Mercurial > dropbear
changeset 713:e22d5f5f6e37
Fix "-c none" so that it allows aes during authentication
Default for options.h shouldn't allow "none"
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 20 Mar 2013 23:52:49 +0800 |
| parents | bf0ac0512ef7 |
| children | 84157e435c52 |
| files | common-runopts.c options.h |
| diffstat | 2 files changed, 9 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/common-runopts.c Wed Mar 20 23:13:45 2013 +0800 +++ b/common-runopts.c Wed Mar 20 23:52:49 2013 +0800 @@ -75,6 +75,12 @@ dropbear_exit("."); } + if (strcmp(opts.cipher_list, "none") == 0) + { + /* Encryption is required during authentication */ + opts.cipher_list = "none,aes128-ctr"; + } + if (check_user_algos(opts.cipher_list, sshciphers, "cipher") == 0) { dropbear_exit("No valid ciphers specified for '-c'");
--- a/options.h Wed Mar 20 23:13:45 2013 +0800 +++ b/options.h Wed Mar 20 23:52:49 2013 +0800 @@ -104,7 +104,7 @@ * this could be safe security-wise, though make sure you know what * you're doing. Anyone can see everything that goes over the wire, so * the only safe auth method is public key. */ -#define DROPBEAR_NONE_CIPHER +/* #define DROPBEAR_NONE_CIPHER */ /* Message Integrity - at least one required. * Protocol RFC requires sha1 and recommends sha1-96. @@ -126,10 +126,8 @@ /* You can also disable integrity. Don't bother disabling this if you're * still using a cipher, it's relatively cheap. If you disable this it's dead - * simple to run arbitrary commands on the remote host. Beware. - * Note again, for the client you will have to disable other hashes above - * to use this. */ -#define DROPBEAR_NONE_INTEGRITY + * simple to run arbitrary commands on the remote host. Beware. */ +/* #define DROPBEAR_NONE_INTEGRITY */ /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth.