openssh: drop openssl and zlib dependencies

[benoit-pierre]

We actually don't need them for building the only 2 executables we care about (scp & sftp-server).

---

This change is 

[Frenzie]

I'm not sure if I quite follow. That sounds like you can't use them with servers that only allow compression (weird, I know) or encryption (not so weird).

[benoit-pierre]

# On master:
▸ ./utils/bininfo.py build/arm-kindlepw2-linux-gnueabi/{scp,sftp-server}
build/arm-kindlepw2-linux-gnueabi/scp:
  RPATH     : $ORIGIN:$ORIGIN/libs
  NEEDED    : librt.so.1
  NEEDED    : libc.so.6
build/arm-kindlepw2-linux-gnueabi/sftp-server:
  RPATH     : $ORIGIN:$ORIGIN/libs
  NEEDED    : librt.so.1
  NEEDED    : libc.so.6
▸ sha1sum build/arm-kindlepw2-linux-gnueabi/{scp,sftp-server}
eb136d4d17070482655f1e886a1820b9eed8ee52  build/arm-kindlepw2-linux-gnueabi/scp
93c1d633d0b961f1d5886cac9bc1202622b022ff  build/arm-kindlepw2-linux-gnueabi/sftp-server
# This PR:
▸ ./utils/bininfo.py build/arm-kindlepw2-linux-gnueabi/{scp,sftp-server}
build/arm-kindlepw2-linux-gnueabi/scp:
  RPATH     : $ORIGIN:$ORIGIN/libs
  NEEDED    : librt.so.1
  NEEDED    : libc.so.6
build/arm-kindlepw2-linux-gnueabi/sftp-server:
  RPATH     : $ORIGIN:$ORIGIN/libs
  NEEDED    : librt.so.1
  NEEDED    : libc.so.6
▸ sha1sum build/arm-kindlepw2-linux-gnueabi/{scp,sftp-server}
eb136d4d17070482655f1e886a1820b9eed8ee52  build/arm-kindlepw2-linux-gnueabi/scp
93c1d633d0b961f1d5886cac9bc1202622b022ff  build/arm-kindlepw2-linux-gnueabi/sftp-server

So absolutely no change.

I'm not sure if I quite follow. That sounds like you can't use them with servers that only allow compression (weird, I know) or encryption (not so weird).

From the OpenSSH Manual:

The SSH2 protocol implemented in OpenSSH is standardized by the IETF secsh working group and is specified in several RFCs and drafts. The overall structure of SSH2 is described in the architecture RFC. It is composed of three layered components:

• The transport layer provides algorithm negotiation and a key exchange. The key exchange includes server authentication and results in a cryptographically secured connection: it provides integrity, confidentiality and optional compression.
• The user authentication layer uses the established connection and relies on the services provided by the transport layer. It provides several mechanisms for user authentication. These include traditional password authentication as well as public-key or host-based authentication mechanisms.
• The connection layer multiplexes many different concurrent channels over the authenticated connection and allows tunneling of login sessions and TCP-forwarding. It provides a flow control service for these channels. Additionally, various channel-specific options can be negotiated.

Dropbear is in charge of the transport layer, so encryption and compression are not handled by the sftp-server binary.

After compiling OpenSSH for the emulator, and trying to run the resulting scp binary:

▸ ./build/x86_64-pc-linux-gnu/scp -C Makefile localhost:
/usr/local/bin/ssh: No such file or directory
./build/x86_64-pc-linux-gnu/scp: Connection closed
▸ strings build/arm-kindlepw2-linux-gnueabi/scp | /usr/bin/grep -x /usr/local/bin/ssh
/usr/local/bin/ssh

And indeed, looking at scp's man page:

-C Compression enable. Passes the -C flag to ssh(1) to enable compression.

So scp call ssh to handle the nitty-gritty of connecting and managing the transport layer. It looks like our shipped scp binary is unusable without including the ssh binary too.

[Frenzie]

It looks like our shipped scp binary is unusable without including the ssh binary too.

But hold on, aren't all of those provided by Dropbear itself? What's OpenSSH needed for at all then?

[benoit-pierre]

Yeah, I don't understand why we don't ship dropbear' scp binary, along with dbclient. We do still need OpenSSH' sftp-server binary.

[Frenzie]

A confusing situation all around then, but as long as scp continues to support compression fine by me so far. :-)

[NiLuJe]

There was a thing about dbscp that annoyed me at one point, but it's been so long I can't really recall ;p.

(That, or it's simply based on an old snapshot of OpenSSH's scp, so I figured, eh, we already need sftp from OpenSSH, let's just use all of the clients ;p).