how can I reduce binary size of sshd?

mouring at mouring at
Thu Mar 1 12:42:16 EST 2001

Umm.. I would trust RSA over DSA any day of the week.  Unless you know you
have a solid system entropy (aka /dev/random) on the machine your porting

I also suggest looking at what parts of openbsd-compat/ is being included
and update your core libraries with better tuned code for your platform.

If your using sshv2 only you may want to limit your crypto to one
or two.  3DES is required.  Blowfish would be a good secondary one.

Also limit your MACs to maybe a subset of the Internet draft.

Other then that.. All you can do is attempt to tighten up existing code.

If you staticly compile ssl into ssh then you should not have to worry
about stripping OpenSSL.

- Ben

On Wed, 28 Feb 2001, Vikas Dewan wrote:

> Yes, I mean both ssl & ssh, I took out rsa, idea and rc5 from crypto ssl. SSHv1 and X11 code from openSSH, but I am thriving for more, without impacting most of ssh clients.
> Also studying the impact of taking out x509 certification stuff. Any idea?
> -----Original Message-----
> From: Devon Bleak [mailto:devon at]
> Sent: Wednesday, February 28, 2001 4:18 PM
> To: Vikas Dewan; openssh-unix-dev at
> Subject: Re: how can I reduce binary size of sshd?
> this is purely speculation, but you could probably eliminate quite a bit by
> taking out unneeded algorithms from openssl?  i have no idea what it'd
> break, if anything...
> devon
> ----- Original Message -----
> From: "Vikas Dewan" <vdewan at>
> To: <openssh-unix-dev at>
> Sent: Wednesday, February 28, 2001 3:47 PM
> Subject: how can I reduce binary size of sshd?
> > Hi Guys
> >
> > I need to implement ssh server daemon on OLD installations of real time
> OS, which uses flash memory and every program gets loaded in flash mem, once
> the device is booted.
> >
> > I have very limited space in flash memory of this device.
> >
> > SO what we are trying to do is reducing the size of sshd by taking out
> least common used things.
> >
> > Can someone give me input what features, version and crypto algorithm -
> most of recent ssh clients are using, so that we cover most of them.
> >
> > I already took out SSHv1, RSA and X11 from sshd. I need to reduce more in
> terms of size. Please guide me what-else I can safely remove without
> effecting major ssh clients.
> >
> > thanks
> > Vikas
> >
> >

More information about the openssh-unix-dev mailing list