ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-12 07:25:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,027 Commits 5 Branches 63 Tags 14 MiB
e84cb3c3c2
Commit Graph

151 Commits

Author SHA1 Message Date
Mike Frysinger
e84cb3c3c2 fix default build when getpass() is unavailable 
if the system doesn't support getpass, we still default on the options
that require it which causes a build failure.  instead, only default
enable these when getpass is available.
 2015-10-21 22:48:15 +08:00
Mike Frysinger
78b9cecb52 fix default build when crypt() is unavailable 
if the system doesn't support crypt.h/crypt, then ENABLE_SVR_PASSWORD_AUTH
cannot work.  rather than default this to on all the time, do so only when
support for the header is found.
 2015-10-21 22:40:11 +08:00
Matt Johnston
941c067765 change DROPBEAR_DEFAULT_CLI_AUTHKEY to just prepend homedir 
rather than doing ~ expansion
 2015-08-03 20:45:04 +08:00
Matt Johnston
ecd8505218 Disable twofish-ctr by default, add config option 2015-06-03 22:59:59 +08:00
Thorsten Horstmann
fdb7ffa864 DROPBEAR_ prefix for include guards to avoid collisions 2015-02-24 20:43:01 +08:00
Matt Johnston
c44a78a2e6 Tighten validation of DH values. Odds of x==0 being generated are 
improbable, roughly 2**-1023
Regression in 0.49
 2015-02-10 21:46:19 +08:00
Matt Johnston
a7a79d569a Disable non-delayed zlib for server 2015-01-28 21:38:27 +08:00
Matt Johnston
6165f53fcd Default client key path ~/.ssh/id_dropbear 2015-01-24 00:05:26 +08:00
Matt Johnston
6cbb23a819 Add config option to disable cbc. Disable twofish by default 2015-01-23 22:37:14 +08:00
Matt Johnston
1ed8d3938e Enable sha2 HMACs by default, they're required for ecdsa already 2015-01-13 20:55:04 +08:00
Mike Frysinger
ed2e276b3a use xauth in /usr/bin 
Since the x.org rework, X has been installed into standard paths and not
its own random prefixes.  I think it's time we update the default paths
accordingly.
 2014-08-01 06:14:19 -04:00
Matt Johnston
c884e5000e Make -K keepalive behave like OpenSSH's ServerAliveInterval 2014-07-09 00:15:20 +08:00
Matt Johnston
5e4dc71907 CHANGES for 2014.63 2014-02-19 22:01:01 +08:00
Matt Johnston
61cecbb337 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default 2014-01-17 21:39:27 +08:00
Matt Johnston
de1deaf0bd use oldstyle comments 2013-11-14 22:03:30 +08:00
Matt Johnston
f025277147 comments, turn off debugging options 
--HG--
branch : ecc
 2013-11-09 00:14:28 +08:00
Matt Johnston
1e00d0b926 - Make curve25519 work after fixing a typo, interoperates with OpenSSH 
- comment on ecc binary size effects

--HG--
branch : ecc
 2013-11-09 00:02:26 +08:00
Matt Johnston
29b1455f36 Merge 
--HG--
branch : ecc
 2013-11-08 23:32:13 +08:00
Matt Johnston
0162c116da curve25519 
--HG--
branch : ecc
 2013-11-08 23:11:43 +08:00
Matt Johnston
58fe1c2d2a Add '-R' for delayed hostkey option 
--HG--
branch : keyondemand
 2013-11-07 23:49:37 +08:00
Matt Johnston
4363b8b32d refactor key generation, make it generate as required. 
Needs UI in server command line options

--HG--
branch : keyondemand
 2013-11-07 00:18:52 +08:00
Matt Johnston
51b5cdd430 Enable SMALL_CODE by default 
--HG--
branch : ecc
 2013-05-21 13:44:48 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
95a21c8fd7 ecdsa is working 
--HG--
branch : ecc
 2013-05-03 23:07:48 +08:00
Matt Johnston
43769b5bb3 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins 2013-04-18 21:47:38 +08:00
Matt Johnston
7f091e7019 start on ecdsa keys 
--HG--
branch : ecc
 2013-04-09 00:36:04 +08:00
Matt Johnston
c6bdc810ab ecc kind of works, needs fixing/testing 
--HG--
branch : ecc
 2013-04-07 01:36:42 +08:00
Matt Johnston
557d86aa79 Fix a few options and headers 2013-04-03 07:33:47 +08:00
Matt Johnston
99d9cf500b Add kexguess2 behaviour 
--HG--
branch : kexguess
 2013-03-29 23:29:48 +08:00
Matt Johnston
73e22c115c refactor kexdh code a bit, start working on ecdh etc 
--HG--
branch : ecc
 2013-03-26 01:35:22 +08:00
Matt Johnston
845ad0be39 Fix "-c none" so that it allows aes during authentication 
Default for options.h shouldn't allow "none"
 2013-03-20 23:52:49 +08:00
Matt Johnston
d37dcc636f Merge "none" cipher/MAC branch. Also adds sha256 and sha512 2013-03-20 22:41:07 +08:00
Matt Johnston
d7f2153631 DSS_PROTOK is not necessary now that private keys are included 
in the random generation input
 2013-02-23 17:55:46 +08:00
Paul Eggleton
1205fa68df Allow configuring "allow blank password option" at runtime 
Changes this from a compile-time switch to a command-line option.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 2013-02-12 15:52:57 +00:00
Matt Johnston
d5ccc32b4d Improve RNG seeding. 
Try to read from /dev/urandom multiple times, take input from extra sources,
and use /dev/random when generating private keys
 2012-06-29 23:19:43 +08:00
Matt Johnston
e719a9ef6f - Only request "none" cipher after auth has succeeded 
--HG--
branch : insecure-nocrypto
 2012-05-17 20:52:57 +08:00
Matt Johnston
a02d38072a Add ALLOW_NONE_PASSWORD_AUTH option 
--HG--
branch : insecure-nocrypto
 2012-05-17 08:33:11 +08:00
Matt Johnston
f2cd610750 Merge in "-m"/"-c" code 
--HG--
branch : insecure-nocrypto
 2012-05-17 08:09:19 +08:00
Matt Johnston
db34044c7f ENABLE_USER_ALGO_LIST should work for the client 2012-05-17 00:26:12 +08:00
Matt Johnston
036edd6206 Add rough support for choosing ciphers/hashes with "-c" or "-m" 2012-05-17 00:12:42 +08:00
Matt Johnston
f40ed8bad7 Update insecure-nocrypto to current head 
--HG--
branch : insecure-nocrypto
 2012-05-16 22:54:51 +08:00
Matt Johnston
41f50057f1 Disable SHA256 and SHA512 by default in options.h 
--HG--
branch : sha2
 2012-05-16 21:56:50 +08:00
Matt Johnston
c62e53807f - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be 
getting keyed incorrectly

--HG--
branch : sha2
 2012-05-10 08:38:37 +08:00
Matt Johnston
6b4105ffe6 Fix empty password immediate login 2012-05-09 22:51:59 +08:00
Matt Johnston
3e2b6a1821 Improve comment about sha1-96 2012-04-12 21:57:30 +08:00
Matt Johnston
29e68e9d79 - Add ALLOW_BLANK_PASSWORD option 
- Don't reject blank-password logins via public key

--HG--
extra : convert_revision : 2d4bb3ecb013a7be47a7b470fc6b23e653a43dfb
 2011-10-26 15:49:47 +00:00
Matt Johnston
0993e44b4f merge of '8a608f0ed5e4b491dba4bf330e560636ec7376fd' 
and 'b31879a384d3bf8cbcbe2ed731d7d79d49799b1d'

--HG--
extra : convert_revision : dfa0557e6070859d23ff096789f339e51a870177
 2011-02-28 13:51:34 +00:00
Matt Johnston
d634b502cf - Don't allow setting memLevel since that doesn't work properly 
- Better handling of the case where compressing makes the data
larger (possibly only happens when memLevel is adjusted, but better
to be safe)

--HG--
extra : convert_revision : b31879a384d3bf8cbcbe2ed731d7d79d49799b1d
 2011-02-28 13:51:27 +00:00
Matt Johnston
53fc7eaf03 Compile fix for when both client and server agent forwarding is disabled 
--HG--
extra : convert_revision : 8a608f0ed5e4b491dba4bf330e560636ec7376fd
 2011-02-28 13:39:18 +00:00
Matt Johnston
5a7a88b843 It happened to sony 
--HG--
extra : convert_revision : c2d5690ca9ed85c7d75dd9cc2c150de50503aa3b
 2011-02-24 12:45:17 +00:00