SSH Code Bloat

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
When using open source SSH, you must also use open source SSL -- what is
that 600kb of memory?

Mocana ( has an SSH solution that is 70kb in size, can run
with SSL or by itself.  It's fast, reusable, scalable and though it costs
more to buy up front, it is a lot cheaper to use across multiple
products/multiple projects than open source  (because it is reusable, an new
engineering effort is not required for EACH new product - that saves you
engineering dollars and time....).

Mocana SSH and SSL can be used on any OS, and any processor - available in
both client and server.

Re: SSH Code Bloat

Quoted text here. Click to load it

Several algorithms not used in SSH, a generic loadable module engine,
support for several hardware accelerator cards and probably many other
things.  Some of those can be disabled at build time, although I'm not
sure how much space it would save.

Also, the term "open source SSH" could apply equally to a number of
products (LSH, Dropbear, FreSSH, OpenSSH and possibly others).  It sounds
like you're referring specifically to OpenSSH and OpenSSL, if so you
should probably say so.  Neither LSH or Dropbear use OpenSSL (LSH uses
GMP and nettle, Dropbear uses libtommath and libtomcrypt).

Quoted text here. Click to load it

OpenSSH's goal is portability and reusability, not minimum size.  It
would be interesting to compare against Dropbear, which is designed for
small size (the author claims 110kB for a minimal statically-linked ssh2
server on a Unix host.)

Quoted text here. Click to load it

Out of curiosity, why would engineering effort spent on an "open source
SSH" not also be reusable?

Quoted text here. Click to load it

I could probably find a 6502 or Atmel AVR in my junkbox, would those
work :-?

Disclosure: I'm one of the OpenSSH developers, and I've contributed patches
to Dropbear.  What's your relationship to Mocana?

I also notice that you multi-posted this to comp.os.os9, comp.os.qnx,
comp.os.vxworks,,,, and  You might
want to get some news software that can cross-post.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline