diff options
author | Jochen Frieling <j.frieling@pengutronix.de> | 2007-10-16 20:41:39 +0000 |
---|---|---|
committer | Jochen Frieling <j.frieling@pengutronix.de> | 2007-10-16 20:41:39 +0000 |
commit | 75c1e80dda9c9fafc3c1da1cf33ce24f1ec05f75 (patch) | |
tree | 9851f129914ee1cfc8fa6f43877269f32aa4e9ba /rules/dropbear.in | |
parent | 87c27ec1bf62bf1825198100fe91293512783143 (diff) | |
download | ptxdist-75c1e80dda9c9fafc3c1da1cf33ce24f1ec05f75.tar.gz ptxdist-75c1e80dda9c9fafc3c1da1cf33ce24f1ec05f75.tar.xz |
help texts rounded off, some fixes
git-svn-id: https://svn.pengutronix.de/svn/ptxdist/trunks/ptxdist-trunk@7410 33e552b5-05e3-0310-8538-816dae2090ed
Diffstat (limited to 'rules/dropbear.in')
-rw-r--r-- | rules/dropbear.in | 108 |
1 files changed, 82 insertions, 26 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index 3d63d9828..7c4700595 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -20,28 +20,40 @@ config DROPBEAR_DIS_ZLIB prompt "Don't include zlib support" depends on DROPBEAR help - FIXME: This item should be documented in detail + Disable compresion in Dropbear by dropping use of + zlib. + If you disable zlib, you must explicitly disable + compression for the client - OpenSSH is possibly + buggy in this regard, it seems you need to disable it + globally in ~/.ssh/config, not just in the host entry + in that file. config DROPBEAR_DIS_OPENPTY bool prompt "Don't use openpty, use alternative method" depends on DROPBEAR help - FIXME: This item should be documented in detail + If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails, + you can try compiling with --disable-openpty. You will probably then need + to create all the /dev/pty?? and /dev/tty?? devices, which can be + problematic for devfs. In general, openpty() is the best way to allocate + PTYs, so it's best to try and get it working. config DROPBEAR_DIS_SYSLOG bool prompt "Don't include syslog support" depends on DROPBEAR help - FIXME: This item should be documented in detail + Keep dropbear from writing to syslog. + This option is useful for small or flash-based filesystems. config DROPBEAR_DIS_LASTLOG bool prompt "disable use of lastlog" depends on DROPBEAR help - FIXME: This item should be documented in detail + Keep dropbear from writing to lastlog. + This option is useful for small or flash-based filesystems. config DROPBEAR_DIS_UTMP bool @@ -49,6 +61,8 @@ config DROPBEAR_DIS_UTMP depends on DROPBEAR help FIXME: This item should be documented in detail + Keep dropbear from writing to utmp. + This option is useful for small or flash-based filesystems. config DROPBEAR_DIS_UTMPX bool @@ -56,6 +70,8 @@ config DROPBEAR_DIS_UTMPX depends on DROPBEAR help FIXME: This item should be documented in detail + Keep dropbear from writing to utmpx. + This option is useful for small or flash-based filesystems. config DROPBEAR_DIS_WTMP bool @@ -63,6 +79,8 @@ config DROPBEAR_DIS_WTMP depends on DROPBEAR help FIXME: This item should be documented in detail + Keep dropbear from writing to wtmp. + This option is useful for small or flash-based filesystems. config DROPBEAR_DIS_WTMPX bool @@ -70,28 +88,30 @@ config DROPBEAR_DIS_WTMPX depends on DROPBEAR help FIXME: This item should be documented in detail + Keep dropbear from writing to wtmpx. + This option is useful for small or flash-based filesystems. config DROPBEAR_DIS_LIBUTIL bool prompt "disable use of libutil" depends on DROPBEAR help - FIXME: This item should be documented in detail + Enable this option to leave out the use of libutil. + This might help to reduce the size of the binary. config DROPBEAR_DIS_PUTUTLINE bool prompt "disable use of pututline" depends on DROPBEAR help - FIXME: This item should be documented in detail + pututline is needed to write to the utmp structure. config DROPBEAR_DIS_PUTUTXLINE bool prompt "disable use of pututxline" depends on DROPBEAR help - FIXME: This item should be documented in detail - + pututxline is needed to write to the utmpx structure. comment features depends on DROPBEAR @@ -101,21 +121,24 @@ config DROPBEAR_DIS_X11 prompt "disable X11 Forwarding" depends on DROPBEAR help - FIXME: This item should be documented in detail + X11 forwarding means passing X11 (graphical interface) + information over the SSH connection. config DROPBEAR_DIS_TCP bool - prompt "disable TCP Fowarding" + prompt "disable TCP Forwarding" depends on DROPBEAR help - FIXME: This item should be documented in detail + TCP forwarding means the tunneling of TCP ports over + the SSH connection. config DROPBEAR_DIS_AGENT bool prompt "disable Authentication Agent Forwarding" depends on DROPBEAR help - FIXME: This item should be documented in detail + Authentication agent is a program to automatize the + use of authentication private keys. comment "Encryption, at least one required --- RFC Draft requires 3DES" depends on DROPBEAR @@ -125,21 +148,34 @@ config DROPBEAR_AES128 prompt "AES 128" depends on DROPBEAR help - FIXME: This item should be documented in detail + This Advanced Encryption Standard designed by Joan Daemen + and Vincent Rijmen, is a FIPS-approved symmetric encryption + algorithm that may be used by U.S. Government organizations + (and others) to protect sensitive information. config DROPBEAR_BLOWFISH bool prompt "Blowfish" depends on DROPBEAR help - FIXME: This item should be documented in detail + Blowfish, by Bruce Schneier, combines a Feistel network, + key-dependent S-Boxes, with a non-invertible f function. + This block cipher iterates a simple encryption function + 16 times. + Blowfish was designed with a variable key length ranging + from 32 bits to 448 bits. config DROPBEAR_TWOFISH128 bool prompt "Twofish128" depends on DROPBEAR help - FIXME: This item should be documented in detail + Another great algorithm designed by Bruce Schneier. + This block cipher was designed as a successor to + the 64-bit Blowfish block cipher. + Twofish combines a 16-round Feistel network with a + bijective f function made by four key-dependent + 8x8-bit S-boxes. config DROPBEAR_3DES bool @@ -147,7 +183,13 @@ config DROPBEAR_3DES default y depends on DROPBEAR help - FIXME: This item should be documented in detail + DES is an IBM algorithm designed during the 1970s. + In 1976, NIST has officially adopted it as an encryption + algorithm for unclassified data. Since then, DES has + become one of the widely used block ciphers on the + market. As the effective key length of DES is a 56-bit, + a triple-DES was created. The new 3DES concept uses + three DES rounds to encrypt the DATA 3 times. comment "Integrity, at least one required --- RFC Draft requires sha1-hmac" depends on DROPBEAR @@ -158,14 +200,22 @@ config DROPBEAR_SHA1 default y depends on DROPBEAR help - FIXME: This item should be documented in detail + The Secure Hash Algorithm (SHA) was developed by NIST and + is specified in the Secure Hash Standard (SHS, FIPS 180). + SHA-1 is a revision to this version and was published in + 1994. It is also described in the ANSI X9.30 (part 2) + standard. SHA-1 produces a 160-bit (20 byte) message digest. + Although slower than MD5, this larger digest size makes it + stronger against brute force attacks. config DROPBEAR_MD5 bool prompt "md5" depends on DROPBEAR help - FIXME: This item should be documented in detail + MD5 was developed by Professor Ronald L. Rivest in 1994. + Its 128 bit (16 byte) message digest makes it a faster + implementation than SHA-1. comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss" depends on DROPBEAR @@ -175,7 +225,10 @@ config DROPBEAR_RSA prompt "rsa" depends on DROPBEAR help - FIXME: This item should be documented in detail + RSA was announced in 1978. The security of the RSA system + is based upon the RSA Problem (RSAP). This problem is + conjectured (but not proven) to be equivalent to the + Integer Factorisation Problem (IFP). config DROPBEAR_DSS bool @@ -183,8 +236,11 @@ config DROPBEAR_DSS default y depends on DROPBEAR help - FIXME: This item should be documented in detail - + DSS stands for Digital Signature Standard. + DSS employs the ElGamal and Schnorr PK systems to produce + a fixed width signature (irrespective of the public/private + key size). In contrast, RSA signature length is a function + of the key length employed. comment "Authentication types, at least one required --- RFC Draft requires pubkey auth" depends on DROPBEAR @@ -195,7 +251,7 @@ config DROPBEAR_PASSWD default y depends on DROPBEAR help - FIXME: This item should be documented in detail + Use password authentication config DROPBEAR_PUBKEY bool @@ -203,7 +259,7 @@ config DROPBEAR_PUBKEY default y depends on DROPBEAR help - FIXME: This item should be documented in detail + Use public key authentication comment "installation options ---" depends on DROPBEAR @@ -218,14 +274,14 @@ config DROPBEAR_DROPBEAR select DROPBEAR_DSS select BB_CONFIG_START_STOP_DAEMON if BUSYBOX help - FIXME: This item should be documented in detail + Installs the dropbar server in /usr/sbin/dropbear on the target config DROPBEAR_DROPBEAR_KEY bool prompt "Install dropbearkey" depends on DROPBEAR help - This programm is used to generate the host key(s). + This program is used to generate the host key(s). Select this, if you want this program on your target platform. config DROPBEAR_DROPBEAR_CONVERT @@ -233,7 +289,7 @@ config DROPBEAR_DROPBEAR_CONVERT prompt "Install dropbearconvert" depends on DROPBEAR help - With this utility you can convert ssh hostkeys from openssh to dropbear formt. + With this utility you can convert ssh hostkeys from openssh to dropbear format. Select this, if you want this program on your target platform. config DROPBEAR_SCP |