This is Dropbear, a smallish SSH 2 server.

It is fairly stable, though hasn't had extensive testing, so if you want to use
it somewhere important, test it first. I'd appreciate if you let me know about
any bugs you find.

See TODO for a few of the things I know need looking at.

matt@ucc.asn.au

============================================================================

Basic build instructions:

(if you're using it from CVS, you need to automake; autoconf)

- Edit options.h to choose features to include
- Edit debug.h if you want any debug options

./configure      (optionally with --disable-zlib)
make
make install     (installs to /usr/local/sbin, /usr/local/bin by default)

You need to generate server keys, this is one-off:
./dropbearkey -t rsa -f dropbear_rsa_host_key
./dropbearkey -t dss -f dropbear_dss_host_key

or alternatively convert OpenSSH keys to Dropbear:
./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key

And you can now run the server.
./dropbear

or './dropbear -h' to get options.

If the server is run as non-root, you most likely won't be able to allocate a
pty, and you cannot login as any user other than that running the daemon
(obviously). Shadow passwords will also be unusable as non-root.

You can use scp with dropbear, you'll just need to put scp from OpenSSH (or
equivalent) in your path (/usr/bin/scp etc).

============================================================================

Compiling with uclibc:

Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior
versions is horribly broken.

Dropbear should compile fine with uclibc, just do the following (works for
bash style shells, others might differ):

export CC=i386-uclibc-gcc
rm config.cache
./configure --disable-zlib
cd libtomcrypt; make clean; make
cd ..; make clean; make

... and that should be it. You can use "make static" to make statically linked 
binaries, and it is advisable to strip the binaries too. If you're looking
to make a small binary, you should remove unneeded ciphers and md5, by 
editing options.h

It is possible to compile zlib in, by copying zlib.h and zconf.h into a
subdirectory (ie zlibincludes), and 

export CFLAGS="-Izlibincludes -I../zlibincludes"
export LDFLAGS=/usr/lib/libz.a

before ./configure and make.

If you disable zlib, you must explicitly disable compression for the client -
OpenSSH is possibly buggy in this regard, it seems you need to disable it
globally in ~/.ssh/config, not just in the host entry in that file.

You may want to manually disable lastlog recording when using uClibc, configure
with --disable-lastlog

============================================================================

Public key auth:

You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
the key entries in that file. They should be of the form:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname

You must make sure that ~/.ssh, and the key file, are only writable by the
user.

NOTE: dropbear ignores authorized_keys options such as those described in the
OpenSSH sshd manpage, and will not allow a login for these keys. 
