Hi everybody, Does anyone have experience with DropBear SSH server/client (http://matt.ucc.asn.au/dropbear/dropbear.html)? The context is an embedded product with AMCC PPC460, Linux (say, 2.6.25 or later), and busybox (1.10 or later) as the base, being defined/designed now. The target audience is top tier customers, such as governments, Fortune-whatever companies, major financial institutions, etc. SSH access is essential (need ssh client, sshd, ssh-keygen, scp, whatever dependencies there are).
Busybox does not provide SSH functionality by itself, and recommends Dropbear (http://busybox.net/tinyutils.html). I would like to be quite sure that DropBear has the functionality and the security that the target market requires. So far, what I see in the docs is as follows: * Judging by Changelog, Dropbear is in version 0.51, and the development is not very active. This may be because it is very stable and very secure, or may be because there are not many development resources. * Uses LibTomCrypt rather than SSL - can anyone comment on security/functionality? I see my choces as DropBear vs. OpenSSH, compiled and linked for busybox. I am not particularly concerned about CPU or RAM, but I have a rather serious shortage of (flash) storage in the system. In our estimate, OpenSSH will take at least 10 times more storage than DropBear (between 1.2 and 1.5M rather than 110K Dropbear claims). What I am interested to know is whether DropBear is a good substitute for OpenSSH in terms of: * functionality * full compatibility * security * stability * etc. Any comments/experiences? Thanks a lot in advance, -- Oleg Goldshmidt | [EMAIL PROTECTED] ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
