comparison SMALL @ 161:b9d3f725e00b

0.44 release changes
author Matt Johnston <matt@ucc.asn.au>
date Sun, 02 Jan 2005 17:08:27 +0000
parents fe6bca95afa7
children 13cb8cc1b0e4
comparison
equal deleted inserted replaced
160:7ceceb46d655 161:b9d3f725e00b
1 Tips for a small system: 1 Tips for a small system:
2 2
3 The following are set in options.h 3 If you only want server functionality (for example), compile with
4 make PROGRAMS=dropbear
5 rather than just
6 make dropbear
7 so that client functionality in shared portions of Dropbear won't be included.
8 The same applies if you are compiling just a client.
4 9
5 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without 10 ---
6 affecting interoperability
7 11
8 - If you're compiling statically, you can turn off host lookups 12 The following are set in options.h:
9 13
10 - You can disable either password or public-key authentication, though note 14 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
11 that the IETF draft states that pubkey authentication is required. 15 affecting interoperability
12 16
13 - Similarly with DSS and RSA, you can disable one of these if you know that 17 - If you're compiling statically, you can turn off host lookups
14 all clients will be able to support a particular one. The IETF draft
15 states that DSS is required, however you may prefer to use RSA.
16 DON'T disable either of these on systems where you aren't 100% sure about
17 who will be connecting and what clients they will be using.
18 18
19 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize 19 - You can disable either password or public-key authentication, though note
20 that the IETF draft states that pubkey authentication is required.
20 21
21 - You can disable x11, tcp and agent forwarding as desired. None of these are 22 - Similarly with DSS and RSA, you can disable one of these if you know that
22 essential, although agent-forwarding is often useful even on firewall boxes. 23 all clients will be able to support a particular one. The IETF draft
24 states that DSS is required, however you may prefer to use RSA.
25 DON'T disable either of these on systems where you aren't 100% sure about
26 who will be connecting and what clients they will be using.
27
28 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
29
30 - You can disable x11, tcp and agent forwarding as desired. None of these are
31 essential, although agent-forwarding is often useful even on firewall boxes.
32
33 ---
23 34
24 If you are compiling statically, you may want to disable zlib, as it will use 35 If you are compiling statically, you may want to disable zlib, as it will use
25 a few tens of kB of binary-size (./configure --disable-zlib). 36 a few tens of kB of binary-size (./configure --disable-zlib).
26 37
27 You can create a combined binary, see the file MULTI, which will put all 38 You can create a combined binary, see the file MULTI, which will put all