Mercurial > dropbear
comparison options.h @ 1069:2fa71c3b2827 pam
merge pam branch up to date
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 16 Mar 2015 21:34:05 +0800 |
| parents | 73ea0dce9a57 deed0571cacc |
| children |
comparison
equal
deleted
inserted
replaced
| 1068:9a6395ddb1b6 | 1069:2fa71c3b2827 |
|---|---|
| 1 /* Dropbear SSH | 1 /* Dropbear SSH |
| 2 * Copyright (c) 2002,2003 Matt Johnston | 2 * Copyright (c) 2002,2003 Matt Johnston |
| 3 * All rights reserved. See LICENSE for the license. */ | 3 * All rights reserved. See LICENSE for the license. */ |
| 4 | 4 |
| 5 #ifndef _OPTIONS_H_ | 5 #ifndef DROPBEAR_OPTIONS_H_ |
| 6 #define _OPTIONS_H_ | 6 #define DROPBEAR_OPTIONS_H_ |
| 7 | 7 |
| 8 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" | 8 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" |
| 9 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ | 9 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ |
| 10 | 10 |
| 11 /* IMPORTANT: Many options will require "make clean" after changes */ | 11 /* IMPORTANT: Many options will require "make clean" after changes */ |
| 95 #define DROPBEAR_AES256 | 95 #define DROPBEAR_AES256 |
| 96 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ | 96 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ |
| 97 /*#define DROPBEAR_BLOWFISH*/ | 97 /*#define DROPBEAR_BLOWFISH*/ |
| 98 #define DROPBEAR_TWOFISH256 | 98 #define DROPBEAR_TWOFISH256 |
| 99 #define DROPBEAR_TWOFISH128 | 99 #define DROPBEAR_TWOFISH128 |
| 100 | |
| 101 /* Enable CBC mode for ciphers. This has security issues though | |
| 102 * is the most compatible with older SSH implementations */ | |
| 103 #define DROPBEAR_ENABLE_CBC_MODE | |
| 100 | 104 |
| 101 /* Enable "Counter Mode" for ciphers. This is more secure than normal | 105 /* Enable "Counter Mode" for ciphers. This is more secure than normal |
| 102 * CBC mode against certain attacks. This adds around 1kB to binary | 106 * CBC mode against certain attacks. This adds around 1kB to binary |
| 103 * size and is recommended for most cases */ | 107 * size and is recommended for most cases */ |
| 104 #define DROPBEAR_ENABLE_CTR_MODE | 108 #define DROPBEAR_ENABLE_CTR_MODE |
| 168 * interoperability) */ | 172 * interoperability) */ |
| 169 #ifndef DROPBEAR_ZLIB_WINDOW_BITS | 173 #ifndef DROPBEAR_ZLIB_WINDOW_BITS |
| 170 #define DROPBEAR_ZLIB_WINDOW_BITS 15 | 174 #define DROPBEAR_ZLIB_WINDOW_BITS 15 |
| 171 #endif | 175 #endif |
| 172 | 176 |
| 177 /* Server won't allow zlib compression until after authentication. Prevents | |
| 178 flaws in the zlib library being unauthenticated exploitable flaws. | |
| 179 Some old ssh clients may not support the alternative [email protected] method */ | |
| 180 #define DROPBEAR_SERVER_DELAY_ZLIB 1 | |
| 181 | |
| 173 /* Whether to do reverse DNS lookups. */ | 182 /* Whether to do reverse DNS lookups. */ |
| 174 /*#define DO_HOST_LOOKUP */ | 183 /*#define DO_HOST_LOOKUP */ |
| 175 | 184 |
| 176 /* Whether to print the message of the day (MOTD). This doesn't add much code | 185 /* Whether to print the message of the day (MOTD). This doesn't add much code |
| 177 * size */ | 186 * size */ |
| 197 #endif | 206 #endif |
| 198 | 207 |
| 199 #define ENABLE_CLI_PASSWORD_AUTH | 208 #define ENABLE_CLI_PASSWORD_AUTH |
| 200 #define ENABLE_CLI_PUBKEY_AUTH | 209 #define ENABLE_CLI_PUBKEY_AUTH |
| 201 #define ENABLE_CLI_INTERACT_AUTH | 210 #define ENABLE_CLI_INTERACT_AUTH |
| 211 | |
| 212 /* A default argument for dbclient -i <privatekey>. | |
| 213 leading "~" is expanded */ | |
| 214 #define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" | |
| 202 | 215 |
| 203 /* This variable can be used to set a password for client | 216 /* This variable can be used to set a password for client |
| 204 * authentication on the commandline. Beware of platforms | 217 * authentication on the commandline. Beware of platforms |
| 205 * that don't protect environment variables of processes etc. Also | 218 * that don't protect environment variables of processes etc. Also |
| 206 * note that it will be provided for all "hidden" client-interactive | 219 * note that it will be provided for all "hidden" client-interactive |
| 267 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" | 280 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" |
| 268 #endif | 281 #endif |
| 269 | 282 |
| 270 /* This is used by the scp binary when used as a client binary. If you're | 283 /* This is used by the scp binary when used as a client binary. If you're |
| 271 * not using the Dropbear client, you'll need to change it */ | 284 * not using the Dropbear client, you'll need to change it */ |
| 272 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" | 285 #define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" |
| 273 | 286 |
| 274 /* Whether to log commands executed by a client. This only logs the | 287 /* Whether to log commands executed by a client. This only logs the |
| 275 * (single) command sent to the server, not what a user did in a | 288 * (single) command sent to the server, not what a user did in a |
| 276 * shell/sftp session etc. */ | 289 * shell/sftp session etc. */ |
| 277 /* #define LOG_COMMANDS */ | 290 /* #define LOG_COMMANDS */ |
| 315 | 328 |
| 316 /* Some other defines (that mostly should be left alone) are defined | 329 /* Some other defines (that mostly should be left alone) are defined |
| 317 * in sysoptions.h */ | 330 * in sysoptions.h */ |
| 318 #include "sysoptions.h" | 331 #include "sysoptions.h" |
| 319 | 332 |
| 320 #endif /* _OPTIONS_H_ */ | 333 #endif /* DROPBEAR_OPTIONS_H_ */ |