how can I reduce binary size of sshd?

Damien Miller djm at mindrot.org
Fri Mar 9 10:42:54 EST 2001


On Thu, 8 Mar 2001, Peter Åstrand wrote:

>
> Damien Miller wrote:
>
> >This is what we pull in from the OpenSSL headers. It may be a
> >rough guide to what we use:
> >
> >#include <openssl/bio.h>
> >#include <openssl/blowfish.h>
> >#include <openssl/bn.h>
> >#include <openssl/cast.h>
> >#include <openssl/crypto.h>
> >#include <openssl/des.h>
> >#include <openssl/dh.h>
> >#include <openssl/dsa.h>
> >#include <openssl/err.h>
> >#include <openssl/evp.h>
> >#include <openssl/hmac.h>
> >#include <openssl/md5.h>
> >#include <openssl/pem.h>
> >#include <openssl/rand.h>
> >#include <openssl/rc4.h>
> >#include <openssl/rsa.h>
> >#include <openssl/sha.h>
>
> Which algorithms is really required in OpenSSH? I've tried to compile
> OpenSSL without for example RSA support, but then I couldn't compile OpenSSH.

Blowfish, Casti-128, (3)DES, Diffie-Hellman, DSA, HMAC, MD5, RC4, RSA, SHA,
Rijndael (not from OpenSSL, though). I think that is all of them :)

> I'm also wondering if anobody has experience with running lots of SSH
> connections on one single server (1000 or so).

Make sure you do run into process or fd limits.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer






More information about the openssh-unix-dev mailing list