Mercurial > dropbear
comparison options.h @ 1069:2fa71c3b2827 pam
merge pam branch up to date
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 16 Mar 2015 21:34:05 +0800 |
parents | 73ea0dce9a57 deed0571cacc |
children |
comparison
equal
deleted
inserted
replaced
1068:9a6395ddb1b6 | 1069:2fa71c3b2827 |
---|---|
1 /* Dropbear SSH | 1 /* Dropbear SSH |
2 * Copyright (c) 2002,2003 Matt Johnston | 2 * Copyright (c) 2002,2003 Matt Johnston |
3 * All rights reserved. See LICENSE for the license. */ | 3 * All rights reserved. See LICENSE for the license. */ |
4 | 4 |
5 #ifndef _OPTIONS_H_ | 5 #ifndef DROPBEAR_OPTIONS_H_ |
6 #define _OPTIONS_H_ | 6 #define DROPBEAR_OPTIONS_H_ |
7 | 7 |
8 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" | 8 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" |
9 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ | 9 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ |
10 | 10 |
11 /* IMPORTANT: Many options will require "make clean" after changes */ | 11 /* IMPORTANT: Many options will require "make clean" after changes */ |
95 #define DROPBEAR_AES256 | 95 #define DROPBEAR_AES256 |
96 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ | 96 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ |
97 /*#define DROPBEAR_BLOWFISH*/ | 97 /*#define DROPBEAR_BLOWFISH*/ |
98 #define DROPBEAR_TWOFISH256 | 98 #define DROPBEAR_TWOFISH256 |
99 #define DROPBEAR_TWOFISH128 | 99 #define DROPBEAR_TWOFISH128 |
100 | |
101 /* Enable CBC mode for ciphers. This has security issues though | |
102 * is the most compatible with older SSH implementations */ | |
103 #define DROPBEAR_ENABLE_CBC_MODE | |
100 | 104 |
101 /* Enable "Counter Mode" for ciphers. This is more secure than normal | 105 /* Enable "Counter Mode" for ciphers. This is more secure than normal |
102 * CBC mode against certain attacks. This adds around 1kB to binary | 106 * CBC mode against certain attacks. This adds around 1kB to binary |
103 * size and is recommended for most cases */ | 107 * size and is recommended for most cases */ |
104 #define DROPBEAR_ENABLE_CTR_MODE | 108 #define DROPBEAR_ENABLE_CTR_MODE |
168 * interoperability) */ | 172 * interoperability) */ |
169 #ifndef DROPBEAR_ZLIB_WINDOW_BITS | 173 #ifndef DROPBEAR_ZLIB_WINDOW_BITS |
170 #define DROPBEAR_ZLIB_WINDOW_BITS 15 | 174 #define DROPBEAR_ZLIB_WINDOW_BITS 15 |
171 #endif | 175 #endif |
172 | 176 |
177 /* Server won't allow zlib compression until after authentication. Prevents | |
178 flaws in the zlib library being unauthenticated exploitable flaws. | |
179 Some old ssh clients may not support the alternative [email protected] method */ | |
180 #define DROPBEAR_SERVER_DELAY_ZLIB 1 | |
181 | |
173 /* Whether to do reverse DNS lookups. */ | 182 /* Whether to do reverse DNS lookups. */ |
174 /*#define DO_HOST_LOOKUP */ | 183 /*#define DO_HOST_LOOKUP */ |
175 | 184 |
176 /* Whether to print the message of the day (MOTD). This doesn't add much code | 185 /* Whether to print the message of the day (MOTD). This doesn't add much code |
177 * size */ | 186 * size */ |
197 #endif | 206 #endif |
198 | 207 |
199 #define ENABLE_CLI_PASSWORD_AUTH | 208 #define ENABLE_CLI_PASSWORD_AUTH |
200 #define ENABLE_CLI_PUBKEY_AUTH | 209 #define ENABLE_CLI_PUBKEY_AUTH |
201 #define ENABLE_CLI_INTERACT_AUTH | 210 #define ENABLE_CLI_INTERACT_AUTH |
211 | |
212 /* A default argument for dbclient -i <privatekey>. | |
213 leading "~" is expanded */ | |
214 #define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" | |
202 | 215 |
203 /* This variable can be used to set a password for client | 216 /* This variable can be used to set a password for client |
204 * authentication on the commandline. Beware of platforms | 217 * authentication on the commandline. Beware of platforms |
205 * that don't protect environment variables of processes etc. Also | 218 * that don't protect environment variables of processes etc. Also |
206 * note that it will be provided for all "hidden" client-interactive | 219 * note that it will be provided for all "hidden" client-interactive |
267 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" | 280 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" |
268 #endif | 281 #endif |
269 | 282 |
270 /* This is used by the scp binary when used as a client binary. If you're | 283 /* This is used by the scp binary when used as a client binary. If you're |
271 * not using the Dropbear client, you'll need to change it */ | 284 * not using the Dropbear client, you'll need to change it */ |
272 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" | 285 #define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" |
273 | 286 |
274 /* Whether to log commands executed by a client. This only logs the | 287 /* Whether to log commands executed by a client. This only logs the |
275 * (single) command sent to the server, not what a user did in a | 288 * (single) command sent to the server, not what a user did in a |
276 * shell/sftp session etc. */ | 289 * shell/sftp session etc. */ |
277 /* #define LOG_COMMANDS */ | 290 /* #define LOG_COMMANDS */ |
315 | 328 |
316 /* Some other defines (that mostly should be left alone) are defined | 329 /* Some other defines (that mostly should be left alone) are defined |
317 * in sysoptions.h */ | 330 * in sysoptions.h */ |
318 #include "sysoptions.h" | 331 #include "sysoptions.h" |
319 | 332 |
320 #endif /* _OPTIONS_H_ */ | 333 #endif /* DROPBEAR_OPTIONS_H_ */ |