Mercurial > dropbear
comparison options.h @ 684:c37857676924 insecure-nocrypto
Merge in "-m"/"-c" code
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 17 May 2012 08:09:19 +0800 |
| parents | a4b7627b3157 63f8d6c469cf |
| children | 5af8993f7529 |
comparison
equal
deleted
inserted
replaced
| 681:a4b7627b3157 | 684:c37857676924 |
|---|---|
| 77 #define ENABLE_CLI_PROXYCMD | 77 #define ENABLE_CLI_PROXYCMD |
| 78 | 78 |
| 79 /* Enable "Netcat mode" option. This will forward standard input/output | 79 /* Enable "Netcat mode" option. This will forward standard input/output |
| 80 * to a remote TCP-forwarded connection */ | 80 * to a remote TCP-forwarded connection */ |
| 81 #define ENABLE_CLI_NETCAT | 81 #define ENABLE_CLI_NETCAT |
| 82 | |
| 83 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ | |
| 84 #define ENABLE_USER_ALGO_LIST | |
| 82 | 85 |
| 83 /* Encryption - at least one required. | 86 /* Encryption - at least one required. |
| 84 * Protocol RFC requires 3DES and recommends AES128 for interoperability. | 87 * Protocol RFC requires 3DES and recommends AES128 for interoperability. |
| 85 * Including multiple keysize variants the same cipher | 88 * Including multiple keysize variants the same cipher |
| 86 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ | 89 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ |
| 105 * prioritisation in cli-runopts. | 108 * prioritisation in cli-runopts. |
| 106 * | 109 * |
| 107 * The best way to do things is probably make normal compile of dropbear with | 110 * The best way to do things is probably make normal compile of dropbear with |
| 108 * all ciphers including "none" as the server, then recompile a special | 111 * all ciphers including "none" as the server, then recompile a special |
| 109 * "dbclient-insecure" client. */ | 112 * "dbclient-insecure" client. */ |
| 110 /* #define DROPBEAR_NONE_CIPHER */ | 113 #define DROPBEAR_NONE_CIPHER |
| 111 | 114 |
| 112 /* Message Integrity - at least one required. | 115 /* Message Integrity - at least one required. |
| 113 * Protocol RFC requires sha1 and recommends sha1-96. | 116 * Protocol RFC requires sha1 and recommends sha1-96. |
| 114 * sha1-96 is of use for slow links as it has a smaller overhead. | 117 * sha1-96 is of use for slow links as it has a smaller overhead. |
| 115 * | 118 * |
| 130 /* You can also disable integrity. Don't bother disabling this if you're | 133 /* You can also disable integrity. Don't bother disabling this if you're |
| 131 * still using a cipher, it's relatively cheap. If you disable this it's dead | 134 * still using a cipher, it's relatively cheap. If you disable this it's dead |
| 132 * simple to run arbitrary commands on the remote host. Beware. | 135 * simple to run arbitrary commands on the remote host. Beware. |
| 133 * Note again, for the client you will have to disable other hashes above | 136 * Note again, for the client you will have to disable other hashes above |
| 134 * to use this. */ | 137 * to use this. */ |
| 135 /* #define DROPBEAR_NONE_INTEGRITY */ | 138 #define DROPBEAR_NONE_INTEGRITY |
| 136 | 139 |
| 137 /* Hostkey/public key algorithms - at least one required, these are used | 140 /* Hostkey/public key algorithms - at least one required, these are used |
| 138 * for hostkey as well as for verifying signatures with pubkey auth. | 141 * for hostkey as well as for verifying signatures with pubkey auth. |
| 139 * Removing either of these won't save very much space. | 142 * Removing either of these won't save very much space. |
| 140 * SSH2 RFC Draft requires dss, recommends rsa */ | 143 * SSH2 RFC Draft requires dss, recommends rsa */ |