/.ssh, and the key file, are only writable by the
105 user.
106
107 NOTE: Dropbear ignores authorized_keys options such as those described in the
108 OpenSSH sshd manpage, and will not allow a login for these keys.