Mercurial > dropbear
comparison INSTALL @ 72:9597c2e3b9d4
Some doc changes
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 13 Aug 2004 10:58:51 +0000 |
| parents | 59d16db56e9f |
| children | b24730e11c83 |
comparison
equal
deleted
inserted
replaced
| 71:ac96bc733e71 | 72:9597c2e3b9d4 |
|---|---|
| 1 Basic Dropbear build instructions: | 1 Basic Dropbear build instructions: |
| 2 | 2 |
| 3 - First, edit options.h to choose user-defined features to choose, such as | 3 - Edit options.h to set which features you want. |
| 4 which ciphers/hashes you want, which forwarding you want, etc. | 4 - Edit debug.h if you want any debug options (not usually required). |
| 5 | 5 |
| 6 - Edit debug.h if you want any debug options | 6 (If using a non-tarball copy, "autoconf; autoheader") |
| 7 | |
| 8 - Now configure Dropbear's host-specific options | |
| 9 (if you are using a cvs copy, "autoconf; autoheader" first) | |
| 10 | 7 |
| 11 ./configure (optionally with --disable-zlib or --disable-syslog, | 8 ./configure (optionally with --disable-zlib or --disable-syslog, |
| 12 or --help for other options) | 9 or --help for other options) |
| 13 | 10 |
| 14 - Then compile and optionally install Dropbear: | 11 Now compile: |
| 15 | 12 |
| 16 (the Makefile requires GNU make, if you want to make it portable, send me | 13 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" |
| 17 some patches) | |
| 18 | 14 |
| 19 make | 15 And install (/usr/local/bin is usual default): |
| 20 make install (installs to /usr/local/sbin, /usr/local/bin by default) | |
| 21 | 16 |
| 22 You need to generate server keys, this is one-off: | 17 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install |
| 23 ./dropbearkey -t rsa -f dropbear_rsa_host_key | |
| 24 ./dropbearkey -t dss -f dropbear_dss_host_key | |
| 25 | 18 |
| 26 or alternatively convert OpenSSH keys to Dropbear: | 19 (you can leave items out of the PROGRAMS list to avoid compiling them. If you |
| 27 ./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key | 20 recompile after changing the PROGRAMS list, you *MUST* "make clean" before |
| 21 recompiling - bad things will happen otherwise) | |
| 28 | 22 |
| 29 And you can now run the server. | 23 See MULTI for instructions on making all-in-one binaries. |
| 30 ./dropbear | |
| 31 | 24 |
| 32 or './dropbear -h' to get options. | 25 If you want to compile statically, add "STATIC=1" to the make command-line. |
| 33 | 26 |
| 34 If the server is run as non-root, you most likely won't be able to allocate a | 27 Binaries can be strippd with "make strip" |
| 35 pty, and you cannot login as any user other than that running the daemon | |
| 36 (obviously). Shadow passwords will also be unusable as non-root. | |
| 37 | |
| 38 The Dropbear distribution includes a standalone version of OpenSSH's scp | |
| 39 program. You can compile it with "make scp", you may want to change the path | |
| 40 of the ssh binary, specified near the top of the scp.c file. By default | |
| 41 the progress meter isn't compiled in to save space, you can enable it with | |
| 42 "make scp-progress". | |
| 43 | 28 |
| 44 ============================================================================ | 29 ============================================================================ |
| 45 | 30 |
| 46 Compiling with uClibc: | 31 Compiling with uClibc: |
| 47 | 32 |
| 48 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior | 33 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior |
| 49 versions is broken. Also note that you may get strange issues if your uClibc | 34 versions is broken. Also note that you may get strange issues if your uClibc |
| 50 headers don't match the library you are running with, ie the headers might | 35 headers don't match the library you are running with, ie the headers might |
| 51 say that shadow password support exists, but the libraries don't have it. | 36 say that shadow password support exists, but the libraries don't have it. |
| 52 | 37 |
| 53 To compile for uClibc the following should work: | 38 Compiling for uClibc should be the same as normal, just set CC to the magic |
| 54 | 39 uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever). |
| 55 rm config.cache | 40 You can use "make STATIC=1" to make statically linked binaries, and it is |
| 56 CC=i386-uclib-gcc ./configure --disable-zlib | 41 advisable to strip the binaries too. If you're looking to make a small binary, |
| 57 make clean | 42 you should remove unneeded ciphers and MD5, by editing options.h |
| 58 make | |
| 59 make strip | |
| 60 | |
| 61 ... and that should be it. You can use "make static" to make statically linked | |
| 62 binaries, and it is advisable to strip the binaries too. If you're looking | |
| 63 to make a small binary, you should remove unneeded ciphers and MD5, by | |
| 64 editing options.h | |
| 65 | 43 |
| 66 It is possible to compile zlib in, by copying zlib.h and zconf.h into a | 44 It is possible to compile zlib in, by copying zlib.h and zconf.h into a |
| 67 subdirectory (ie zlibincludes), and | 45 subdirectory (ie zlibincludes), and |
| 68 | 46 |
| 69 export CFLAGS="-Izlibincludes -I../zlibincludes" | 47 export CFLAGS="-Izlibincludes -I../zlibincludes" |
| 92 If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails, | 70 If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails, |
| 93 you can try compiling with --disable-openpty. You will probably then need | 71 you can try compiling with --disable-openpty. You will probably then need |
| 94 to create all the /dev/pty?? and /dev/tty?? devices, which can be | 72 to create all the /dev/pty?? and /dev/tty?? devices, which can be |
| 95 problematic for devfs. In general, openpty() is the best way to allocate | 73 problematic for devfs. In general, openpty() is the best way to allocate |
| 96 PTYs, so it's best to try and get it working. | 74 PTYs, so it's best to try and get it working. |
| 97 | |
| 98 | |
| 99 ============================================================================ | |
| 100 | |
| 101 Public key auth: | |
| 102 | |
| 103 You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put | |
| 104 the key entries in that file. They should be of the form: | |
| 105 | |
| 106 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname | |
| 107 | |
| 108 You must make sure that ~/.ssh, and the key file, are only writable by the | |
| 109 user. | |
| 110 | |
| 111 NOTE: Dropbear ignores authorized_keys options such as those described in the | |
| 112 OpenSSH sshd manpage, and will not allow a login for these keys. |