ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 10:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,627 Commits 5 Branches 63 Tags 14 MiB
286b6b9f80
Commit Graph

161 Commits

Author SHA1 Message Date
Matt Johnston
8062a4e8d6 mention localoptions.h being build directory, fix underscore in CHANGES 2018-03-01 22:12:30 +08:00
Matt Johnston
3f3f399231 - Fix dependencies and remove old default_options.h from version control 
- Rename default_options.h.in -> default_options.h, and
  default_options.h -> default_options_guard.h
- Fix newlines in default_options.h
 2018-02-19 22:16:50 +08:00
Matt Johnston
802dace05e include config.h for options.h. don't need to include options.h when 
includes.h brings it in
 2018-02-18 11:22:13 +08:00
Matt Johnston
a94338dc67 add configuration option for default RSA size. 
print key size with dropbearkey
 2017-06-24 23:32:25 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Matt Johnston
d6daad29fc options for disabling "normal" DH 2016-05-02 23:48:16 +02:00
Matt Johnston
4664ce2c35 move group14 and group16 to options.h, group14-sha256 on by default 2016-05-02 17:03:55 +02:00
Matt Johnston
fdc61f3ab2 Get rid of group15, move group16 to sha512. 
New groups are disabled by default pending
draft-ietf-curdle-ssh-kex-sha2-02 being finalised
 2016-03-12 16:21:13 +08:00
Matt Johnston
21ed9480d7 add dh group15 and group16, disabled by default 2016-01-15 00:19:11 +08:00
Matt Johnston
00798ca8cc Test for crypt() rather than crypt.h 
Print a message from configure if getpass() or crypt() were missing
 2015-10-21 23:08:22 +08:00
Mike Frysinger
e84cb3c3c2 fix default build when getpass() is unavailable 
if the system doesn't support getpass, we still default on the options
that require it which causes a build failure.  instead, only default
enable these when getpass is available.
 2015-10-21 22:48:15 +08:00
Mike Frysinger
78b9cecb52 fix default build when crypt() is unavailable 
if the system doesn't support crypt.h/crypt, then ENABLE_SVR_PASSWORD_AUTH
cannot work.  rather than default this to on all the time, do so only when
support for the header is found.
 2015-10-21 22:40:11 +08:00
Matt Johnston
941c067765 change DROPBEAR_DEFAULT_CLI_AUTHKEY to just prepend homedir 
rather than doing ~ expansion
 2015-08-03 20:45:04 +08:00
Matt Johnston
ecd8505218 Disable twofish-ctr by default, add config option 2015-06-03 22:59:59 +08:00
Thorsten Horstmann
fdb7ffa864 DROPBEAR_ prefix for include guards to avoid collisions 2015-02-24 20:43:01 +08:00
Matt Johnston
c44a78a2e6 Tighten validation of DH values. Odds of x==0 being generated are 
improbable, roughly 2**-1023
Regression in 0.49
 2015-02-10 21:46:19 +08:00
Matt Johnston
a7a79d569a Disable non-delayed zlib for server 2015-01-28 21:38:27 +08:00
Matt Johnston
6165f53fcd Default client key path ~/.ssh/id_dropbear 2015-01-24 00:05:26 +08:00
Matt Johnston
6cbb23a819 Add config option to disable cbc. Disable twofish by default 2015-01-23 22:37:14 +08:00
Matt Johnston
1ed8d3938e Enable sha2 HMACs by default, they're required for ecdsa already 2015-01-13 20:55:04 +08:00
Mike Frysinger
ed2e276b3a use xauth in /usr/bin 
Since the x.org rework, X has been installed into standard paths and not
its own random prefixes.  I think it's time we update the default paths
accordingly.
 2014-08-01 06:14:19 -04:00
Matt Johnston
c884e5000e Make -K keepalive behave like OpenSSH's ServerAliveInterval 2014-07-09 00:15:20 +08:00
Matt Johnston
5e4dc71907 CHANGES for 2014.63 2014-02-19 22:01:01 +08:00
Matt Johnston
61cecbb337 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default 2014-01-17 21:39:27 +08:00
Matt Johnston
de1deaf0bd use oldstyle comments 2013-11-14 22:03:30 +08:00
Matt Johnston
f025277147 comments, turn off debugging options 
--HG--
branch : ecc
 2013-11-09 00:14:28 +08:00
Matt Johnston
1e00d0b926 - Make curve25519 work after fixing a typo, interoperates with OpenSSH 
- comment on ecc binary size effects

--HG--
branch : ecc
 2013-11-09 00:02:26 +08:00
Matt Johnston
29b1455f36 Merge 
--HG--
branch : ecc
 2013-11-08 23:32:13 +08:00
Matt Johnston
0162c116da curve25519 
--HG--
branch : ecc
 2013-11-08 23:11:43 +08:00
Matt Johnston
58fe1c2d2a Add '-R' for delayed hostkey option 
--HG--
branch : keyondemand
 2013-11-07 23:49:37 +08:00
Matt Johnston
4363b8b32d refactor key generation, make it generate as required. 
Needs UI in server command line options

--HG--
branch : keyondemand
 2013-11-07 00:18:52 +08:00
Matt Johnston
51b5cdd430 Enable SMALL_CODE by default 
--HG--
branch : ecc
 2013-05-21 13:44:48 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
95a21c8fd7 ecdsa is working 
--HG--
branch : ecc
 2013-05-03 23:07:48 +08:00
Matt Johnston
43769b5bb3 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins 2013-04-18 21:47:38 +08:00
Matt Johnston
7f091e7019 start on ecdsa keys 
--HG--
branch : ecc
 2013-04-09 00:36:04 +08:00
Matt Johnston
c6bdc810ab ecc kind of works, needs fixing/testing 
--HG--
branch : ecc
 2013-04-07 01:36:42 +08:00
Matt Johnston
557d86aa79 Fix a few options and headers 2013-04-03 07:33:47 +08:00
Matt Johnston
99d9cf500b Add kexguess2 behaviour 
--HG--
branch : kexguess
 2013-03-29 23:29:48 +08:00
Matt Johnston
73e22c115c refactor kexdh code a bit, start working on ecdh etc 
--HG--
branch : ecc
 2013-03-26 01:35:22 +08:00
Matt Johnston
845ad0be39 Fix "-c none" so that it allows aes during authentication 
Default for options.h shouldn't allow "none"
 2013-03-20 23:52:49 +08:00
Matt Johnston
d37dcc636f Merge "none" cipher/MAC branch. Also adds sha256 and sha512 2013-03-20 22:41:07 +08:00
Matt Johnston
d7f2153631 DSS_PROTOK is not necessary now that private keys are included 
in the random generation input
 2013-02-23 17:55:46 +08:00
Paul Eggleton
1205fa68df Allow configuring "allow blank password option" at runtime 
Changes this from a compile-time switch to a command-line option.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 2013-02-12 15:52:57 +00:00
Matt Johnston
d5ccc32b4d Improve RNG seeding. 
Try to read from /dev/urandom multiple times, take input from extra sources,
and use /dev/random when generating private keys
 2012-06-29 23:19:43 +08:00
Matt Johnston
e719a9ef6f - Only request "none" cipher after auth has succeeded 
--HG--
branch : insecure-nocrypto
 2012-05-17 20:52:57 +08:00
Matt Johnston
a02d38072a Add ALLOW_NONE_PASSWORD_AUTH option 
--HG--
branch : insecure-nocrypto
 2012-05-17 08:33:11 +08:00
Matt Johnston
f2cd610750 Merge in "-m"/"-c" code 
--HG--
branch : insecure-nocrypto
 2012-05-17 08:09:19 +08:00
Matt Johnston
db34044c7f ENABLE_USER_ALGO_LIST should work for the client 2012-05-17 00:26:12 +08:00
Matt Johnston
036edd6206 Add rough support for choosing ciphers/hashes with "-c" or "-m" 2012-05-17 00:12:42 +08:00