Mercurial > dropbear
comparison options.h @ 687:167fdc091c05
Improve RNG seeding.
Try to read from /dev/urandom multiple times, take input from extra sources,
and use /dev/random when generating private keys
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 29 Jun 2012 23:19:43 +0800 |
parents | 63f8d6c469cf |
children | c58a15983808 |
comparison
equal
deleted
inserted
replaced
683:63f8d6c469cf | 687:167fdc091c05 |
---|---|
202 * specified in the SSH_ASKPASS environment variable, and dbclient | 202 * specified in the SSH_ASKPASS environment variable, and dbclient |
203 * should be run with DISPLAY set and no tty. The program should | 203 * should be run with DISPLAY set and no tty. The program should |
204 * return the password on standard output */ | 204 * return the password on standard output */ |
205 /*#define ENABLE_CLI_ASKPASS_HELPER*/ | 205 /*#define ENABLE_CLI_ASKPASS_HELPER*/ |
206 | 206 |
207 /* Random device to use - define either DROPBEAR_RANDOM_DEV or | 207 /* Source for randomness. This must be able to provide hundreds of bytes per SSH |
208 * DROPBEAR_PRNGD_SOCKET. | 208 * connection without blocking. In addition /dev/random is used for seeding |
209 * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random, | 209 * rsa/dss key generation */ |
210 * otherwise use run prngd (or egd if you want), specifying the socket. | 210 #define DROPBEAR_URANDOM_DEV "/dev/urandom" |
211 * The device will be queried for a few dozen bytes of seed a couple of times | 211 |
212 * per session (or more for very long-lived sessions). */ | 212 /* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */ |
213 | |
214 /* We'll use /dev/urandom by default, since /dev/random is too much hassle. | |
215 * If system developers aren't keeping seeds between boots nor getting | |
216 * any entropy from somewhere it's their own fault. */ | |
217 #define DROPBEAR_RANDOM_DEV "/dev/urandom" | |
218 | |
219 /* prngd must be manually set up to produce output */ | |
220 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ | 213 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ |
214 | |
221 | 215 |
222 /* Specify the number of clients we will allow to be connected but | 216 /* Specify the number of clients we will allow to be connected but |
223 * not yet authenticated. After this limit, connections are rejected */ | 217 * not yet authenticated. After this limit, connections are rejected */ |
224 /* The first setting is per-IP, to avoid denial of service */ | 218 /* The first setting is per-IP, to avoid denial of service */ |
225 #ifndef MAX_UNAUTH_PER_IP | 219 #ifndef MAX_UNAUTH_PER_IP |