Mercurial > dropbear
comparison options.h @ 546:568638be7203 agent-client
propagate from branch 'au.asn.ucc.matt.dropbear' (head 899a8851a5edf840b2f7925bcc26ffe99dcac54d)
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 6bbab8364de17bd9ecb1dee5ffb796e48c0380d2)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 01 Jul 2009 04:16:32 +0000 |
| parents | d588e3ea557a 1037aabf701b |
| children | 7f66b8e40f2d |
comparison
equal
deleted
inserted
replaced
| 500:d588e3ea557a | 546:568638be7203 |
|---|---|
| 44 * perhaps 20% slower for pubkey operations (it is probably worth experimenting | 44 * perhaps 20% slower for pubkey operations (it is probably worth experimenting |
| 45 * if you want to use this) */ | 45 * if you want to use this) */ |
| 46 /*#define NO_FAST_EXPTMOD*/ | 46 /*#define NO_FAST_EXPTMOD*/ |
| 47 | 47 |
| 48 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save | 48 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save |
| 49 several kB in binary size, however will make the symmetrical ciphers (AES, DES | 49 several kB in binary size however will make the symmetrical ciphers and hashes |
| 50 etc) slower (perhaps by 50%). Recommended for most small systems. */ | 50 slower, perhaps by 50%. Recommended for small systems that aren't doing |
| 51 #define DROPBEAR_SMALL_CODE | 51 much traffic. */ |
| 52 /*#define DROPBEAR_SMALL_CODE*/ | |
| 52 | 53 |
| 53 /* Enable X11 Forwarding - server only */ | 54 /* Enable X11 Forwarding - server only */ |
| 54 #define ENABLE_X11FWD | 55 #define ENABLE_X11FWD |
| 55 | 56 |
| 56 /* Enable TCP Fowarding */ | 57 /* Enable TCP Fowarding */ |
| 58 * 'Remote' is "-R" style (server listening port forwarded via client) */ | 59 * 'Remote' is "-R" style (server listening port forwarded via client) */ |
| 59 | 60 |
| 60 #define ENABLE_CLI_LOCALTCPFWD | 61 #define ENABLE_CLI_LOCALTCPFWD |
| 61 #define ENABLE_CLI_REMOTETCPFWD | 62 #define ENABLE_CLI_REMOTETCPFWD |
| 62 | 63 |
| 64 #define ENABLE_SVR_LOCALTCPFWD | |
| 65 #define ENABLE_SVR_REMOTETCPFWD | |
| 66 | |
| 67 /* Enable Authentication Agent Forwarding - server only for now */ | |
| 68 #define ENABLE_SVR_AGENTFWD | |
| 69 #define ENABLE_CLI_AGENTFWD | |
| 70 | |
| 71 | |
| 72 /* Note: Both ENABLE_CLI_PROXYCMD and ENABLE_CLI_NETCAT must be set to | |
| 73 * allow multihop dbclient connections */ | |
| 74 | |
| 63 /* Allow using -J <proxycommand> to run the connection through a | 75 /* Allow using -J <proxycommand> to run the connection through a |
| 64 pipe to a program, rather the normal TCP connection */ | 76 pipe to a program, rather the normal TCP connection */ |
| 65 #define ENABLE_CLI_PROXYCMD | 77 #define ENABLE_CLI_PROXYCMD |
| 66 | 78 |
| 67 #define ENABLE_SVR_LOCALTCPFWD | 79 /* Enable "Netcat mode" option. This will forward standard input/output |
| 68 #define ENABLE_SVR_REMOTETCPFWD | 80 * to a remote TCP-forwarded connection */ |
| 69 | |
| 70 /* Enable Authentication Agent Forwarding - server only for now */ | |
| 71 #define ENABLE_SVR_AGENTFWD | |
| 72 #define ENABLE_CLI_AGENTFWD | |
| 73 | |
| 74 /* Enable "Netcat mode". TODO describe here. */ | |
| 75 #define ENABLE_CLI_NETCAT | 81 #define ENABLE_CLI_NETCAT |
| 76 | 82 |
| 77 | |
| 78 /* Encryption - at least one required. | 83 /* Encryption - at least one required. |
| 79 * RFC Draft requires 3DES and recommends AES128 for interoperability. | 84 * Protocol RFC requires 3DES and recommends AES128 for interoperability. |
| 80 * Including multiple keysize variants the same cipher | 85 * Including multiple keysize variants the same cipher |
| 81 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ | 86 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ |
| 82 #define DROPBEAR_AES128_CBC | 87 #define DROPBEAR_AES128 |
| 83 #define DROPBEAR_3DES_CBC | 88 #define DROPBEAR_3DES |
| 84 #define DROPBEAR_AES256_CBC | 89 #define DROPBEAR_AES256 |
| 85 #define DROPBEAR_BLOWFISH_CBC | 90 #define DROPBEAR_BLOWFISH |
| 86 #define DROPBEAR_TWOFISH256_CBC | 91 #define DROPBEAR_TWOFISH256 |
| 87 #define DROPBEAR_TWOFISH128_CBC | 92 #define DROPBEAR_TWOFISH128 |
| 93 | |
| 94 /* Enable "Counter Mode" for ciphers. This is more secure than normal | |
| 95 * CBC mode against certain attacks. This adds around 1kB to binary | |
| 96 * size and is recommended for most cases */ | |
| 97 #define DROPBEAR_ENABLE_CTR_MODE | |
| 88 | 98 |
| 89 /* Message Integrity - at least one required. | 99 /* Message Integrity - at least one required. |
| 90 * RFC Draft requires sha1 and recommends sha1-96. | 100 * Protocol RFC requires sha1 and recommends sha1-96. |
| 91 * sha1-96 may be of use for slow links, as it has a smaller overhead. | 101 * sha1-96 may be of use for slow links, as it has a smaller overhead. |
| 92 * | 102 * |
| 93 * Note: there's no point disabling sha1 to save space, since it's used | 103 * Note: there's no point disabling sha1 to save space, since it's used |
| 94 * for the random number generator and public-key cryptography anyway. | 104 * for the random number generator and public-key cryptography anyway. |
| 95 * Disabling it here will just stop it from being used as the integrity portion | 105 * Disabling it here will just stop it from being used as the integrity portion |
| 141 * but there's an interface via a PAM module - don't bother using it otherwise. | 151 * but there's an interface via a PAM module - don't bother using it otherwise. |
| 142 * You can't enable both PASSWORD and PAM. */ | 152 * You can't enable both PASSWORD and PAM. */ |
| 143 | 153 |
| 144 #define ENABLE_SVR_PASSWORD_AUTH | 154 #define ENABLE_SVR_PASSWORD_AUTH |
| 145 /* PAM requires ./configure --enable-pam */ | 155 /* PAM requires ./configure --enable-pam */ |
| 146 /* #define ENABLE_SVR_PAM_AUTH */ | 156 /*#define ENABLE_SVR_PAM_AUTH*/ |
| 147 #define ENABLE_SVR_PUBKEY_AUTH | 157 #define ENABLE_SVR_PUBKEY_AUTH |
| 148 | 158 |
| 149 /* Wether to ake public key options in authorized_keys file into account */ | 159 /* Wether to ake public key options in authorized_keys file into account */ |
| 150 #ifdef ENABLE_SVR_PUBKEY_AUTH | 160 #ifdef ENABLE_SVR_PUBKEY_AUTH |
| 151 #define ENABLE_SVR_PUBKEY_OPTIONS | 161 #define ENABLE_SVR_PUBKEY_OPTIONS |
| 248 | 258 |
| 249 /* Ensure that data is transmitted every KEEPALIVE seconds. This can | 259 /* Ensure that data is transmitted every KEEPALIVE seconds. This can |
| 250 be overridden at runtime with -K. 0 disables keepalives */ | 260 be overridden at runtime with -K. 0 disables keepalives */ |
| 251 #define DEFAULT_KEEPALIVE 0 | 261 #define DEFAULT_KEEPALIVE 0 |
| 252 | 262 |
| 263 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can | |
| 264 be overridden at runtime with -I. 0 disables idle timeouts */ | |
| 265 #define DEFAULT_IDLE_TIMEOUT 0 | |
| 266 | |
| 267 /* The default path. This will often get replaced by the shell */ | |
| 268 #define DEFAULT_PATH "/usr/bin:/bin" | |
| 269 | |
| 253 /* Some other defines (that mostly should be left alone) are defined | 270 /* Some other defines (that mostly should be left alone) are defined |
| 254 * in sysoptions.h */ | 271 * in sysoptions.h */ |
| 255 #include "sysoptions.h" | 272 #include "sysoptions.h" |
| 256 | 273 |
| 257 #endif /* _OPTIONS_H_ */ | 274 #endif /* _OPTIONS_H_ */ |