Mercurial > dropbear
comparison default_options.h @ 1921:284c3837891c
Allow user space file locations (rootless support)
Why:
Running dropbear as a user (rootless) is aided if
files and programs can be saved/removed without
needing sudo.
What:
Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY;
if not starting with '/', then is relative to hedge's /home/hedge:
*_PRIV_FILENAME
DROPBEAR_PIDFILE
SFTPSERVER_PATH
default_options.h commentary added.
Changes kept to a minimum, so log entry in svr_kex.c#163
is refactored.
From:
Generated hostkey is <path> ... <finger-print>
to:
Generated hostkey path is <path>
Generated hostkey fingerprint is <fp>
Otherwise the unexpanded path was reported.
Patch modified by Matt Johnston
Signed-off-by: Begley Brothers Inc <[email protected]>
author | Begley Brothers Inc <begleybrothers@gmail.com> |
---|---|
date | Thu, 09 Jul 2020 17:47:58 +1000 |
parents | ff8a81386a2b |
children | 70f05f7d4d11 |
comparison
equal
deleted
inserted
replaced
1920:1489449eceb1 | 1921:284c3837891c |
---|---|
16 #define DROPBEAR_DEFPORT "22" | 16 #define DROPBEAR_DEFPORT "22" |
17 | 17 |
18 /* Listen on all interfaces */ | 18 /* Listen on all interfaces */ |
19 #define DROPBEAR_DEFADDRESS "" | 19 #define DROPBEAR_DEFADDRESS "" |
20 | 20 |
21 /* Default hostkey paths - these can be specified on the command line */ | 21 /* Default hostkey paths - these can be specified on the command line. |
22 * Homedir is prepended if path begins with ~ | |
23 */ | |
22 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" | 24 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" |
23 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" | 25 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" |
24 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" | 26 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" |
25 #define ED25519_PRIV_FILENAME "/etc/dropbear/dropbear_ed25519_host_key" | 27 #define ED25519_PRIV_FILENAME "/etc/dropbear/dropbear_ed25519_host_key" |
26 | 28 |
229 | 231 |
230 /* Client authentication options */ | 232 /* Client authentication options */ |
231 #define DROPBEAR_CLI_PASSWORD_AUTH 1 | 233 #define DROPBEAR_CLI_PASSWORD_AUTH 1 |
232 #define DROPBEAR_CLI_PUBKEY_AUTH 1 | 234 #define DROPBEAR_CLI_PUBKEY_AUTH 1 |
233 | 235 |
234 /* A default argument for dbclient -i <privatekey>. | 236 /* A default argument for dbclient -i <privatekey>. |
235 Homedir is prepended unless path begins with / */ | 237 * Homedir is prepended if path begins with ~ |
236 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear" | 238 */ |
239 #define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" | |
237 | 240 |
238 /* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD | 241 /* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD |
239 * environment variable. */ | 242 * environment variable. */ |
240 #define DROPBEAR_USE_PASSWORD_ENV 1 | 243 #define DROPBEAR_USE_PASSWORD_ENV 1 |
241 | 244 |
273 of password brute forcing. Note that there is a risk of denial of | 276 of password brute forcing. Note that there is a risk of denial of |
274 service by setting this */ | 277 service by setting this */ |
275 #define UNAUTH_CLOSE_DELAY 0 | 278 #define UNAUTH_CLOSE_DELAY 0 |
276 | 279 |
277 /* The default file to store the daemon's process ID, for shutdown | 280 /* The default file to store the daemon's process ID, for shutdown |
278 scripts etc. This can be overridden with the -P flag */ | 281 * scripts etc. This can be overridden with the -P flag. |
282 * Homedir is prepended if path begins with ~ | |
283 */ | |
279 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" | 284 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" |
280 | 285 |
281 /* The command to invoke for xauth when using X11 forwarding. | 286 /* The command to invoke for xauth when using X11 forwarding. |
282 * "-q" for quiet */ | 287 * "-q" for quiet */ |
283 #define XAUTH_COMMAND "/usr/bin/xauth -q" | 288 #define XAUTH_COMMAND "/usr/bin/xauth -q" |
284 | 289 |
285 | 290 |
286 /* if you want to enable running an sftp server (such as the one included with | 291 /* If you want to enable running an sftp server (such as the one included with |
287 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. | 292 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. |
288 * The sftp-server program is not provided by Dropbear itself */ | 293 * The sftp-server program is not provided by Dropbear itself. |
294 * Homedir is prepended if path begins with ~ | |
295 */ | |
289 #define DROPBEAR_SFTPSERVER 1 | 296 #define DROPBEAR_SFTPSERVER 1 |
290 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" | 297 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" |
291 | 298 |
292 /* This is used by the scp binary when used as a client binary. If you're | 299 /* This is used by the scp binary when used as a client binary. If you're |
293 * not using the Dropbear client, you'll need to change it */ | 300 * not using the Dropbear client, you'll need to change it */ |