dropbear: options.h annotate

annotate options.h @ 819:fee485ce81eb

Get rid of spurious newlines in pam log messages

author	Matt Johnston <matt@ucc.asn.au>
date	Thu, 03 Oct 2013 23:04:26 +0800
parents	ff6e551da826
children	7dcb46da72d9

rev	line source
90 c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	1 /* Dropbear SSH
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Copyright (c) 2002,2003 Matt Johnston
90 c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	3 * All rights reserved. See LICENSE for the license. */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 #ifndef _OPTIONS_H_
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 #define _OPTIONS_H_
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 /******************************************************************
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * parts are to allow for commandline -DDROPBEAR_XXX options etc.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 ******************************************************************/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
112 cca368f09f4f options.h Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	13 #ifndef DROPBEAR_DEFPORT
104 298098b2a61e Default port is now set as a string Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	14 #define DROPBEAR_DEFPORT "22"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16
434 0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	17 #ifndef DROPBEAR_DEFADDRESS
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	18 /* Listen on all interfaces */
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	19 #define DROPBEAR_DEFADDRESS ""
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	20 #endif
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	21
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 /* Default hostkey paths - these can be specified on the command line */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 #ifndef DSS_PRIV_FILENAME
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #ifndef RSA_PRIV_FILENAME
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29
71 ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	30 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	31 * on chosen ports and keeps accepting connections. This is the default.
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	32 *
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	33 * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	34 * similar), where it will use stdin/stdout for connections, and each process
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	35 * lasts for a single connection. Dropbear should be invoked with the -i flag
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	36 * for inetd, and can only accept IPv4 connections.
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	37 *
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	38 * Both of these flags can be defined at once, don't compile without at least
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	39 * one of them. */
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	40 #define NON_INETD_MODE
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	41 #define INETD_MODE
ac96bc733e71 adding inetd mode back from 0.43 Matt Johnston <matt@ucc.asn.au> parents: 70 diff changeset	42
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 * perhaps 20% slower for pubkey operations (it is probably worth experimenting
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 * if you want to use this) */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 /#define NO_FAST_EXPTMOD/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	48 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
536 1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	49 several kB in binary size however will make the symmetrical ciphers and hashes
1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	50 slower, perhaps by 50%. Recommended for small systems that aren't doing
1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	51 much traffic. */
1037aabf701b - Turn DROPBEAR_SMALL_CODE off by default Matt Johnston <matt@ucc.asn.au> parents: 517 diff changeset	52 /#define DROPBEAR_SMALL_CODE/
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	53
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	54 /* Enable X11 Forwarding - server only */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 #define ENABLE_X11FWD
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 /* Enable TCP Fowarding */
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	58 /* 'Local' is "-L" style (client listening port forwarded via server)
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	59 * 'Remote' is "-R" style (server listening port forwarded via client) */
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	60
64 efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	61 #define ENABLE_CLI_LOCALTCPFWD
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	62 #define ENABLE_CLI_REMOTETCPFWD
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	63
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	64 #define ENABLE_SVR_LOCALTCPFWD
efb5e0b335cf TCP forwarding works. Matt Johnston <matt@ucc.asn.au> parents: 62 diff changeset	65 #define ENABLE_SVR_REMOTETCPFWD
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66
604 810dfc792ca9 Compile fix for when both client and server agent forwarding is disabled Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	67 /* Enable Authentication Agent Forwarding */
225 ca7e76d981d9 - progress towards client agent forwarding Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	68 #define ENABLE_SVR_AGENTFWD
ca7e76d981d9 - progress towards client agent forwarding Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	69 #define ENABLE_CLI_AGENTFWD
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70
508 d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	71
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	72 /* Note: Both ENABLE_CLI_PROXYCMD and ENABLE_CLI_NETCAT must be set to
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	73 * allow multihop dbclient connections */
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	74
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	75 /* Allow using -J <proxycommand> to run the connection through a
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	76 pipe to a program, rather the normal TCP connection */
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	77 #define ENABLE_CLI_PROXYCMD
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	78
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	79 /* Enable "Netcat mode" option. This will forward standard input/output
d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	80 * to a remote TCP-forwarded connection */
485 12d845ab7b5f Rework netcat-alike to be a proper mode, with -B argument. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	81 #define ENABLE_CLI_NETCAT
12d845ab7b5f Rework netcat-alike to be a proper mode, with -B argument. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	82
682 4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m" Matt Johnston <matt@ucc.asn.au> parents: 677 diff changeset	83 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
683 63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	84 #define ENABLE_USER_ALGO_LIST
682 4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m" Matt Johnston <matt@ucc.asn.au> parents: 677 diff changeset	85
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 /* Encryption - at least one required.
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	87 * Protocol RFC requires 3DES and recommends AES128 for interoperability.
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	88 * Including multiple keysize variants the same cipher
5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	89 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	90 #define DROPBEAR_AES128
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	91 #define DROPBEAR_3DES
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	92 #define DROPBEAR_AES256
554 1d5a3df28b53 Disable Blowfish by default, it has inefficient key memory use Matt Johnston <matt@ucc.asn.au> parents: 536 diff changeset	93 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
1d5a3df28b53 Disable Blowfish by default, it has inefficient key memory use Matt Johnston <matt@ucc.asn.au> parents: 536 diff changeset	94 /#define DROPBEAR_BLOWFISH/
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	95 #define DROPBEAR_TWOFISH256
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	96 #define DROPBEAR_TWOFISH128
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	97
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	98 /* Enable "Counter Mode" for ciphers. This is more secure than normal
503 0cdbc95bb3d2 - Get rid of blowfish and twofish CTR since they weren't likely Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	99 * CBC mode against certain attacks. This adds around 1kB to binary
0cdbc95bb3d2 - Get rid of blowfish and twofish CTR since they weren't likely Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	100 * size and is recommended for most cases */
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	101 #define DROPBEAR_ENABLE_CTR_MODE
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	103 /* You can compile with no encryption if you want. In some circumstances
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 680 512 diff changeset	104 * this could be safe security-wise, though make sure you know what
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	105 * you're doing. Anyone can see everything that goes over the wire, so
685 5af8993f7529 Add ALLOW_NONE_PASSWORD_AUTH option Matt Johnston <matt@ucc.asn.au> parents: 684 diff changeset	106 * the only safe auth method is public key. */
713 e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	107 /* #define DROPBEAR_NONE_CIPHER */
512 0129fd8ccc71 Update nocrypto branch to current head Matt Johnston <matt@ucc.asn.au> parents: 511 diff changeset	108
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	109 /* Message Integrity - at least one required.
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 499 diff changeset	110 * Protocol RFC requires sha1 and recommends sha1-96.
670 349fb2dda2dd Improve comment about sha1-96 Matt Johnston <matt@ucc.asn.au> parents: 628 diff changeset	111 * sha1-96 is of use for slow links as it has a smaller overhead.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	112 *
670 349fb2dda2dd Improve comment about sha1-96 Matt Johnston <matt@ucc.asn.au> parents: 628 diff changeset	113 * There's no reason to disable sha1 or sha1-96 to save space since it's
349fb2dda2dd Improve comment about sha1-96 Matt Johnston <matt@ucc.asn.au> parents: 628 diff changeset	114 * used for the random number generator and public-key cryptography anyway.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	115 * Disabling it here will just stop it from being used as the integrity portion
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	116 * of the ssh protocol.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	117 *
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	118 * These hashes are also used for public key fingerprints in logs.
5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	119 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	120 * which are not the standard form. */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	121 #define DROPBEAR_SHA1_HMAC
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	122 #define DROPBEAR_SHA1_96_HMAC
680 bd4b5d7886e5 Disable SHA256 and SHA512 by default in options.h Matt Johnston <matt@ucc.asn.au> parents: 679 diff changeset	123 /#define DROPBEAR_SHA2_256_HMAC/
bd4b5d7886e5 Disable SHA256 and SHA512 by default in options.h Matt Johnston <matt@ucc.asn.au> parents: 679 diff changeset	124 /#define DROPBEAR_SHA2_512_HMAC/
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	125 #define DROPBEAR_MD5_HMAC
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	126
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	127 /* You can also disable integrity. Don't bother disabling this if you're
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 680 512 diff changeset	128 * still using a cipher, it's relatively cheap. If you disable this it's dead
713 e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	129 * simple to run arbitrary commands on the remote host. Beware. */
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	130 /* #define DROPBEAR_NONE_INTEGRITY */
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	131
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	132 /* Hostkey/public key algorithms - at least one required, these are used
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133 * for hostkey as well as for verifying signatures with pubkey auth.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	134 * Removing either of these won't save very much space.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135 * SSH2 RFC Draft requires dss, recommends rsa */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 #define DROPBEAR_RSA
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137 #define DROPBEAR_DSS
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138
216 ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	139 /* RSA can be vulnerable to timing attacks which use the time required for
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	140 * signing to guess the private key. Blinding avoids this attack, though makes
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	141 * signing operations slightly slower. */
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	142 #define RSA_BLINDING
ea9277442ef2 * move RSA_BLINDING to options.h Matt Johnston <matt@ucc.asn.au> parents: 206 diff changeset	143
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	144 /* Control the memory/performance/compression tradeoff for zlib.
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	145 * Set windowBits=8 for least memory usage, see your system's
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	146 * zlib.h for full details.
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	147 * Default settings (windowBits=15) will use 256kB for compression
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	148 * windowBits=8 will use 129kB for compression.
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	149 * Both modes will use ~35kB for decompression (using windowBits=15 for
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 596 diff changeset	150 * interoperability) */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	151 #ifndef DROPBEAR_ZLIB_WINDOW_BITS
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	152 #define DROPBEAR_ZLIB_WINDOW_BITS 15
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	153 #endif
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	154
172 3e49d8d18005 * respect DO_HOST_LOOKUP config option Matt Johnston <matt@ucc.asn.au> parents: 161 diff changeset	155 /* Whether to do reverse DNS lookups. */
749 f62e82c474d5 Fix a few options and headers Matt Johnston <matt@ucc.asn.au> parents: 740 diff changeset	156 //#define DO_HOST_LOOKUP
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158 /* Whether to print the message of the day (MOTD). This doesn't add much code
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 * size */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 #define DO_MOTD
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 /* The MOTD file path */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 #ifndef MOTD_FILENAME
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164 #define MOTD_FILENAME "/etc/motd"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166
121 9337c9f9a607 PAM improvements Matt Johnston <matt@ucc.asn.au> parents: 119 diff changeset	167 /* Authentication Types - at least one required.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168 RFC Draft requires pubkey auth, and recommends password */
121 9337c9f9a607 PAM improvements Matt Johnston <matt@ucc.asn.au> parents: 119 diff changeset	169
628 d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	170 /* Note: PAM auth is quite simple and only works for PAM modules which just do
176 bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 173 diff changeset	171 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
628 d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	172 * It's useful for systems like OS X where standard password crypts don't work
d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	173 * but there's an interface via a PAM module. It won't work for more complex
d40f3cc47aed - Add ALLOW_BLANK_PASSWORD option Matt Johnston <matt@ucc.asn.au> parents: 606 diff changeset	174 * PAM challenge/response.
176 bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 173 diff changeset	175 * You can't enable both PASSWORD and PAM. */
121 9337c9f9a607 PAM improvements Matt Johnston <matt@ucc.asn.au> parents: 119 diff changeset	176
749 f62e82c474d5 Fix a few options and headers Matt Johnston <matt@ucc.asn.au> parents: 740 diff changeset	177 #define ENABLE_SVR_PASSWORD_AUTH
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	178 /* PAM requires ./configure --enable-pam */
749 f62e82c474d5 Fix a few options and headers Matt Johnston <matt@ucc.asn.au> parents: 740 diff changeset	179 //#define ENABLE_SVR_PAM_AUTH
68 eee77ac31ccc cleaning up the pubkey defines Matt Johnston <matt@ucc.asn.au> parents: 66 diff changeset	180 #define ENABLE_SVR_PUBKEY_AUTH
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	181
566 b321aeb57c64 - set $SSH_ORIGINAL_COMMAND if a command is forced, and log it Matt Johnston <matt@ucc.asn.au> parents: 561 diff changeset	182 /* Whether to take public key options in
b321aeb57c64 - set $SSH_ORIGINAL_COMMAND if a command is forced, and log it Matt Johnston <matt@ucc.asn.au> parents: 561 diff changeset	183 * authorized_keys file into account */
475 52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	184 #ifdef ENABLE_SVR_PUBKEY_AUTH
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	185 #define ENABLE_SVR_PUBKEY_OPTIONS
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	186 #endif
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys. Matt Johnston <matt@ucc.asn.au> parents: 473 diff changeset	187
68 eee77ac31ccc cleaning up the pubkey defines Matt Johnston <matt@ucc.asn.au> parents: 66 diff changeset	188 #define ENABLE_CLI_PASSWORD_AUTH
eee77ac31ccc cleaning up the pubkey defines Matt Johnston <matt@ucc.asn.au> parents: 66 diff changeset	189 #define ENABLE_CLI_PUBKEY_AUTH
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 236 diff changeset	190 #define ENABLE_CLI_INTERACT_AUTH
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191
441 fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	192 /* This variable can be used to set a password for client
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	193 * authentication on the commandline. Beware of platforms
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	194 * that don't protect environment variables of processes etc. Also
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	195 * note that it will be provided for all "hidden" client-interactive
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	196 * style prompts - if you want something more sophisticated, use
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	197 * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	198 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	199
173 257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	200 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	201 * a helper program for the ssh client. The helper program should be
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	202 * specified in the SSH_ASKPASS environment variable, and dbclient
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	203 * should be run with DISPLAY set and no tty. The program should
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	204 * return the password on standard output */
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	205 /#define ENABLE_CLI_ASKPASS_HELPER/
257f09a63dab * add SSH_ASKPASS support (based on patch from Paul Whittaker Matt Johnston <matt@ucc.asn.au> parents: 172 diff changeset	206
785 ff6e551da826 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins Matt Johnston <matt@ucc.asn.au> parents: 749 diff changeset	207 /* Send a real auth request first rather than requesting a list of available methods.
ff6e551da826 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins Matt Johnston <matt@ucc.asn.au> parents: 749 diff changeset	208 * It saves a network round trip at login but prevents immediate login to
ff6e551da826 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins Matt Johnston <matt@ucc.asn.au> parents: 749 diff changeset	209 * accounts with no password, and might be rejected by some strict servers (none
ff6e551da826 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins Matt Johnston <matt@ucc.asn.au> parents: 749 diff changeset	210 * encountered yet) - hence it isn't enabled by default. */
ff6e551da826 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins Matt Johnston <matt@ucc.asn.au> parents: 749 diff changeset	211 /* #define CLI_IMMEDIATE_AUTH */
ff6e551da826 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins Matt Johnston <matt@ucc.asn.au> parents: 749 diff changeset	212
ff6e551da826 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins Matt Johnston <matt@ucc.asn.au> parents: 749 diff changeset	213
687 167fdc091c05 Improve RNG seeding. Matt Johnston <matt@ucc.asn.au> parents: 683 diff changeset	214 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
167fdc091c05 Improve RNG seeding. Matt Johnston <matt@ucc.asn.au> parents: 683 diff changeset	215 * connection without blocking. In addition /dev/random is used for seeding
167fdc091c05 Improve RNG seeding. Matt Johnston <matt@ucc.asn.au> parents: 683 diff changeset	216 * rsa/dss key generation */
167fdc091c05 Improve RNG seeding. Matt Johnston <matt@ucc.asn.au> parents: 683 diff changeset	217 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	218
687 167fdc091c05 Improve RNG seeding. Matt Johnston <matt@ucc.asn.au> parents: 683 diff changeset	219 /* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
167fdc091c05 Improve RNG seeding. Matt Johnston <matt@ucc.asn.au> parents: 683 diff changeset	220 /#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"/
442 d82a2a44c684 Add -u option to specify /dev/urandom instead Matt Johnston <matt@ucc.asn.au> parents: 441 diff changeset	221
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 /* Specify the number of clients we will allow to be connected but
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224 * not yet authenticated. After this limit, connections are rejected */
277 044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	225 /* The first setting is per-IP, to avoid denial of service */
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	226 #ifndef MAX_UNAUTH_PER_IP
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	227 #define MAX_UNAUTH_PER_IP 5
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	228 #endif
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	229
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	230 /* And then a global limit to avoid chewing memory if connections
044bc108b9b3 * Per-IP connection unauthed connection limits Matt Johnston <matt@ucc.asn.au> parents: 266 diff changeset	231 * come from many IPs */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 #ifndef MAX_UNAUTH_CLIENTS
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 #define MAX_UNAUTH_CLIENTS 30
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	236 /* Maximum number of failed authentication tries (server option) */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 #ifndef MAX_AUTH_TRIES
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238 #define MAX_AUTH_TRIES 10
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240
437 7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 435 diff changeset	241 /* The default file to store the daemon's process ID, for shutdown
7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 435 diff changeset	242 scripts etc. This can be overridden with the -P flag */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	243 #ifndef DROPBEAR_PIDFILE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	244 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	245 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247 /* The command to invoke for xauth when using X11 forwarding.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248 * "-q" for quiet */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 #ifndef XAUTH_COMMAND
558 73de9177e7dd Use /usr/bin/X11/xauth default path instead Matt Johnston <matt@ucc.asn.au> parents: 555 diff changeset	250 #define XAUTH_COMMAND "/usr/bin/X11/xauth -q"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	253 /* if you want to enable running an sftp server (such as the one included with
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	254 * OpenSSH), set the path below. If the path isn't defined, sftp will not
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255 * be enabled */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 #ifndef SFTPSERVER_PATH
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	257 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	258 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	259
66 38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	260 /* This is used by the scp binary when used as a client binary. If you're
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	261 * not using the Dropbear client, you'll need to change it */
38c3146aa23d Some more sanity-checking of args, and just warn and ignore OpenSSH args Matt Johnston <matt@ucc.asn.au> parents: 65 diff changeset	262 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263
349 dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	264 /* Whether to log commands executed by a client. This only logs the
dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	265 * (single) command sent to the server, not what a user did in a
dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	266 * shell/sftp session etc. */
dba106bf6b34 Add (disabled by default) LOG_COMMANDS option to log the commands executed Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	267 /* #define LOG_COMMANDS */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	268
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	269 /* Window size limits. These tend to be a trade-off between memory
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	270 usage and network performance: */
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	271 /* Size of the network receive window. This amount of memory is allocated
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	272 as a per-channel receive buffer. Increasing this value can make a
449 3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	273 significant difference to network performance. 24kB was empirically
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	274 chosen for a 100mbit ethernet network. The value can be altered at
3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	275 runtime with the -W argument. */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	276 #ifndef DEFAULT_RECV_WINDOW
449 3e6c536bc023 Add -W <windowsize> argument and document it. Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	277 #define DEFAULT_RECV_WINDOW 24576
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	278 #endif
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	279 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	280 in order to interoperate with other implementations */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	281 #ifndef RECV_MAX_PAYLOAD_LEN
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	282 #define RECV_MAX_PAYLOAD_LEN 32768
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	283 #endif
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	284 /* Maximum size of a transmitted data packet - this can be any value,
9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	285 though increasing it may not make a significant difference. */
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	286 #ifndef TRANS_MAX_PAYLOAD_LEN
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	287 #define TRANS_MAX_PAYLOAD_LEN 16384
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 554 diff changeset	288 #endif
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	289
454 7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	290 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	291 be overridden at runtime with -K. 0 disables keepalives */
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient Matt Johnston <matt@ucc.asn.au> parents: 449 diff changeset	292 #define DEFAULT_KEEPALIVE 0
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 446 diff changeset	293
513 a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	294 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	295 be overridden at runtime with -I. 0 disables idle timeouts */
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	296 #define DEFAULT_IDLE_TIMEOUT 0
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	297
508 d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	298 /* The default path. This will often get replaced by the shell */
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 508 diff changeset	299 #define DEFAULT_PATH "/usr/bin:/bin"
508 d4bbc0039008 - Set a default path, since bash won't export one otherwise (though it will set Matt Johnston <matt@ucc.asn.au> parents: 503 diff changeset	300
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	301 /* Some other defines (that mostly should be left alone) are defined
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	302 * in sysoptions.h */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: 496 diff changeset	303 #include "sysoptions.h"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	304
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	305 #endif /* _OPTIONS_H_ */

Mercurial > dropbear

annotate options.h @ 819:fee485ce81eb