ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add '-R' for delayed hostkey option

Browse Source 
--HG--
branch : keyondemand
This commit is contained in:
Matt Johnston
2013-11-07 23:49:37 +08:00
parent 4363b8b32d
commit 58fe1c2d2a
10 changed files with 104 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
options.h
View File

@@ -8,7 +8,7 @@
/* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
* parts are to allow for commandline -DDROPBEAR_XXX options etc. */
/* Important: Many options will require "make clean" after changes */
/* IMPORTANT: Many options will require "make clean" after changes */
#ifndef DROPBEAR_DEFPORT
#define DROPBEAR_DEFPORT "22"
@@ -129,7 +129,7 @@ much traffic. */
/* You can also disable integrity. Don't bother disabling this if you're
* still using a cipher, it's relatively cheap. If you disable this it's dead
* simple to run arbitrary commands on the remote host. Beware. */
* simple for an attacker to run arbitrary commands on the remote host. Beware. */
/* #define DROPBEAR_NONE_INTEGRITY */
/* Hostkey/public key algorithms - at least one required, these are used
@@ -138,15 +138,22 @@ much traffic. */
* SSH2 RFC Draft requires dss, recommends rsa */
#define DROPBEAR_RSA
#define DROPBEAR_DSS
#define DROPBEAR_ECDH
#define DROPBEAR_ECDSA
/* Generate hostkeys as-needed when the first connection using that key type occurs.
This avoids the need to otherwise run "dropbearkey" and avoids some problems
with badly seeded random devices when systems first boot.
This also requires a runtime flag "-R". */
#define DROPBEAR_DELAY_HOSTKEY
/* RSA can be vulnerable to timing attacks which use the time required for
* signing to guess the private key. Blinding avoids this attack, though makes
* signing operations slightly slower. */
#define RSA_BLINDING
/* Enable elliptic curve Diffie Hellman key exchange */
#define DROPBEAR_ECDH
/* Control the memory/performance/compression tradeoff for zlib.
* Set windowBits=8 for least memory usage, see your system's
* zlib.h for full details.
@@ -180,9 +187,9 @@ much traffic. */
* PAM challenge/response.
* You can't enable both PASSWORD and PAM. */
//#define ENABLE_SVR_PASSWORD_AUTH
#define ENABLE_SVR_PASSWORD_AUTH
/* PAM requires ./configure --enable-pam */
#define ENABLE_SVR_PAM_AUTH
/*#define ENABLE_SVR_PAM_AUTH */
#define ENABLE_SVR_PUBKEY_AUTH
/* Whether to take public key options in