Mercurial > dropbear
comparison default_options.h @ 1921:284c3837891c
Allow user space file locations (rootless support)
Why:
Running dropbear as a user (rootless) is aided if
files and programs can be saved/removed without
needing sudo.
What:
Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY;
if not starting with '/', then is relative to hedge's /home/hedge:
*_PRIV_FILENAME
DROPBEAR_PIDFILE
SFTPSERVER_PATH
default_options.h commentary added.
Changes kept to a minimum, so log entry in svr_kex.c#163
is refactored.
From:
Generated hostkey is <path> ... <finger-print>
to:
Generated hostkey path is <path>
Generated hostkey fingerprint is <fp>
Otherwise the unexpanded path was reported.
Patch modified by Matt Johnston
Signed-off-by: Begley Brothers Inc <[email protected]>
| author | Begley Brothers Inc <begleybrothers@gmail.com> |
|---|---|
| date | Thu, 09 Jul 2020 17:47:58 +1000 |
| parents | ff8a81386a2b |
| children | 70f05f7d4d11 |
comparison
equal
deleted
inserted
replaced
| 1920:1489449eceb1 | 1921:284c3837891c |
|---|---|
| 16 #define DROPBEAR_DEFPORT "22" | 16 #define DROPBEAR_DEFPORT "22" |
| 17 | 17 |
| 18 /* Listen on all interfaces */ | 18 /* Listen on all interfaces */ |
| 19 #define DROPBEAR_DEFADDRESS "" | 19 #define DROPBEAR_DEFADDRESS "" |
| 20 | 20 |
| 21 /* Default hostkey paths - these can be specified on the command line */ | 21 /* Default hostkey paths - these can be specified on the command line. |
| 22 * Homedir is prepended if path begins with ~ | |
| 23 */ | |
| 22 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" | 24 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" |
| 23 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" | 25 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" |
| 24 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" | 26 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" |
| 25 #define ED25519_PRIV_FILENAME "/etc/dropbear/dropbear_ed25519_host_key" | 27 #define ED25519_PRIV_FILENAME "/etc/dropbear/dropbear_ed25519_host_key" |
| 26 | 28 |
| 229 | 231 |
| 230 /* Client authentication options */ | 232 /* Client authentication options */ |
| 231 #define DROPBEAR_CLI_PASSWORD_AUTH 1 | 233 #define DROPBEAR_CLI_PASSWORD_AUTH 1 |
| 232 #define DROPBEAR_CLI_PUBKEY_AUTH 1 | 234 #define DROPBEAR_CLI_PUBKEY_AUTH 1 |
| 233 | 235 |
| 234 /* A default argument for dbclient -i <privatekey>. | 236 /* A default argument for dbclient -i <privatekey>. |
| 235 Homedir is prepended unless path begins with / */ | 237 * Homedir is prepended if path begins with ~ |
| 236 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear" | 238 */ |
| 239 #define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" | |
| 237 | 240 |
| 238 /* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD | 241 /* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD |
| 239 * environment variable. */ | 242 * environment variable. */ |
| 240 #define DROPBEAR_USE_PASSWORD_ENV 1 | 243 #define DROPBEAR_USE_PASSWORD_ENV 1 |
| 241 | 244 |
| 273 of password brute forcing. Note that there is a risk of denial of | 276 of password brute forcing. Note that there is a risk of denial of |
| 274 service by setting this */ | 277 service by setting this */ |
| 275 #define UNAUTH_CLOSE_DELAY 0 | 278 #define UNAUTH_CLOSE_DELAY 0 |
| 276 | 279 |
| 277 /* The default file to store the daemon's process ID, for shutdown | 280 /* The default file to store the daemon's process ID, for shutdown |
| 278 scripts etc. This can be overridden with the -P flag */ | 281 * scripts etc. This can be overridden with the -P flag. |
| 282 * Homedir is prepended if path begins with ~ | |
| 283 */ | |
| 279 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" | 284 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" |
| 280 | 285 |
| 281 /* The command to invoke for xauth when using X11 forwarding. | 286 /* The command to invoke for xauth when using X11 forwarding. |
| 282 * "-q" for quiet */ | 287 * "-q" for quiet */ |
| 283 #define XAUTH_COMMAND "/usr/bin/xauth -q" | 288 #define XAUTH_COMMAND "/usr/bin/xauth -q" |
| 284 | 289 |
| 285 | 290 |
| 286 /* if you want to enable running an sftp server (such as the one included with | 291 /* If you want to enable running an sftp server (such as the one included with |
| 287 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. | 292 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. |
| 288 * The sftp-server program is not provided by Dropbear itself */ | 293 * The sftp-server program is not provided by Dropbear itself. |
| 294 * Homedir is prepended if path begins with ~ | |
| 295 */ | |
| 289 #define DROPBEAR_SFTPSERVER 1 | 296 #define DROPBEAR_SFTPSERVER 1 |
| 290 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" | 297 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" |
| 291 | 298 |
| 292 /* This is used by the scp binary when used as a client binary. If you're | 299 /* This is used by the scp binary when used as a client binary. If you're |
| 293 * not using the Dropbear client, you'll need to change it */ | 300 * not using the Dropbear client, you'll need to change it */ |