Mercurial > dropbear
comparison README @ 389:5ff8218bcee9
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e)
to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 11 Jan 2007 03:14:55 +0000 |
parents | 0cbe8f6dbf9e |
children | 20dafc77322e |
comparison
equal
deleted
inserted
replaced
388:fb54020f78e1 | 389:5ff8218bcee9 |
---|---|
1 This is Dropbear, a smallish SSH 2 server and client. | |
2 | |
3 INSTALL has compilation instructions. | |
4 | |
5 MULTI has instructions on making a multi-purpose binary (ie a single binary | |
6 which performs multiple tasks, to save disk space) | |
7 | |
8 SMALL has some tips on creating small binaries. | |
9 | |
10 See TODO for a few of the things I know need looking at, and please contact | |
11 me if you have any questions/bugs found/features/ideas/comments etc :) | |
12 | |
13 Matt Johnston | |
14 [email protected] | |
15 | |
16 | |
17 In the absence of detailed documentation, some notes follow: | |
18 ============================================================================ | |
19 | |
20 Server public key auth: | |
21 | |
22 You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put | |
23 the key entries in that file. They should be of the form: | |
24 | |
25 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname | |
26 | |
27 You must make sure that ~/.ssh, and the key file, are only writable by the | |
28 user. Beware of editors that split the key into multiple lines. | |
29 | |
30 NOTE: Dropbear ignores authorized_keys options such as those described in the | |
31 OpenSSH sshd manpage, and will not allow a login for these keys. | |
32 | |
33 ============================================================================ | |
34 | |
35 Client public key auth: | |
36 | |
37 Dropbear can do public key auth as a client, but you will have to convert | |
38 OpenSSH style keys to Dropbear format, or use dropbearkey to create them. | |
39 | |
40 If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do: | |
41 | |
42 dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db | |
43 dbclient -i ~/.ssh/id_rsa.db <hostname> | |
44 | |
45 Currently encrypted keys aren't supported, neither is agent forwarding. At some | |
46 stage both hopefully will be. | |
47 | |
48 ============================================================================ | |
49 | |
50 If you want to get the public-key portion of a Dropbear private key, look at | |
51 dropbearkey's '-y' option. | |
52 | |
53 ============================================================================ | |
54 | |
55 To run the server, you need to generate server keys, this is one-off: | |
56 ./dropbearkey -t rsa -f dropbear_rsa_host_key | |
57 ./dropbearkey -t dss -f dropbear_dss_host_key | |
58 | |
59 or alternatively convert OpenSSH keys to Dropbear: | |
60 ./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key | |
61 | |
62 ============================================================================ | |
63 | |
64 If the server is run as non-root, you most likely won't be able to allocate a | |
65 pty, and you cannot login as any user other than that running the daemon | |
66 (obviously). Shadow passwords will also be unusable as non-root. | |
67 | |
68 ============================================================================ | |
69 | |
70 The Dropbear distribution includes a standalone version of OpenSSH's scp | |
71 program. You can compile it with "make scp", you may want to change the path | |
72 of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default | |
73 the progress meter isn't compiled in to save space, you can enable it by | |
74 adding 'SCPPROGRESS=1' to the make commandline. |