diff options
| author | Alexander Dahl <ada@thorsis.com> | 2020-11-16 09:05:50 +0100 |
|---|---|---|
| committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-11-16 12:44:56 +0100 |
| commit | 55129e58359e94cecae7c158d63cbf9d0a44ea6f (patch) | |
| tree | e5216ada00cc31bf077023046fe83ac875ceede5 | |
| parent | 01ac7cc409b59dfbdcc0e231733d3893c51ee8cc (diff) | |
| download | ptxdist-55129e58359e94cecae7c158d63cbf9d0a44ea6f.tar.gz ptxdist-55129e58359e94cecae7c158d63cbf9d0a44ea6f.tar.xz | |
dropbear: Revise comments
Add more section markers and update recommendations based on upstream's
'default_options.h' file.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20201116080552.25031-4-ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
| -rw-r--r-- | rules/dropbear.in | 8 | ||||
| -rw-r--r-- | rules/dropbear.make | 18 |
2 files changed, 16 insertions, 10 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index d23f9b17f..7f777ae64 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -208,7 +208,7 @@ config DROPBEAR_CTR_CIPHERS CBC mode against certain attacks. This adds around 1kB to binary size and is recommended for most cases. -comment "Integrity, at least one required --- RFC Draft requires sha1-hmac and recommends sha1-96" +comment "Integrity, at least one required --- sha2-256 is recommended as a default, sha1 for compatibility" config DROPBEAR_SHA1 bool @@ -260,7 +260,7 @@ config DROPBEAR_SHA512 SHA-1. SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits. -comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa" +comment "Hostkey/public key algorithms, at least one required --- RSA is recommended, DSS is not recommended for new keys" config DROPBEAR_RSA bool @@ -279,6 +279,8 @@ config DROPBEAR_ECDSA ECDSA stands for Elliptic Curve Digital Signature Algorithm. ECDSA is significantly faster than RSA or DSS. +comment "Key exchange algorithm ---" + config DROPBEAR_ECDH bool prompt "ecdh" @@ -348,7 +350,7 @@ config DROPBEAR_SCP comment "OpenSSH scp is selected!" depends on OPENSSH_SCP -comment "runtime options ---" +comment "runtime options ---" config DROPBEAR_STARTSCRIPT bool diff --git a/rules/dropbear.make b/rules/dropbear.make index 9403afd00..e422eb4d5 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -67,6 +67,7 @@ $(STATEDIR)/dropbear.prepare: @echo "/* localoptions.h created by ptxdist */" > $(DROPBEAR_LOCALOPTIONS) +# features ifdef PTXCONF_DROPBEAR_DIS_X11 @echo "ptxdist: disabling x11 forwarding" @echo "#define DROPBEAR_X11FWD 0" >> $(DROPBEAR_LOCALOPTIONS) @@ -76,13 +77,13 @@ else endif ifdef PTXCONF_DROPBEAR_DIS_TCP - @echo "ptxdist: disabling tcp" + @echo "ptxdist: disabling tcp forwarding" @echo "#define DROPBEAR_CLI_LOCALTCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS) @echo "#define DROPBEAR_CLI_REMOTETCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS) @echo "#define DROPBEAR_SVR_LOCALTCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS) @echo "#define DROPBEAR_SVR_REMOTETCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS) else - @echo "ptxdist: enabling tcp" + @echo "ptxdist: enabling tcp forwarding" @echo "#define DROPBEAR_CLI_LOCALTCPFWD 1" >> $(DROPBEAR_LOCALOPTIONS) @echo "#define DROPBEAR_CLI_REMOTETCPFWD 1" >> $(DROPBEAR_LOCALOPTIONS) @echo "#define DROPBEAR_SVR_LOCALTCPFWD 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -90,16 +91,16 @@ else endif ifdef PTXCONF_DROPBEAR_DIS_AGENT - @echo "ptxdist: disabling agent" + @echo "ptxdist: disabling auth agent forwarding" @echo "#define DROPBEAR_SVR_AGENTFWD 0" >> $(DROPBEAR_LOCALOPTIONS) @echo "#define DROPBEAR_CLI_AGENTFWD 0" >> $(DROPBEAR_LOCALOPTIONS) else - @echo "ptxdist: enabling agent" + @echo "ptxdist: enabling auth agent forwarding" @echo "#define DROPBEAR_SVR_AGENTFWD 1" >> $(DROPBEAR_LOCALOPTIONS) @echo "#define DROPBEAR_CLI_AGENTFWD 1" >> $(DROPBEAR_LOCALOPTIONS) endif - +# encryption ifdef PTXCONF_DROPBEAR_AES128 @echo "ptxdist: enabling aes128" @echo "#define DROPBEAR_AES128 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -140,6 +141,7 @@ else @echo "#define DROPBEAR_TWOFISH128 0" >> $(DROPBEAR_LOCALOPTIONS) endif +# ciphers ifdef PTXCONF_DROPBEAR_CBC_CIPHERS @echo "ptxdist: enabling cbc ciphers" @echo "#define DROPBEAR_ENABLE_CBC_MODE 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -157,6 +159,7 @@ else @echo "#define DROPBEAR_ENABLE_CTR_MODE 0" >> $(DROPBEAR_LOCALOPTIONS) endif +# integrity ifdef PTXCONF_DROPBEAR_SHA1 @echo "ptxdist: enabling sha1" @echo "#define DROPBEAR_SHA1_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -193,7 +196,7 @@ else @echo "#define DROPBEAR_SHA2_512_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS) endif - +# host key / public key ifdef PTXCONF_DROPBEAR_RSA @echo "ptxdist: enabling rsa" @echo "#define DROPBEAR_RSA 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -210,6 +213,7 @@ else @echo "#define DROPBEAR_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS) endif +# key exchange algorithm ifdef PTXCONF_DROPBEAR_ECDH @echo "ptxdist: enabling ecdh" @echo "#define DROPBEAR_ECDH 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -226,7 +230,7 @@ else @echo "#define DROPBEAR_CURVE25519 0" >> $(DROPBEAR_LOCALOPTIONS) endif - +# authentication types ifdef PTXCONF_DROPBEAR_PASSWD @echo "ptxdist: enabling passwd" @echo "#define DROPBEAR_SVR_PASSWORD_AUTH 1" >> $(DROPBEAR_LOCALOPTIONS) |