Mercurial > dropbear
comparison options.h @ 299:740e782679be ucc-axis-hack
Various changes to compile+kind of run on UCC's axis board.
Note that fprintf(stdin -> printf( accounts for many of the changes
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 25 Mar 2006 12:57:09 +0000 |
| parents | e37b160c414c |
| children | 973fccb59ea4 |
comparison
equal
deleted
inserted
replaced
| 266:e37b160c414c | 299:740e782679be |
|---|---|
| 44 several kB in binary size, however will make the symmetrical ciphers (AES, DES | 44 several kB in binary size, however will make the symmetrical ciphers (AES, DES |
| 45 etc) slower (perhaps by 50%). Recommended for most small systems. */ | 45 etc) slower (perhaps by 50%). Recommended for most small systems. */ |
| 46 #define DROPBEAR_SMALL_CODE | 46 #define DROPBEAR_SMALL_CODE |
| 47 | 47 |
| 48 /* Enable X11 Forwarding - server only */ | 48 /* Enable X11 Forwarding - server only */ |
| 49 #define ENABLE_X11FWD | 49 //#define ENABLE_X11FWD |
| 50 | 50 |
| 51 /* Enable TCP Fowarding */ | 51 /* Enable TCP Fowarding */ |
| 52 /* 'Local' is "-L" style (client listening port forwarded via server) | 52 /* 'Local' is "-L" style (client listening port forwarded via server) |
| 53 * 'Remote' is "-R" style (server listening port forwarded via client) */ | 53 * 'Remote' is "-R" style (server listening port forwarded via client) */ |
| 54 | 54 |
| 63 | 63 |
| 64 /* Encryption - at least one required. | 64 /* Encryption - at least one required. |
| 65 * RFC Draft requires 3DES and recommends AES128 for interoperability. | 65 * RFC Draft requires 3DES and recommends AES128 for interoperability. |
| 66 * Including multiple keysize variants the same cipher | 66 * Including multiple keysize variants the same cipher |
| 67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ | 67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ |
| 68 #define DROPBEAR_AES128_CBC | 68 //#define DROPBEAR_AES128_CBC |
| 69 #define DROPBEAR_3DES_CBC | 69 #define DROPBEAR_3DES_CBC |
| 70 #define DROPBEAR_AES256_CBC | 70 //#define DROPBEAR_AES256_CBC |
| 71 #define DROPBEAR_BLOWFISH_CBC | 71 //#define DROPBEAR_BLOWFISH_CBC |
| 72 #define DROPBEAR_TWOFISH256_CBC | 72 //#define DROPBEAR_TWOFISH256_CBC |
| 73 #define DROPBEAR_TWOFISH128_CBC | 73 //#define DROPBEAR_TWOFISH128_CBC |
| 74 | 74 |
| 75 /* Message Integrity - at least one required. | 75 /* Message Integrity - at least one required. |
| 76 * RFC Draft requires sha1 and recommends sha1-96. | 76 * RFC Draft requires sha1 and recommends sha1-96. |
| 77 * sha1-96 may be of use for slow links, as it has a smaller overhead. | 77 * sha1-96 may be of use for slow links, as it has a smaller overhead. |
| 78 * | 78 * |
| 84 * These hashes are also used for public key fingerprints in logs. | 84 * These hashes are also used for public key fingerprints in logs. |
| 85 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, | 85 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, |
| 86 * which are not the standard form. */ | 86 * which are not the standard form. */ |
| 87 #define DROPBEAR_SHA1_HMAC | 87 #define DROPBEAR_SHA1_HMAC |
| 88 #define DROPBEAR_SHA1_96_HMAC | 88 #define DROPBEAR_SHA1_96_HMAC |
| 89 #define DROPBEAR_MD5_HMAC | 89 //#define DROPBEAR_MD5_HMAC |
| 90 | 90 |
| 91 /* Hostkey/public key algorithms - at least one required, these are used | 91 /* Hostkey/public key algorithms - at least one required, these are used |
| 92 * for hostkey as well as for verifying signatures with pubkey auth. | 92 * for hostkey as well as for verifying signatures with pubkey auth. |
| 93 * Removing either of these won't save very much space. | 93 * Removing either of these won't save very much space. |
| 94 * SSH2 RFC Draft requires dss, recommends rsa */ | 94 * SSH2 RFC Draft requires dss, recommends rsa */ |
| 95 #define DROPBEAR_RSA | 95 #define DROPBEAR_RSA |
| 96 #define DROPBEAR_DSS | 96 //#define DROPBEAR_DSS |
| 97 | 97 |
| 98 /* RSA can be vulnerable to timing attacks which use the time required for | 98 /* RSA can be vulnerable to timing attacks which use the time required for |
| 99 * signing to guess the private key. Blinding avoids this attack, though makes | 99 * signing to guess the private key. Blinding avoids this attack, though makes |
| 100 * signing operations slightly slower. */ | 100 * signing operations slightly slower. */ |
| 101 #define RSA_BLINDING | 101 #define RSA_BLINDING |
| 105 * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed | 105 * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed |
| 106 * if the random number source isn't good. In general this isn't required */ | 106 * if the random number source isn't good. In general this isn't required */ |
| 107 /* #define DSS_PROTOK */ | 107 /* #define DSS_PROTOK */ |
| 108 | 108 |
| 109 /* Whether to do reverse DNS lookups. */ | 109 /* Whether to do reverse DNS lookups. */ |
| 110 #define DO_HOST_LOOKUP | 110 //#define DO_HOST_LOOKUP |
| 111 | 111 |
| 112 /* Whether to print the message of the day (MOTD). This doesn't add much code | 112 /* Whether to print the message of the day (MOTD). This doesn't add much code |
| 113 * size */ | 113 * size */ |
| 114 #define DO_MOTD | 114 //#define DO_MOTD |
| 115 | 115 |
| 116 /* The MOTD file path */ | 116 /* The MOTD file path */ |
| 117 #ifndef MOTD_FILENAME | 117 #ifndef MOTD_FILENAME |
| 118 #define MOTD_FILENAME "/etc/motd" | 118 #define MOTD_FILENAME "/etc/motd" |
| 119 #endif | 119 #endif |
| 152 /* If you are lacking entropy on the system then using /dev/urandom | 152 /* If you are lacking entropy on the system then using /dev/urandom |
| 153 * will prevent Dropbear from blocking on the device. This could | 153 * will prevent Dropbear from blocking on the device. This could |
| 154 * however significantly reduce the security of your ssh connections | 154 * however significantly reduce the security of your ssh connections |
| 155 * if the PRNG state becomes guessable - make sure you know what you are | 155 * if the PRNG state becomes guessable - make sure you know what you are |
| 156 * doing if you change this. */ | 156 * doing if you change this. */ |
| 157 #define DROPBEAR_RANDOM_DEV "/dev/random" | 157 #define DROPBEAR_RANDOM_DEV "/dev/urandom" |
| 158 | 158 |
| 159 /* prngd must be manually set up to produce output */ | 159 /* prngd must be manually set up to produce output */ |
| 160 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ | 160 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ |
| 161 | 161 |
| 162 /* Specify the number of clients we will allow to be connected but | 162 /* Specify the number of clients we will allow to be connected but |