Mercurial > dropbear
diff SMALL @ 389:5ff8218bcee9
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e)
to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 11 Jan 2007 03:14:55 +0000 |
parents | b9d3f725e00b |
children | 13cb8cc1b0e4 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/SMALL Thu Jan 11 03:14:55 2007 +0000 @@ -0,0 +1,53 @@ +Tips for a small system: + +If you only want server functionality (for example), compile with + make PROGRAMS=dropbear +rather than just + make dropbear +so that client functionality in shared portions of Dropbear won't be included. +The same applies if you are compiling just a client. + +--- + +The following are set in options.h: + + - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without + affecting interoperability + + - If you're compiling statically, you can turn off host lookups + + - You can disable either password or public-key authentication, though note + that the IETF draft states that pubkey authentication is required. + + - Similarly with DSS and RSA, you can disable one of these if you know that + all clients will be able to support a particular one. The IETF draft + states that DSS is required, however you may prefer to use RSA. + DON'T disable either of these on systems where you aren't 100% sure about + who will be connecting and what clients they will be using. + + - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize + + - You can disable x11, tcp and agent forwarding as desired. None of these are + essential, although agent-forwarding is often useful even on firewall boxes. + +--- + +If you are compiling statically, you may want to disable zlib, as it will use +a few tens of kB of binary-size (./configure --disable-zlib). + +You can create a combined binary, see the file MULTI, which will put all +the functions into one binary, avoiding repeated code. + +If you're compiling with gcc, you might want to look at gcc's options for +stripping unused code. The relevant vars to set before configure are: + +LDFLAGS=-Wl,--gc-sections +CFLAGS="-ffunction-sections -fdata-sections" + +You can also experiment with optimisation flags such as -Os, note that in some +cases these flags actually seem to increase size, so experiment before +deciding. + +Of course using small C libraries such as uClibc and dietlibc can also help. + +If you have any queries, mail me and I'll see if I can help.