For the sake of review, this commit alters only the code; the affiliated
comments within the source files also need to be updated, but doing so
now would obscure the operational changes that have been made here.
* All on/off options have been switched to the numeric `#if' variant;
that is the only way to make this `default_options.h.in' thing work
in a reasonable manner.
* There is now some very minor compile-time checking of the user's
choice of options.
* NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed.
* ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST,
and this commit completes that work.
* DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option,
which was added by the following commit:
commit 6e0b539e9c
Author: Matt Johnston <matt@ucc.asn.au>
Date: Tue May 23 22:29:21 2017 +0800
split out checkpubkey_line() separately
It has now been added to `sysoptions.h' and defined as `0' by default.
* The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in
`default_options.h.in'; it is no longer meant to be set by the user, and
is instead left to be defined in `sysoptions.h' (where it was already being
defined) as merely the name of the environment variable in question:
DROPBEAR_PASSWORD
To enable or disable use of that environment variable, the user must now
toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'.
* The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the
path of the sFTP server program is set independently through the usual
SFTPSERVER_PATH.
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This change adds a -c option to dropbear, to force the session to use a
specific command, in a similar fashion to OpenSSH's ForceCommand
configuration option.
This is useful to provide a simple fixed service over ssh, without
requiring an authorized key file for the per-key forced_command option.
This setting takes precedence over the channel session's provided
command, and the per-key forced_command setting.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
- Change default PATH to /usr/bin:/bin
- Mention DEBUG_TRACE in -v help text
--HG--
extra : convert_revision : cdcc3c729e29544e8b98a408e2dc60e4483dfd2a
- Try to reduce the frequency of select() timeouts
- Add a max receive window size of 1MB
--HG--
extra : convert_revision : 9aa22036cb511cddb35fbc0e09ad05acb39b64d1
hosts to connect to forwarded ports. Rearranged various some of the
tcp listening code.
* changed to /* */ style brackets in svr-authpam.c
--HG--
extra : convert_revision : c1e04e648867db464fe9818c4910e4320cd50c32
