Hi Guys I need to implement ssh server daemon on OLD installations of real time OS, which uses flash memory and every program gets loaded in flash mem, once the device is booted. I have very limited space in flash memory of this device. SO what we are trying to do is reducing the size of sshd by taking out least common used things. Can someone give me input what features, version and crypto algorithm - most of recent ssh clients are using, so that we cover most of them. I already took out SSHv1, RSA and X11 from sshd. I need to reduce more in terms of size. Please guide me what-else I can safely remove without effecting major ssh clients. thanks Vikas
this is purely speculation, but you could probably eliminate quite a bit by taking out unneeded algorithms from openssl? i have no idea what it'd break, if anything... devon ----- Original Message ----- From: "Vikas Dewan" <vdewan at brocade.com> To: <openssh-unix-dev at mindrot.org> Sent: Wednesday, February 28, 2001 3:47 PM Subject: how can I reduce binary size of sshd?> Hi Guys > > I need to implement ssh server daemon on OLD installations of real timeOS, which uses flash memory and every program gets loaded in flash mem, once the device is booted.> > I have very limited space in flash memory of this device. > > SO what we are trying to do is reducing the size of sshd by taking outleast common used things.> > Can someone give me input what features, version and crypto algorithm -most of recent ssh clients are using, so that we cover most of them.> > I already took out SSHv1, RSA and X11 from sshd. I need to reduce more interms of size. Please guide me what-else I can safely remove without effecting major ssh clients.> > thanks > Vikas > >
Yes, I mean both ssl & ssh, I took out rsa, idea and rc5 from crypto ssl. SSHv1 and X11 code from openSSH, but I am thriving for more, without impacting most of ssh clients. Also studying the impact of taking out x509 certification stuff. Any idea? -----Original Message----- From: Devon Bleak [mailto:devon at admin2.gisnetworks.com] Sent: Wednesday, February 28, 2001 4:18 PM To: Vikas Dewan; openssh-unix-dev at mindrot.org Subject: Re: how can I reduce binary size of sshd? this is purely speculation, but you could probably eliminate quite a bit by taking out unneeded algorithms from openssl? i have no idea what it'd break, if anything... devon ----- Original Message ----- From: "Vikas Dewan" <vdewan at brocade.com> To: <openssh-unix-dev at mindrot.org> Sent: Wednesday, February 28, 2001 3:47 PM Subject: how can I reduce binary size of sshd?> Hi Guys > > I need to implement ssh server daemon on OLD installations of real timeOS, which uses flash memory and every program gets loaded in flash mem, once the device is booted.> > I have very limited space in flash memory of this device. > > SO what we are trying to do is reducing the size of sshd by taking outleast common used things.> > Can someone give me input what features, version and crypto algorithm -most of recent ssh clients are using, so that we cover most of them.> > I already took out SSHv1, RSA and X11 from sshd. I need to reduce more interms of size. Please guide me what-else I can safely remove without effecting major ssh clients.> > thanks > Vikas > >
Damien Miller wrote:>This is what we pull in from the OpenSSL headers. It may be a >rough guide to what we use: > >#include <openssl/bio.h> >#include <openssl/blowfish.h> >#include <openssl/bn.h> >#include <openssl/cast.h> >#include <openssl/crypto.h> >#include <openssl/des.h> >#include <openssl/dh.h> >#include <openssl/dsa.h> >#include <openssl/err.h> >#include <openssl/evp.h> >#include <openssl/hmac.h> >#include <openssl/md5.h> >#include <openssl/pem.h> >#include <openssl/rand.h> >#include <openssl/rc4.h> >#include <openssl/rsa.h> >#include <openssl/sha.h>Which algorithms is really required in OpenSSH? I've tried to compile OpenSSL without for example RSA support, but then I couldn't compile OpenSSH. I'm also wondering if anobody has experience with running lots of SSH connections on one single server (1000 or so). -- /Peter ?strand <astrand at lysator.liu.se>