Mercurial > dropbear
comparison default_options.h @ 1922:70f05f7d4d11
Default options comments, ignore localoptions.h
Also trim whitespaces.
Signed-off-by: Begley Brothers Inc <[email protected]>
author | Begley Brothers Inc <begleybrothers@gmail.com> |
---|---|
date | Thu, 09 Jul 2020 17:51:07 +1000 |
parents | 284c3837891c |
children | 667937351c31 |
comparison
equal
deleted
inserted
replaced
1921:284c3837891c | 1922:70f05f7d4d11 |
---|---|
4 > > > Read This < < < | 4 > > > Read This < < < |
5 | 5 |
6 default_options.h documents compile-time options, and provides default values. | 6 default_options.h documents compile-time options, and provides default values. |
7 | 7 |
8 Local customisation should be added to localoptions.h which is | 8 Local customisation should be added to localoptions.h which is |
9 used if it exists in the build directory. Options defined there will override | 9 used if it exists in the build directory. Options defined there will override |
10 any options in this file. | 10 any options in this file. |
11 | 11 |
12 Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS | 12 Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS |
13 | 13 |
14 IMPORTANT: Some options will require "make clean" after changes */ | 14 IMPORTANT: Some options will require "make clean" after changes */ |
76 #define DROPBEAR_CLI_AGENTFWD 1 | 76 #define DROPBEAR_CLI_AGENTFWD 1 |
77 | 77 |
78 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to | 78 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to |
79 * allow multihop dbclient connections */ | 79 * allow multihop dbclient connections */ |
80 | 80 |
81 /* Allow using -J <proxycommand> to run the connection through a | 81 /* Allow using -J <proxycommand> to run the connection through a |
82 pipe to a program, rather the normal TCP connection */ | 82 pipe to a program, rather the normal TCP connection */ |
83 #define DROPBEAR_CLI_PROXYCMD 1 | 83 #define DROPBEAR_CLI_PROXYCMD 1 |
84 | 84 |
85 /* Enable "Netcat mode" option. This will forward standard input/output | 85 /* Enable "Netcat mode" option. This will forward standard input/output |
86 * to a remote TCP-forwarded connection */ | 86 * to a remote TCP-forwarded connection */ |
90 #define DROPBEAR_USER_ALGO_LIST 1 | 90 #define DROPBEAR_USER_ALGO_LIST 1 |
91 | 91 |
92 /* Encryption - at least one required. | 92 /* Encryption - at least one required. |
93 * AES128 should be enabled, some very old implementations might only | 93 * AES128 should be enabled, some very old implementations might only |
94 * support 3DES. | 94 * support 3DES. |
95 * Including both AES keysize variants (128 and 256) will result in | 95 * Including both AES keysize variants (128 and 256) will result in |
96 * a minimal size increase */ | 96 * a minimal size increase */ |
97 #define DROPBEAR_AES128 1 | 97 #define DROPBEAR_AES128 1 |
98 #define DROPBEAR_AES256 1 | 98 #define DROPBEAR_AES256 1 |
99 #define DROPBEAR_3DES 0 | 99 #define DROPBEAR_3DES 0 |
100 | 100 |
125 #define DROPBEAR_SHA1_96_HMAC 0 | 125 #define DROPBEAR_SHA1_96_HMAC 0 |
126 | 126 |
127 /* Hostkey/public key algorithms - at least one required, these are used | 127 /* Hostkey/public key algorithms - at least one required, these are used |
128 * for hostkey as well as for verifying signatures with pubkey auth. | 128 * for hostkey as well as for verifying signatures with pubkey auth. |
129 * Removing either of these won't save very much space. | 129 * Removing either of these won't save very much space. |
130 * RSA is recommended | 130 * RSA is recommended. |
131 * DSS may be necessary to connect to some systems though | 131 * DSS may be necessary to connect to some systems though |
132 is not recommended for new keys */ | 132 * is not recommended for new keys. |
133 * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */ | |
133 #define DROPBEAR_RSA 1 | 134 #define DROPBEAR_RSA 1 |
134 #define DROPBEAR_DSS 1 | 135 #define DROPBEAR_DSS 1 |
135 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC | 136 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC |
136 * code (either ECDSA or ECDH) increases binary size - around 30kB | 137 * code (either ECDSA or ECDH) increases binary size - around 30kB |
137 * on x86-64 */ | 138 * on x86-64. |
139 * See: ECDSA_PRIV_FILENAME */ | |
138 #define DROPBEAR_ECDSA 1 | 140 #define DROPBEAR_ECDSA 1 |
139 /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases | 141 /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases |
140 binary size - around 7,5kB on x86-64 */ | 142 * binary size - around 7,5kB on x86-64. |
143 * See: ED25519_PRIV_FILENAME */ | |
141 #define DROPBEAR_ED25519 1 | 144 #define DROPBEAR_ED25519 1 |
142 /* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth. | 145 /* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth. |
143 * This is currently server-only. */ | 146 * This is currently server-only. */ |
144 #define DROPBEAR_SK_ECDSA 1 | 147 #define DROPBEAR_SK_ECDSA 1 |
145 #define DROPBEAR_SK_ED25519 1 | 148 #define DROPBEAR_SK_ED25519 1 |
215 * but there's an interface via a PAM module. It won't work for more complex | 218 * but there's an interface via a PAM module. It won't work for more complex |
216 * PAM challenge/response. | 219 * PAM challenge/response. |
217 * You can't enable both PASSWORD and PAM. */ | 220 * You can't enable both PASSWORD and PAM. */ |
218 #define DROPBEAR_SVR_PAM_AUTH 0 | 221 #define DROPBEAR_SVR_PAM_AUTH 0 |
219 | 222 |
220 /* ~/.ssh/authorized_keys authentication */ | 223 /* ~/.ssh/authorized_keys authentication. |
224 * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ | |
221 #define DROPBEAR_SVR_PUBKEY_AUTH 1 | 225 #define DROPBEAR_SVR_PUBKEY_AUTH 1 |
222 | 226 |
223 /* Whether to take public key options in | 227 /* Whether to take public key options in |
224 * authorized_keys file into account */ | 228 * authorized_keys file into account */ |
225 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 | 229 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 |
287 * "-q" for quiet */ | 291 * "-q" for quiet */ |
288 #define XAUTH_COMMAND "/usr/bin/xauth -q" | 292 #define XAUTH_COMMAND "/usr/bin/xauth -q" |
289 | 293 |
290 | 294 |
291 /* If you want to enable running an sftp server (such as the one included with | 295 /* If you want to enable running an sftp server (such as the one included with |
292 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. | 296 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. |
293 * The sftp-server program is not provided by Dropbear itself. | 297 * The sftp-server program is not provided by Dropbear itself. |
294 * Homedir is prepended if path begins with ~ | 298 * Homedir is prepended if path begins with ~ |
295 */ | 299 */ |
296 #define DROPBEAR_SFTPSERVER 1 | 300 #define DROPBEAR_SFTPSERVER 1 |
297 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" | 301 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" |