Mercurial > dropbear
comparison SMALL @ 161:b9d3f725e00b
0.44 release changes
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 02 Jan 2005 17:08:27 +0000 |
parents | fe6bca95afa7 |
children | 13cb8cc1b0e4 |
comparison
equal
deleted
inserted
replaced
160:7ceceb46d655 | 161:b9d3f725e00b |
---|---|
1 Tips for a small system: | 1 Tips for a small system: |
2 | 2 |
3 The following are set in options.h | 3 If you only want server functionality (for example), compile with |
4 make PROGRAMS=dropbear | |
5 rather than just | |
6 make dropbear | |
7 so that client functionality in shared portions of Dropbear won't be included. | |
8 The same applies if you are compiling just a client. | |
4 | 9 |
5 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without | 10 --- |
6 affecting interoperability | |
7 | 11 |
8 - If you're compiling statically, you can turn off host lookups | 12 The following are set in options.h: |
9 | 13 |
10 - You can disable either password or public-key authentication, though note | 14 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without |
11 that the IETF draft states that pubkey authentication is required. | 15 affecting interoperability |
12 | 16 |
13 - Similarly with DSS and RSA, you can disable one of these if you know that | 17 - If you're compiling statically, you can turn off host lookups |
14 all clients will be able to support a particular one. The IETF draft | |
15 states that DSS is required, however you may prefer to use RSA. | |
16 DON'T disable either of these on systems where you aren't 100% sure about | |
17 who will be connecting and what clients they will be using. | |
18 | 18 |
19 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize | 19 - You can disable either password or public-key authentication, though note |
20 that the IETF draft states that pubkey authentication is required. | |
20 | 21 |
21 - You can disable x11, tcp and agent forwarding as desired. None of these are | 22 - Similarly with DSS and RSA, you can disable one of these if you know that |
22 essential, although agent-forwarding is often useful even on firewall boxes. | 23 all clients will be able to support a particular one. The IETF draft |
24 states that DSS is required, however you may prefer to use RSA. | |
25 DON'T disable either of these on systems where you aren't 100% sure about | |
26 who will be connecting and what clients they will be using. | |
27 | |
28 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize | |
29 | |
30 - You can disable x11, tcp and agent forwarding as desired. None of these are | |
31 essential, although agent-forwarding is often useful even on firewall boxes. | |
32 | |
33 --- | |
23 | 34 |
24 If you are compiling statically, you may want to disable zlib, as it will use | 35 If you are compiling statically, you may want to disable zlib, as it will use |
25 a few tens of kB of binary-size (./configure --disable-zlib). | 36 a few tens of kB of binary-size (./configure --disable-zlib). |
26 | 37 |
27 You can create a combined binary, see the file MULTI, which will put all | 38 You can create a combined binary, see the file MULTI, which will put all |