summaryrefslogtreecommitdiffhomepage
path: root/SMALL
diff options
context:
space:
mode:
Diffstat (limited to 'SMALL')
-rw-r--r--SMALL53
1 files changed, 53 insertions, 0 deletions
diff --git a/SMALL b/SMALL
new file mode 100644
index 0000000..babd671
--- /dev/null
+++ b/SMALL
@@ -0,0 +1,53 @@
+Tips for a small system:
+
+If you only want server functionality (for example), compile with
+ make PROGRAMS=dropbear
+rather than just
+ make dropbear
+so that client functionality in shared portions of Dropbear won't be included.
+The same applies if you are compiling just a client.
+
+---
+
+The following are set in options.h:
+
+ - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
+ affecting interoperability
+
+ - If you're compiling statically, you can turn off host lookups
+
+ - You can disable either password or public-key authentication, though note
+ that the IETF draft states that pubkey authentication is required.
+
+ - Similarly with DSS and RSA, you can disable one of these if you know that
+ all clients will be able to support a particular one. The IETF draft
+ states that DSS is required, however you may prefer to use RSA.
+ DON'T disable either of these on systems where you aren't 100% sure about
+ who will be connecting and what clients they will be using.
+
+ - Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
+
+ - You can disable x11, tcp and agent forwarding as desired. None of these are
+ essential, although agent-forwarding is often useful even on firewall boxes.
+
+---
+
+If you are compiling statically, you may want to disable zlib, as it will use
+a few tens of kB of binary-size (./configure --disable-zlib).
+
+You can create a combined binary, see the file MULTI, which will put all
+the functions into one binary, avoiding repeated code.
+
+If you're compiling with gcc, you might want to look at gcc's options for
+stripping unused code. The relevant vars to set before configure are:
+
+LDFLAGS=-Wl,--gc-sections
+CFLAGS="-ffunction-sections -fdata-sections"
+
+You can also experiment with optimisation flags such as -Os, note that in some
+cases these flags actually seem to increase size, so experiment before
+deciding.
+
+Of course using small C libraries such as uClibc and dietlibc can also help.
+
+If you have any queries, mail me and I'll see if I can help.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 13:43:41 +0000