Mercurial > dropbear
comparison default_options.h @ 1922:70f05f7d4d11
Default options comments, ignore localoptions.h
Also trim whitespaces.
Signed-off-by: Begley Brothers Inc <[email protected]>
| author | Begley Brothers Inc <begleybrothers@gmail.com> |
|---|---|
| date | Thu, 09 Jul 2020 17:51:07 +1000 |
| parents | 284c3837891c |
| children | 667937351c31 |
comparison
equal
deleted
inserted
replaced
| 1921:284c3837891c | 1922:70f05f7d4d11 |
|---|---|
| 4 > > > Read This < < < | 4 > > > Read This < < < |
| 5 | 5 |
| 6 default_options.h documents compile-time options, and provides default values. | 6 default_options.h documents compile-time options, and provides default values. |
| 7 | 7 |
| 8 Local customisation should be added to localoptions.h which is | 8 Local customisation should be added to localoptions.h which is |
| 9 used if it exists in the build directory. Options defined there will override | 9 used if it exists in the build directory. Options defined there will override |
| 10 any options in this file. | 10 any options in this file. |
| 11 | 11 |
| 12 Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS | 12 Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS |
| 13 | 13 |
| 14 IMPORTANT: Some options will require "make clean" after changes */ | 14 IMPORTANT: Some options will require "make clean" after changes */ |
| 76 #define DROPBEAR_CLI_AGENTFWD 1 | 76 #define DROPBEAR_CLI_AGENTFWD 1 |
| 77 | 77 |
| 78 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to | 78 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to |
| 79 * allow multihop dbclient connections */ | 79 * allow multihop dbclient connections */ |
| 80 | 80 |
| 81 /* Allow using -J <proxycommand> to run the connection through a | 81 /* Allow using -J <proxycommand> to run the connection through a |
| 82 pipe to a program, rather the normal TCP connection */ | 82 pipe to a program, rather the normal TCP connection */ |
| 83 #define DROPBEAR_CLI_PROXYCMD 1 | 83 #define DROPBEAR_CLI_PROXYCMD 1 |
| 84 | 84 |
| 85 /* Enable "Netcat mode" option. This will forward standard input/output | 85 /* Enable "Netcat mode" option. This will forward standard input/output |
| 86 * to a remote TCP-forwarded connection */ | 86 * to a remote TCP-forwarded connection */ |
| 90 #define DROPBEAR_USER_ALGO_LIST 1 | 90 #define DROPBEAR_USER_ALGO_LIST 1 |
| 91 | 91 |
| 92 /* Encryption - at least one required. | 92 /* Encryption - at least one required. |
| 93 * AES128 should be enabled, some very old implementations might only | 93 * AES128 should be enabled, some very old implementations might only |
| 94 * support 3DES. | 94 * support 3DES. |
| 95 * Including both AES keysize variants (128 and 256) will result in | 95 * Including both AES keysize variants (128 and 256) will result in |
| 96 * a minimal size increase */ | 96 * a minimal size increase */ |
| 97 #define DROPBEAR_AES128 1 | 97 #define DROPBEAR_AES128 1 |
| 98 #define DROPBEAR_AES256 1 | 98 #define DROPBEAR_AES256 1 |
| 99 #define DROPBEAR_3DES 0 | 99 #define DROPBEAR_3DES 0 |
| 100 | 100 |
| 125 #define DROPBEAR_SHA1_96_HMAC 0 | 125 #define DROPBEAR_SHA1_96_HMAC 0 |
| 126 | 126 |
| 127 /* Hostkey/public key algorithms - at least one required, these are used | 127 /* Hostkey/public key algorithms - at least one required, these are used |
| 128 * for hostkey as well as for verifying signatures with pubkey auth. | 128 * for hostkey as well as for verifying signatures with pubkey auth. |
| 129 * Removing either of these won't save very much space. | 129 * Removing either of these won't save very much space. |
| 130 * RSA is recommended | 130 * RSA is recommended. |
| 131 * DSS may be necessary to connect to some systems though | 131 * DSS may be necessary to connect to some systems though |
| 132 is not recommended for new keys */ | 132 * is not recommended for new keys. |
| 133 * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */ | |
| 133 #define DROPBEAR_RSA 1 | 134 #define DROPBEAR_RSA 1 |
| 134 #define DROPBEAR_DSS 1 | 135 #define DROPBEAR_DSS 1 |
| 135 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC | 136 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC |
| 136 * code (either ECDSA or ECDH) increases binary size - around 30kB | 137 * code (either ECDSA or ECDH) increases binary size - around 30kB |
| 137 * on x86-64 */ | 138 * on x86-64. |
| 139 * See: ECDSA_PRIV_FILENAME */ | |
| 138 #define DROPBEAR_ECDSA 1 | 140 #define DROPBEAR_ECDSA 1 |
| 139 /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases | 141 /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases |
| 140 binary size - around 7,5kB on x86-64 */ | 142 * binary size - around 7,5kB on x86-64. |
| 143 * See: ED25519_PRIV_FILENAME */ | |
| 141 #define DROPBEAR_ED25519 1 | 144 #define DROPBEAR_ED25519 1 |
| 142 /* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth. | 145 /* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth. |
| 143 * This is currently server-only. */ | 146 * This is currently server-only. */ |
| 144 #define DROPBEAR_SK_ECDSA 1 | 147 #define DROPBEAR_SK_ECDSA 1 |
| 145 #define DROPBEAR_SK_ED25519 1 | 148 #define DROPBEAR_SK_ED25519 1 |
| 215 * but there's an interface via a PAM module. It won't work for more complex | 218 * but there's an interface via a PAM module. It won't work for more complex |
| 216 * PAM challenge/response. | 219 * PAM challenge/response. |
| 217 * You can't enable both PASSWORD and PAM. */ | 220 * You can't enable both PASSWORD and PAM. */ |
| 218 #define DROPBEAR_SVR_PAM_AUTH 0 | 221 #define DROPBEAR_SVR_PAM_AUTH 0 |
| 219 | 222 |
| 220 /* ~/.ssh/authorized_keys authentication */ | 223 /* ~/.ssh/authorized_keys authentication. |
| 224 * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ | |
| 221 #define DROPBEAR_SVR_PUBKEY_AUTH 1 | 225 #define DROPBEAR_SVR_PUBKEY_AUTH 1 |
| 222 | 226 |
| 223 /* Whether to take public key options in | 227 /* Whether to take public key options in |
| 224 * authorized_keys file into account */ | 228 * authorized_keys file into account */ |
| 225 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 | 229 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 |
| 287 * "-q" for quiet */ | 291 * "-q" for quiet */ |
| 288 #define XAUTH_COMMAND "/usr/bin/xauth -q" | 292 #define XAUTH_COMMAND "/usr/bin/xauth -q" |
| 289 | 293 |
| 290 | 294 |
| 291 /* If you want to enable running an sftp server (such as the one included with | 295 /* If you want to enable running an sftp server (such as the one included with |
| 292 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. | 296 * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. |
| 293 * The sftp-server program is not provided by Dropbear itself. | 297 * The sftp-server program is not provided by Dropbear itself. |
| 294 * Homedir is prepended if path begins with ~ | 298 * Homedir is prepended if path begins with ~ |
| 295 */ | 299 */ |
| 296 #define DROPBEAR_SFTPSERVER 1 | 300 #define DROPBEAR_SFTPSERVER 1 |
| 297 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" | 301 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" |