Mercurial > dropbear
diff SMALL @ 161:b9d3f725e00b
0.44 release changes
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 02 Jan 2005 17:08:27 +0000 |
| parents | fe6bca95afa7 |
| children | 13cb8cc1b0e4 |
line wrap: on
line diff
--- a/SMALL Sun Jan 02 12:04:45 2005 +0000 +++ b/SMALL Sun Jan 02 17:08:27 2005 +0000 @@ -1,25 +1,36 @@ Tips for a small system: -The following are set in options.h - -- You can safely disable blowfish and twofish ciphers, and MD5 hmac, without - affecting interoperability +If you only want server functionality (for example), compile with + make PROGRAMS=dropbear +rather than just + make dropbear +so that client functionality in shared portions of Dropbear won't be included. +The same applies if you are compiling just a client. -- If you're compiling statically, you can turn off host lookups +--- + +The following are set in options.h: -- You can disable either password or public-key authentication, though note - that the IETF draft states that pubkey authentication is required. + - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without + affecting interoperability + + - If you're compiling statically, you can turn off host lookups -- Similarly with DSS and RSA, you can disable one of these if you know that - all clients will be able to support a particular one. The IETF draft - states that DSS is required, however you may prefer to use RSA. - DON'T disable either of these on systems where you aren't 100% sure about - who will be connecting and what clients they will be using. + - You can disable either password or public-key authentication, though note + that the IETF draft states that pubkey authentication is required. -- Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize + - Similarly with DSS and RSA, you can disable one of these if you know that + all clients will be able to support a particular one. The IETF draft + states that DSS is required, however you may prefer to use RSA. + DON'T disable either of these on systems where you aren't 100% sure about + who will be connecting and what clients they will be using. -- You can disable x11, tcp and agent forwarding as desired. None of these are - essential, although agent-forwarding is often useful even on firewall boxes. + - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize + + - You can disable x11, tcp and agent forwarding as desired. None of these are + essential, although agent-forwarding is often useful even on firewall boxes. + +--- If you are compiling statically, you may want to disable zlib, as it will use a few tens of kB of binary-size (./configure --disable-zlib).