Mercurial > dropbear
comparison options.h @ 854:ccc76acaf4c7
merge ecc again
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 14 Nov 2013 20:45:46 +0800 |
parents | c1c1b43f78c2 |
children | c19acba28590 |
comparison
equal
deleted
inserted
replaced
845:774ad9b112ef | 854:ccc76acaf4c7 |
---|---|
6 #define _OPTIONS_H_ | 6 #define _OPTIONS_H_ |
7 | 7 |
8 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" | 8 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" |
9 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ | 9 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ |
10 | 10 |
11 /* Important: Many options will require "make clean" after changes */ | 11 /* IMPORTANT: Many options will require "make clean" after changes */ |
12 | 12 |
13 #ifndef DROPBEAR_DEFPORT | 13 #ifndef DROPBEAR_DEFPORT |
14 #define DROPBEAR_DEFPORT "22" | 14 #define DROPBEAR_DEFPORT "22" |
15 #endif | 15 #endif |
16 | 16 |
127 /*#define DROPBEAR_SHA2_512_HMAC*/ | 127 /*#define DROPBEAR_SHA2_512_HMAC*/ |
128 #define DROPBEAR_MD5_HMAC | 128 #define DROPBEAR_MD5_HMAC |
129 | 129 |
130 /* You can also disable integrity. Don't bother disabling this if you're | 130 /* You can also disable integrity. Don't bother disabling this if you're |
131 * still using a cipher, it's relatively cheap. If you disable this it's dead | 131 * still using a cipher, it's relatively cheap. If you disable this it's dead |
132 * simple to run arbitrary commands on the remote host. Beware. */ | 132 * simple for an attacker to run arbitrary commands on the remote host. Beware. */ |
133 /* #define DROPBEAR_NONE_INTEGRITY */ | 133 /* #define DROPBEAR_NONE_INTEGRITY */ |
134 | 134 |
135 /* Hostkey/public key algorithms - at least one required, these are used | 135 /* Hostkey/public key algorithms - at least one required, these are used |
136 * for hostkey as well as for verifying signatures with pubkey auth. | 136 * for hostkey as well as for verifying signatures with pubkey auth. |
137 * Removing either of these won't save very much space. | 137 * Removing either of these won't save very much space. |
138 * SSH2 RFC Draft requires dss, recommends rsa */ | 138 * SSH2 RFC Draft requires dss, recommends rsa */ |
139 #define DROPBEAR_RSA | 139 #define DROPBEAR_RSA |
140 #define DROPBEAR_DSS | 140 #define DROPBEAR_DSS |
141 | 141 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC |
142 * code (either ECDSA or ECDH) increases binary size - around 30kB | |
143 * on x86-64 */ | |
144 #define DROPBEAR_ECDSA | |
145 | |
146 /* Generate hostkeys as-needed when the first connection using that key type occurs. | |
147 This avoids the need to otherwise run "dropbearkey" and avoids some problems | |
148 with badly seeded /dev/urandom when systems first boot. | |
149 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly | |
150 anything if dropbearkey is linked in a "dropbearmulti" binary) */ | |
151 #define DROPBEAR_DELAY_HOSTKEY | |
152 | |
153 /* Enable Curve25519 for key exchange. This is another elliptic | |
154 * curve method with good security properties. Increases binary size | |
155 * by ~8kB on x86-64 */ | |
156 #define DROPBEAR_CURVE25519 | |
157 | |
158 /* Enable elliptic curve Diffie Hellman key exchange, see note about | |
159 * ECDSA above */ | |
142 #define DROPBEAR_ECDH | 160 #define DROPBEAR_ECDH |
143 #define DROPBEAR_ECDSA | |
144 | |
145 /* RSA can be vulnerable to timing attacks which use the time required for | |
146 * signing to guess the private key. Blinding avoids this attack, though makes | |
147 * signing operations slightly slower. */ | |
148 #define RSA_BLINDING | |
149 | 161 |
150 /* Control the memory/performance/compression tradeoff for zlib. | 162 /* Control the memory/performance/compression tradeoff for zlib. |
151 * Set windowBits=8 for least memory usage, see your system's | 163 * Set windowBits=8 for least memory usage, see your system's |
152 * zlib.h for full details. | 164 * zlib.h for full details. |
153 * Default settings (windowBits=15) will use 256kB for compression | 165 * Default settings (windowBits=15) will use 256kB for compression |
180 * PAM challenge/response. | 192 * PAM challenge/response. |
181 * You can't enable both PASSWORD and PAM. */ | 193 * You can't enable both PASSWORD and PAM. */ |
182 | 194 |
183 #define ENABLE_SVR_PASSWORD_AUTH | 195 #define ENABLE_SVR_PASSWORD_AUTH |
184 /* PAM requires ./configure --enable-pam */ | 196 /* PAM requires ./configure --enable-pam */ |
185 //#define ENABLE_SVR_PAM_AUTH | 197 /*#define ENABLE_SVR_PAM_AUTH */ |
186 #define ENABLE_SVR_PUBKEY_AUTH | 198 #define ENABLE_SVR_PUBKEY_AUTH |
187 | 199 |
188 /* Whether to take public key options in | 200 /* Whether to take public key options in |
189 * authorized_keys file into account */ | 201 * authorized_keys file into account */ |
190 #ifdef ENABLE_SVR_PUBKEY_AUTH | 202 #ifdef ENABLE_SVR_PUBKEY_AUTH |