Mercurial > dropbear
comparison SMALL @ 161:b9d3f725e00b
0.44 release changes
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 02 Jan 2005 17:08:27 +0000 |
| parents | fe6bca95afa7 |
| children | 13cb8cc1b0e4 |
comparison
equal
deleted
inserted
replaced
| 160:7ceceb46d655 | 161:b9d3f725e00b |
|---|---|
| 1 Tips for a small system: | 1 Tips for a small system: |
| 2 | 2 |
| 3 The following are set in options.h | 3 If you only want server functionality (for example), compile with |
| 4 make PROGRAMS=dropbear | |
| 5 rather than just | |
| 6 make dropbear | |
| 7 so that client functionality in shared portions of Dropbear won't be included. | |
| 8 The same applies if you are compiling just a client. | |
| 4 | 9 |
| 5 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without | 10 --- |
| 6 affecting interoperability | |
| 7 | 11 |
| 8 - If you're compiling statically, you can turn off host lookups | 12 The following are set in options.h: |
| 9 | 13 |
| 10 - You can disable either password or public-key authentication, though note | 14 - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without |
| 11 that the IETF draft states that pubkey authentication is required. | 15 affecting interoperability |
| 12 | 16 |
| 13 - Similarly with DSS and RSA, you can disable one of these if you know that | 17 - If you're compiling statically, you can turn off host lookups |
| 14 all clients will be able to support a particular one. The IETF draft | |
| 15 states that DSS is required, however you may prefer to use RSA. | |
| 16 DON'T disable either of these on systems where you aren't 100% sure about | |
| 17 who will be connecting and what clients they will be using. | |
| 18 | 18 |
| 19 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize | 19 - You can disable either password or public-key authentication, though note |
| 20 that the IETF draft states that pubkey authentication is required. | |
| 20 | 21 |
| 21 - You can disable x11, tcp and agent forwarding as desired. None of these are | 22 - Similarly with DSS and RSA, you can disable one of these if you know that |
| 22 essential, although agent-forwarding is often useful even on firewall boxes. | 23 all clients will be able to support a particular one. The IETF draft |
| 24 states that DSS is required, however you may prefer to use RSA. | |
| 25 DON'T disable either of these on systems where you aren't 100% sure about | |
| 26 who will be connecting and what clients they will be using. | |
| 27 | |
| 28 - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize | |
| 29 | |
| 30 - You can disable x11, tcp and agent forwarding as desired. None of these are | |
| 31 essential, although agent-forwarding is often useful even on firewall boxes. | |
| 32 | |
| 33 --- | |
| 23 | 34 |
| 24 If you are compiling statically, you may want to disable zlib, as it will use | 35 If you are compiling statically, you may want to disable zlib, as it will use |
| 25 a few tens of kB of binary-size (./configure --disable-zlib). | 36 a few tens of kB of binary-size (./configure --disable-zlib). |
| 26 | 37 |
| 27 You can create a combined binary, see the file MULTI, which will put all | 38 You can create a combined binary, see the file MULTI, which will put all |