# HG changeset patch # User Matt Johnston # Date 1092394731 0 # Node ID 9597c2e3b9d4fb0a993e31d068b373567df23ff3 # Parent ac96bc733e71fb69597b25eb4ffabcc8f7f6e44b Some doc changes diff -r ac96bc733e71 -r 9597c2e3b9d4 INSTALL --- a/INSTALL Thu Aug 12 17:18:53 2004 +0000 +++ b/INSTALL Fri Aug 13 10:58:51 2004 +0000 @@ -1,45 +1,30 @@ Basic Dropbear build instructions: -- First, edit options.h to choose user-defined features to choose, such as - which ciphers/hashes you want, which forwarding you want, etc. +- Edit options.h to set which features you want. +- Edit debug.h if you want any debug options (not usually required). -- Edit debug.h if you want any debug options - -- Now configure Dropbear's host-specific options - (if you are using a cvs copy, "autoconf; autoheader" first) +(If using a non-tarball copy, "autoconf; autoheader") ./configure (optionally with --disable-zlib or --disable-syslog, or --help for other options) -- Then compile and optionally install Dropbear: +Now compile: -(the Makefile requires GNU make, if you want to make it portable, send me - some patches) +make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" -make -make install (installs to /usr/local/sbin, /usr/local/bin by default) +And install (/usr/local/bin is usual default): -You need to generate server keys, this is one-off: -./dropbearkey -t rsa -f dropbear_rsa_host_key -./dropbearkey -t dss -f dropbear_dss_host_key - -or alternatively convert OpenSSH keys to Dropbear: -./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key +make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install -And you can now run the server. -./dropbear - -or './dropbear -h' to get options. +(you can leave items out of the PROGRAMS list to avoid compiling them. If you +recompile after changing the PROGRAMS list, you *MUST* "make clean" before +recompiling - bad things will happen otherwise) -If the server is run as non-root, you most likely won't be able to allocate a -pty, and you cannot login as any user other than that running the daemon -(obviously). Shadow passwords will also be unusable as non-root. +See MULTI for instructions on making all-in-one binaries. -The Dropbear distribution includes a standalone version of OpenSSH's scp -program. You can compile it with "make scp", you may want to change the path -of the ssh binary, specified near the top of the scp.c file. By default -the progress meter isn't compiled in to save space, you can enable it with -"make scp-progress". +If you want to compile statically, add "STATIC=1" to the make command-line. + +Binaries can be strippd with "make strip" ============================================================================ @@ -50,18 +35,11 @@ headers don't match the library you are running with, ie the headers might say that shadow password support exists, but the libraries don't have it. -To compile for uClibc the following should work: - -rm config.cache -CC=i386-uclib-gcc ./configure --disable-zlib -make clean -make -make strip - -... and that should be it. You can use "make static" to make statically linked -binaries, and it is advisable to strip the binaries too. If you're looking -to make a small binary, you should remove unneeded ciphers and MD5, by -editing options.h +Compiling for uClibc should be the same as normal, just set CC to the magic +uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever). +You can use "make STATIC=1" to make statically linked binaries, and it is +advisable to strip the binaries too. If you're looking to make a small binary, +you should remove unneeded ciphers and MD5, by editing options.h It is possible to compile zlib in, by copying zlib.h and zconf.h into a subdirectory (ie zlibincludes), and @@ -94,19 +72,3 @@ to create all the /dev/pty?? and /dev/tty?? devices, which can be problematic for devfs. In general, openpty() is the best way to allocate PTYs, so it's best to try and get it working. - - -============================================================================ - -Public key auth: - -You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put -the key entries in that file. They should be of the form: - -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname - -You must make sure that ~/.ssh, and the key file, are only writable by the -user. - -NOTE: Dropbear ignores authorized_keys options such as those described in the -OpenSSH sshd manpage, and will not allow a login for these keys. diff -r ac96bc733e71 -r 9597c2e3b9d4 MULTI --- a/MULTI Thu Aug 12 17:18:53 2004 +0000 +++ b/MULTI Fri Aug 13 10:58:51 2004 +0000 @@ -3,29 +3,24 @@ To compile for systems without much space (floppy distributions etc), you can create a single binary. This will save disk space by avoiding repeated -code between the three components (dropbear, dropbearkey, dropbearconvert). +code between the various parts. If you are familiar with "busybox", it's the same principle. -To use the multi-purpose binary, firstly enable the "#define DROPBEAR_MULTI" -line in options.h - -Then enable which of the binaries you want to compile, also in options.h -(by default these are all enabled). +To compile the multi-binary, first "make clean" (if you've compiled +previously), then -You should then "make clean" (if you compiled previously), then - -"make dropbearmulti" - -("make dropbearmultistatic" will make a static binary). +make PROGRAMS="programs you want here" MULTI=1 To use the binary, symlink it from the desired executable: ln -s dropbearmulti dropbear +ln -s dropbearmulti dbclient +etc then execute as normal: ./dropbear -"make install" doesn't currently work for multi-binary configuration, however +"make install" doesn't currently work for multi-binary configuration, though in most situations where it is being used, the target and build systems will differ. diff -r ac96bc733e71 -r 9597c2e3b9d4 README --- a/README Thu Aug 12 17:18:53 2004 +0000 +++ b/README Fri Aug 13 10:58:51 2004 +0000 @@ -1,4 +1,4 @@ -This is Dropbear, a smallish SSH 2 server. +This is Dropbear, a smallish SSH 2 server and client. INSTALL has compilation instructions. @@ -12,3 +12,41 @@ Matt Johnston matt@ucc.asn.au + +============================================================================ + +Public key auth: + +You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put +the key entries in that file. They should be of the form: + +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname + +You must make sure that ~/.ssh, and the key file, are only writable by the +user. + +NOTE: Dropbear ignores authorized_keys options such as those described in the +OpenSSH sshd manpage, and will not allow a login for these keys. + +To run the server, you need to generate server keys, this is one-off: +./dropbearkey -t rsa -f dropbear_rsa_host_key +./dropbearkey -t dss -f dropbear_dss_host_key + +or alternatively convert OpenSSH keys to Dropbear: +./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key + +And you can now run the server. +./dropbear + +or './dropbear -h' to get options. + +If the server is run as non-root, you most likely won't be able to allocate a +pty, and you cannot login as any user other than that running the daemon +(obviously). Shadow passwords will also be unusable as non-root. + +The Dropbear distribution includes a standalone version of OpenSSH's scp +program. You can compile it with "make scp", you may want to change the path +of the ssh binary, specified near the top of the scp.c file. By default +the progress meter isn't compiled in to save space, you can enable it with +"make scp-progress". +