Mercurial > dropbear
view TODO @ 1499:2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
For the sake of review, this commit alters only the code; the affiliated
comments within the source files also need to be updated, but doing so
now would obscure the operational changes that have been made here.
* All on/off options have been switched to the numeric `#if' variant;
that is the only way to make this `default_options.h.in' thing work
in a reasonable manner.
* There is now some very minor compile-time checking of the user's
choice of options.
* NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed.
* ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST,
and this commit completes that work.
* DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option,
which was added by the following commit:
commit 6e0b539e9ca0b5628c6c5a3d118ad6a2e79e8039
Author: Matt Johnston <[email protected]>
Date: Tue May 23 22:29:21 2017 +0800
split out checkpubkey_line() separately
It has now been added to `sysoptions.h' and defined as `0' by default.
* The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in
`default_options.h.in'; it is no longer meant to be set by the user, and
is instead left to be defined in `sysoptions.h' (where it was already being
defined) as merely the name of the environment variable in question:
DROPBEAR_PASSWORD
To enable or disable use of that environment variable, the user must now
toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'.
* The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the
path of the sFTP server program is set independently through the usual
SFTPSERVER_PATH.
author | Michael Witten <mfwitten@gmail.com> |
---|---|
date | Thu, 20 Jul 2017 19:38:26 +0000 |
parents | 0cbe8f6dbf9e |
children |
line wrap: on
line source
Current: Things which might need doing: - default private dbclient keys - Make options.h generated from configure perhaps? - handle /etc/environment in AIX - check that there aren't timing issues with valid/invalid user authentication feedback. - Binding to different interfaces - CTR mode - SSH_MSG_IGNORE sending to improve CBC security - DH Group Exchange possibly, or just add group14 (whatever it's called today) - fix scp.c for IRIX - Be able to use OpenSSH keys for the client? or at least have some form of encrypted keys. - Client agent forwarding - Handle restrictions in ~/.ssh/authorized_keys ?