(CCing the Dropbear list since it might be of interest)

On Thu, Jan 18, 2007 at 12:55:53PM +1100, John wrote:
> I'm using an editor called ultraedit, 
> which has the capability of editing remote files through the use of 
> ftp/sftp, and I am not sure where to start in getting sftp to work with 
> dropbear.  I have seen mention of using the OpenSSH implimentation of 
> sftp-server on the internet, but originally rejected OpenSSH in favour 
> of dropbear because of size constraints.  Is there any info kicking 
> around about how to use sftp with dropbear (or how much of the OpenSSH 
> package is required to use it's version of sftp-server)?  Alternately, 
> is there any future plans to encorporate sftp into dropbear?

It's fairly easy to compile OpenSSH's sftp-server without
linking to OpenSSL, and it should end up reasonably small. A
fair amount of of code depends on OpenSSL headers, so
you'll probably have to put them somewhere visible even if
you don't bother compiling OpenSSL libraries for your target

1) Grab a recent OpenSSH release. (I had 4.2p1 handy)

2) Edit configure.ac, remove the OpenSSL tests. (Or maybe
   leave the header tests in?)

3) autoconf; autoheader     (to regenerate 'configure')

4) Edit Makefile.in, remove the $(LIBS) part of the
   sftp-server build line (line 160, after the one that
   begins with "sftp-server$(EXEEXT):")

5) ./configure    (with target platform CC, CFLAGS etc)

6) Edit bufaux.c and bufaux.h, remove all the functions
   related to bignums. Also remove the #include for openssl

7) make sftp-server

8) Copy the sftp-server binary to /usr/libexec/sftp-server
   or similar on the target (edit Dropbear's options.h to
   set where)

I end up with a 35kB dynamic binary on x86 Debian.  You
could probably combine sftp-server into a dropbearmulti
binary with a bit of work fiddling with the main() function.
There might be other code that could be trimmed from
sftp-server, I haven't looked too closely.

I'm unlikely to develop my own sftp-server for Dropbear in
the near future.


Reply via email to