dropbear: options.h annotate

annotate options.h @ 681:a4b7627b3157 insecure-nocrypto

Update insecure-nocrypto to current head

author	Matt Johnston <matt@ucc.asn.au>
date	Wed, 16 May 2012 22:54:51 +0800
parents	bd4b5d7886e5 0129fd8ccc71
children	c37857676924

rev	line source
90 c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	1 /* Dropbear SSH
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Copyright (c) 2002,2003 Matt Johnston
90 c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	3 * All rights reserved. See LICENSE for the license. */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 #ifndef _OPTIONS_H_
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 #define _OPTIONS_H_
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 /******************************************************************
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * parts are to allow for commandline -DDROPBEAR_XXX options etc.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 ******************************************************************/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
112 cca368f09f4f options.h Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	13 #ifndef DROPBEAR_DEFPORT
104 298098b2a61e Default port is now set as a string Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	14 #define DROPBEAR_DEFPORT "22"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16
434 0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	17 #ifndef DROPBEAR_DEFADDRESS
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	18 /* Listen on all interfaces */
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	19 #define DROPBEAR_DEFADDRESS ""
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	20 #endif
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	21
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 /* Default hostkey paths - these can be specified on the command line */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 #ifndef DSS_PRIV_FILENAME
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #ifndef RSA_PRIV_FILENAME
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29
71 ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	30 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	31 * on chosen ports and keeps accepting connections. This is the default.
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	32 *
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	33 * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	34 * similar), where it will use stdin/stdout for connections, and each process
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	35 * lasts for a single connection. Dropbear should be invoked with the -i flag
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	36 * for inetd, and can only accept IPv4 connections.
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	37 *
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	38 * Both of these flags can be defined at once, don't compile without at least
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	39 * one of them. */
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	40 #define NON_INETD_MODE
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	41 #define INETD_MODE
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	42
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 * perhaps 20% slower for pubkey operations (it is probably worth experimenting
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 * if you want to use this) */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 /#define NO_FAST_EXPTMOD/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	48 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
536 1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	49 several kB in binary size however will make the symmetrical ciphers and hashes
1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	50 slower, perhaps by 50%. Recommended for small systems that aren't doing
1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	51 much traffic. */
1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	52 /#define DROPBEAR_SMALL_CODE/
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	53
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	54 /* Enable X11 Forwarding - server only */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 #define ENABLE_X11FWD
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 /* Enable TCP Fowarding */
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	58 /* 'Local' is "-L" style (client listening port forwarded via server)
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	59 * 'Remote' is "-R" style (server listening port forwarded via client) */
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	60
64 efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	61 #define ENABLE_CLI_LOCALTCPFWD
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	62 #define ENABLE_CLI_REMOTETCPFWD
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	63
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	64 #define ENABLE_SVR_LOCALTCPFWD
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	65 #define ENABLE_SVR_REMOTETCPFWD
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66
604 810dfc792ca9 Compile fix for when both client and server agent forwarding is disabled Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	67 /* Enable Authentication Agent Forwarding */
225 ca7e76d981d9 - progress towards client agent forwarding Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	68 #define ENABLE_SVR_AGENTFWD
ca7e76d981d9 - progress towards client agent forwarding Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	69 #define ENABLE_CLI_AGENTFWD
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70
508 d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	71
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	72 /* Note: Both ENABLE_CLI_PROXYCMD and ENABLE_CLI_NETCAT must be set to
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	73 * allow multihop dbclient connections */
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	74
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	75 /* Allow using -J <proxycommand> to run the connection through a
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	76 pipe to a program, rather the normal TCP connection */
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	77 #define ENABLE_CLI_PROXYCMD
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	78
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	79 /* Enable "Netcat mode" option. This will forward standard input/output
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	80 * to a remote TCP-forwarded connection */
485 12d845ab7b5f Rework netcat-alike to be a proper mode, with -B argument. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	81 #define ENABLE_CLI_NETCAT
12d845ab7b5f Rework netcat-alike to be a proper mode, with -B argument. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	82
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83 /* Encryption - at least one required.
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	84 * Protocol RFC requires 3DES and recommends AES128 for interoperability.
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	85 * Including multiple keysize variants the same cipher
5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	86 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	87 #define DROPBEAR_AES128
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	88 #define DROPBEAR_3DES
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	89 #define DROPBEAR_AES256
554 1d5a3df28b53 Disable Blowfish by default, it has inefficient key memory use Matt Johnston <matt@ucc.asn.au> parents: 536 diff changeset	90 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
1d5a3df28b53 Disable Blowfish by default, it has inefficient key memory use Matt Johnston <matt@ucc.asn.au> parents: 536 diff changeset	91 /#define DROPBEAR_BLOWFISH/
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	92 #define DROPBEAR_TWOFISH256
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	93 #define DROPBEAR_TWOFISH128
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	94
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	95 /* Enable "Counter Mode" for ciphers. This is more secure than normal
503 0cdbc95bb3d2 - Get rid of blowfish and twofish CTR since they weren't likely Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	96 * CBC mode against certain attacks. This adds around 1kB to binary
0cdbc95bb3d2 - Get rid of blowfish and twofish CTR since they weren't likely Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	97 * size and is recommended for most cases */
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	98 #define DROPBEAR_ENABLE_CTR_MODE
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	99
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	100 /* You can compile with no encryption if you want. In some circumstances
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 680 512 diff changeset	101 * this could be safe security-wise, though make sure you know what
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	102 * you're doing. Anyone can see everything that goes over the wire, so
29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	103 * the only safe auth method is public key. You'll have to disable all other
29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	104 * ciphers above in the client if you want to use this, or implement cipher
29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	105 * prioritisation in cli-runopts.
29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	106 *
361 461c4b1fb35f Comment cleanups Matt Johnston <matt@ucc.asn.au> parents: 292 diff changeset	107 * The best way to do things is probably make normal compile of dropbear with
461c4b1fb35f Comment cleanups Matt Johnston <matt@ucc.asn.au> parents: 292 diff changeset	108 * all ciphers including "none" as the server, then recompile a special
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	109 * "dbclient-insecure" client. */
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 680 512 diff changeset	110 /* #define DROPBEAR_NONE_CIPHER */
512 0129fd8ccc71 Update nocrypto branch to current head Matt Johnston <matt@ucc.asn.au> parents: 511 diff changeset	111
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	112 /* Message Integrity - at least one required.
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	113 * Protocol RFC requires sha1 and recommends sha1-96.
670 349fb2dda2dd Improve comment about sha1-96 Matt Johnston <matt@ucc.asn.au> parents: 628 diff changeset	114 * sha1-96 is of use for slow links as it has a smaller overhead.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	115 *
670 349fb2dda2dd Improve comment about sha1-96 Matt Johnston <matt@ucc.asn.au> parents: 628 diff changeset	116 * There's no reason to disable sha1 or sha1-96 to save space since it's
349fb2dda2dd Improve comment about sha1-96 Matt Johnston <matt@ucc.asn.au> parents: 628 diff changeset	117 * used for the random number generator and public-key cryptography anyway.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	118 * Disabling it here will just stop it from being used as the integrity portion
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	119 * of the ssh protocol.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	120 *
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	121 * These hashes are also used for public key fingerprints in logs.
5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	122 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	123 * which are not the standard form. */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	124 #define DROPBEAR_SHA1_HMAC
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	125 #define DROPBEAR_SHA1_96_HMAC
680 bd4b5d7886e5 Disable SHA256 and SHA512 by default in options.h Matt Johnston <matt@ucc.asn.au> parents: 679 diff changeset	126 /#define DROPBEAR_SHA2_256_HMAC/
bd4b5d7886e5 Disable SHA256 and SHA512 by default in options.h Matt Johnston <matt@ucc.asn.au> parents: 679 diff changeset	127 /#define DROPBEAR_SHA2_512_HMAC/
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	128 #define DROPBEAR_MD5_HMAC
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	129
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	130 /* You can also disable integrity. Don't bother disabling this if you're
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 680 512 diff changeset	131 * still using a cipher, it's relatively cheap. If you disable this it's dead
a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 680 512 diff changeset	132 * simple to run arbitrary commands on the remote host. Beware.
512 0129fd8ccc71 Update nocrypto branch to current head Matt Johnston <matt@ucc.asn.au> parents: 511 diff changeset	133 * Note again, for the client you will have to disable other hashes above
0129fd8ccc71 Update nocrypto branch to current head Matt Johnston <matt@ucc.asn.au> parents: 511 diff changeset	134 * to use this. */
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 680 512 diff changeset	135 /* #define DROPBEAR_NONE_INTEGRITY */
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	136
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137 /* Hostkey/public key algorithms - at least one required, these are used
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138 * for hostkey as well as for verifying signatures with pubkey auth.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	139 * Removing either of these won't save very much space.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	140 * SSH2 RFC Draft requires dss, recommends rsa */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141 #define DROPBEAR_RSA
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	142 #define DROPBEAR_DSS
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143
216 ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	144 /* RSA can be vulnerable to timing attacks which use the time required for
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	145 * signing to guess the private key. Blinding avoids this attack, though makes
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	146 * signing operations slightly slower. */
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	147 #define RSA_BLINDING
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	148
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	149 /* Define DSS_PROTOK to use PuTTY's method of generating the value k for dss,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 * rather than just from the random byte source. Undefining this will save you
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151 * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed
596 e001bd424f12 It happened to sony Matt Johnston <matt@ucc.asn.au> parents: 573 diff changeset	152 * if the random number source isn't good. It happened to Sony.
e001bd424f12 It happened to sony Matt Johnston <matt@ucc.asn.au> parents: 573 diff changeset	153 * On systems with a decent random source this isn't required. */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	154 /* #define DSS_PROTOK */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	156 /* Control the memory/performance/compression tradeoff for zlib.
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	157 * Set windowBits=8 for least memory usage, see your system's
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	158 * zlib.h for full details.
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	159 * Default settings (windowBits=15) will use 256kB for compression
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	160 * windowBits=8 will use 129kB for compression.
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	161 * Both modes will use ~35kB for decompression (using windowBits=15 for
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	162 * interoperability) */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	163 #ifndef DROPBEAR_ZLIB_WINDOW_BITS
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	164 #define DROPBEAR_ZLIB_WINDOW_BITS 15
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	165 #endif
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	166
172 3e49d8d18005 * respect DO_HOST_LOOKUP config option Matt Johnston <matt@ucc.asn.au> parents: 161 diff changeset	167 /* Whether to do reverse DNS lookups. */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168 #define DO_HOST_LOOKUP
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	170 /* Whether to print the message of the day (MOTD). This doesn't add much code
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 * size */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 #define DO_MOTD
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 /* The MOTD file path */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 #ifndef MOTD_FILENAME
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 #define MOTD_FILENAME "/etc/motd"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178
121 9337c9f9a607 PAM improvements Matt Johnston <matt@ucc.asn.au> parents: 119 diff changeset	179 /* Authentication Types - at least one required.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180 RFC Draft requires pubkey auth, and recommends password */
121 9337c9f9a607 PAM improvements Matt Johnston <matt@ucc.asn.au> parents: 119 diff changeset	181
628 d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	182 /* Note: PAM auth is quite simple and only works for PAM modules which just do
176 bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 173 diff changeset	183 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
628 d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	184 * It's useful for systems like OS X where standard password crypts don't work
d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	185 * but there's an interface via a PAM module. It won't work for more complex
d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	186 * PAM challenge/response.
176 bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 173 diff changeset	187 * You can't enable both PASSWORD and PAM. */
121 9337c9f9a607 PAM improvements Matt Johnston <matt@ucc.asn.au> parents: 119 diff changeset	188
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	189 #define ENABLE_SVR_PASSWORD_AUTH
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	190 /* PAM requires ./configure --enable-pam */
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	191 /#define ENABLE_SVR_PAM_AUTH/
68 eee77ac31ccc cleaning up the pubkey defines Matt Johnston <matt@ucc.asn.au> parents: 66 diff changeset	192 #define ENABLE_SVR_PUBKEY_AUTH
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	193
566 b321aeb57c64 - set $SSH_ORIGINAL_COMMAND if a command is forced, and log it Matt Johnston <matt@ucc.asn.au> parents: 561 diff changeset	194 /* Whether to take public key options in
b321aeb57c64 - set $SSH_ORIGINAL_COMMAND if a command is forced, and log it Matt Johnston <matt@ucc.asn.au> parents: 561 diff changeset	195 * authorized_keys file into account */
475 52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	196 #ifdef ENABLE_SVR_PUBKEY_AUTH
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	197 #define ENABLE_SVR_PUBKEY_OPTIONS
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	198 #endif
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	199
628 d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	200 /* Define this to allow logging in to accounts that have no password specified.
d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	201 * Public key logins are allowed for blank-password accounts regardless of this
677 55b84e59aaad Fix empty password immediate login Matt Johnston <matt@ucc.asn.au> parents: 670 diff changeset	202 * setting. */
628 d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	203 /* #define ALLOW_BLANK_PASSWORD */
d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	204
68 eee77ac31ccc cleaning up the pubkey defines Matt Johnston <matt@ucc.asn.au> parents: 66 diff changeset	205 #define ENABLE_CLI_PASSWORD_AUTH
eee77ac31ccc cleaning up the pubkey defines Matt Johnston <matt@ucc.asn.au> parents: 66 diff changeset	206 #define ENABLE_CLI_PUBKEY_AUTH
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 236 diff changeset	207 #define ENABLE_CLI_INTERACT_AUTH
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208
441 fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	209 /* This variable can be used to set a password for client
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	210 * authentication on the commandline. Beware of platforms
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	211 * that don't protect environment variables of processes etc. Also
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	212 * note that it will be provided for all "hidden" client-interactive
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	213 * style prompts - if you want something more sophisticated, use
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	214 * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	215 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	216
173 257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	217 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	218 * a helper program for the ssh client. The helper program should be
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	219 * specified in the SSH_ASKPASS environment variable, and dbclient
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	220 * should be run with DISPLAY set and no tty. The program should
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	221 * return the password on standard output */
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	222 /#define ENABLE_CLI_ASKPASS_HELPER/
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	223
149 ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	224 /* Random device to use - define either DROPBEAR_RANDOM_DEV or
ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	225 * DROPBEAR_PRNGD_SOCKET.
ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	226 * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,
ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	227 * otherwise use run prngd (or egd if you want), specifying the socket.
ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	228 * The device will be queried for a few dozen bytes of seed a couple of times
ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	229 * per session (or more for very long-lived sessions). */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230
446 2cd2edfa11ee Just use /dev/urandom since that's what everyone ends up using anyway. Matt Johnston <matt@ucc.asn.au> parents: 442 diff changeset	231 /* We'll use /dev/urandom by default, since /dev/random is too much hassle.
2cd2edfa11ee Just use /dev/urandom since that's what everyone ends up using anyway. Matt Johnston <matt@ucc.asn.au> parents: 442 diff changeset	232 * If system developers aren't keeping seeds between boots nor getting
2cd2edfa11ee Just use /dev/urandom since that's what everyone ends up using anyway. Matt Johnston <matt@ucc.asn.au> parents: 442 diff changeset	233 * any entropy from somewhere it's their own fault. */
2cd2edfa11ee Just use /dev/urandom since that's what everyone ends up using anyway. Matt Johnston <matt@ucc.asn.au> parents: 442 diff changeset	234 #define DROPBEAR_RANDOM_DEV "/dev/urandom"
442 d82a2a44c684 Add -u option to specify /dev/urandom instead Matt Johnston <matt@ucc.asn.au> parents: 441 diff changeset	235
149 ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	236 /* prngd must be manually set up to produce output */
ed9ca2a9705c Cleaned up the random code, use /dev/random by default, Matt Johnston <matt@ucc.asn.au> parents: 126 diff changeset	237 /#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"/
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239 /* Specify the number of clients we will allow to be connected but
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 * not yet authenticated. After this limit, connections are rejected */
277 044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	241 /* The first setting is per-IP, to avoid denial of service */
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	242 #ifndef MAX_UNAUTH_PER_IP
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	243 #define MAX_UNAUTH_PER_IP 5
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	244 #endif
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	245
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	246 /* And then a global limit to avoid chewing memory if connections
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	247 * come from many IPs */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248 #ifndef MAX_UNAUTH_CLIENTS
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 #define MAX_UNAUTH_CLIENTS 30
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	252 /* Maximum number of failed authentication tries (server option) */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	253 #ifndef MAX_AUTH_TRIES
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	254 #define MAX_AUTH_TRIES 10
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256
437 7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 435 diff changeset	257 /* The default file to store the daemon's process ID, for shutdown
7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 435 diff changeset	258 scripts etc. This can be overridden with the -P flag */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	259 #ifndef DROPBEAR_PIDFILE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	260 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	261 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	262
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263 /* The command to invoke for xauth when using X11 forwarding.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	264 * "-q" for quiet */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	265 #ifndef XAUTH_COMMAND
558 73de9177e7dd Use /usr/bin/X11/xauth default path instead Matt Johnston <matt@ucc.asn.au> parents: 555 diff changeset	266 #define XAUTH_COMMAND "/usr/bin/X11/xauth -q"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	267 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	268
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	269 /* if you want to enable running an sftp server (such as the one included with
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	270 * OpenSSH), set the path below. If the path isn't defined, sftp will not
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	271 * be enabled */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	272 #ifndef SFTPSERVER_PATH
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	275
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	276 /* This is used by the scp binary when used as a client binary. If you're
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	277 * not using the Dropbear client, you'll need to change it */
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	278 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	279
349 dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	280 /* Whether to log commands executed by a client. This only logs the
dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	281 * (single) command sent to the server, not what a user did in a
dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	282 * shell/sftp session etc. */
dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	283 /* #define LOG_COMMANDS */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	284
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	285 /* Window size limits. These tend to be a trade-off between memory
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	286 usage and network performance: */
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	287 /* Size of the network receive window. This amount of memory is allocated
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	288 as a per-channel receive buffer. Increasing this value can make a
449 3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	289 significant difference to network performance. 24kB was empirically
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	290 chosen for a 100mbit ethernet network. The value can be altered at
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	291 runtime with the -W argument. */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	292 #ifndef DEFAULT_RECV_WINDOW
449 3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	293 #define DEFAULT_RECV_WINDOW 24576
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	294 #endif
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	295 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	296 in order to interoperate with other implementations */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	297 #ifndef RECV_MAX_PAYLOAD_LEN
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	298 #define RECV_MAX_PAYLOAD_LEN 32768
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	299 #endif
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	300 /* Maximum size of a transmitted data packet - this can be any value,
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	301 though increasing it may not make a significant difference. */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	302 #ifndef TRANS_MAX_PAYLOAD_LEN
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	303 #define TRANS_MAX_PAYLOAD_LEN 16384
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	304 #endif
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	305
454 7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	306 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	307 be overridden at runtime with -K. 0 disables keepalives */
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	308 #define DEFAULT_KEEPALIVE 0
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	309
513 a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	310 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	311 be overridden at runtime with -I. 0 disables idle timeouts */
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	312 #define DEFAULT_IDLE_TIMEOUT 0
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	313
508 d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	314 /* The default path. This will often get replaced by the shell */
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 508 diff changeset	315 #define DEFAULT_PATH "/usr/bin:/bin"
508 d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	316
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	317 /* Some other defines (that mostly should be left alone) are defined
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	318 * in sysoptions.h */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	319 #include "sysoptions.h"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	320
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	321 #endif /* _OPTIONS_H_ */

Mercurial > dropbear

annotate options.h @ 681:a4b7627b3157 insecure-nocrypto