1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
|
## SECTION=networking
menuconfig DROPBEAR
tristate
prompt "dropbear ssh-server "
select ZLIB
select LIBC_UTIL
help
dropbear is a SSH 2 server and client designed
to be small enough to be used in small memory
environments, while still being functional and
secure enough for general use.
It implements most required features of the
SSH 2 protocol, and other features such as X11
and authentication agent forwarding.
http://matt.ucc.asn.au/dropbear/dropbear.html
if DROPBEAR
config DROPBEAR_DIS_ZLIB
bool
prompt "Don't include zlib support"
help
Disable compresion in Dropbear by dropping use of
zlib.
If you disable zlib, you must explicitly disable
compression for the client - OpenSSH is possibly
buggy in this regard, it seems you need to disable it
globally in ~/.ssh/config, not just in the host entry
in that file.
config DROPBEAR_DIS_OPENPTY
bool
prompt "Don't use openpty, use alternative method"
help
If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails,
you can try compiling with --disable-openpty. You will probably then need
to create all the /dev/pty?? and /dev/tty?? devices, which can be
problematic for devfs. In general, openpty() is the best way to allocate
PTYs, so it's best to try and get it working.
config DROPBEAR_DIS_SYSLOG
bool
prompt "Don't include syslog support"
help
Keep dropbear from writing to syslog.
This option is useful for small or flash-based filesystems.
config DROPBEAR_DIS_LASTLOG
bool
prompt "disable use of lastlog"
help
Keep dropbear from writing to lastlog.
This option is useful for small or flash-based filesystems.
config DROPBEAR_DIS_UTMP
bool
prompt "disable use of utmp"
help
FIXME: This item should be documented in detail
Keep dropbear from writing to utmp.
This option is useful for small or flash-based filesystems.
config DROPBEAR_DIS_UTMPX
bool
prompt "disable use of utmpx"
help
FIXME: This item should be documented in detail
Keep dropbear from writing to utmpx.
This option is useful for small or flash-based filesystems.
config DROPBEAR_DIS_WTMP
bool
prompt "disable use of wtmp"
help
FIXME: This item should be documented in detail
Keep dropbear from writing to wtmp.
This option is useful for small or flash-based filesystems.
config DROPBEAR_DIS_WTMPX
bool
prompt "disable use of wtmpx"
help
FIXME: This item should be documented in detail
Keep dropbear from writing to wtmpx.
This option is useful for small or flash-based filesystems.
config DROPBEAR_DIS_LIBUTIL
bool
prompt "disable use of libutil"
help
Enable this option to leave out the use of libutil.
This might help to reduce the size of the binary.
config DROPBEAR_DIS_PUTUTLINE
bool
prompt "disable use of pututline"
help
pututline is needed to write to the utmp structure.
config DROPBEAR_DIS_PUTUTXLINE
bool
prompt "disable use of pututxline"
help
pututxline is needed to write to the utmpx structure.
comment features
config DROPBEAR_DIS_X11
bool
prompt "disable X11 Forwarding"
help
X11 forwarding means passing X11 (graphical interface)
information over the SSH connection.
config DROPBEAR_DIS_TCP
bool
prompt "disable TCP Forwarding"
help
TCP forwarding means the tunneling of TCP ports over
the SSH connection.
config DROPBEAR_DIS_AGENT
bool
prompt "disable Authentication Agent Forwarding"
help
Authentication agent is a program to automatize the
use of authentication private keys.
comment "Encryption, at least one required --- RFC Draft requires 3DES"
config DROPBEAR_AES128
bool
prompt "AES 128"
help
This Advanced Encryption Standard designed by Joan Daemen
and Vincent Rijmen, is a FIPS-approved symmetric encryption
algorithm that may be used by U.S. Government organizations
(and others) to protect sensitive information.
config DROPBEAR_BLOWFISH
bool
prompt "Blowfish"
help
Blowfish, by Bruce Schneier, combines a Feistel network,
key-dependent S-Boxes, with a non-invertible f function.
This block cipher iterates a simple encryption function
16 times.
Blowfish was designed with a variable key length ranging
from 32 bits to 448 bits.
config DROPBEAR_TWOFISH128
bool
prompt "Twofish128"
help
Another great algorithm designed by Bruce Schneier.
This block cipher was designed as a successor to
the 64-bit Blowfish block cipher.
Twofish combines a 16-round Feistel network with a
bijective f function made by four key-dependent
8x8-bit S-boxes.
config DROPBEAR_3DES
bool
prompt "3DES"
default y
help
DES is an IBM algorithm designed during the 1970s.
In 1976, NIST has officially adopted it as an encryption
algorithm for unclassified data. Since then, DES has
become one of the widely used block ciphers on the
market. As the effective key length of DES is a 56-bit,
a triple-DES was created. The new 3DES concept uses
three DES rounds to encrypt the DATA 3 times.
comment "Integrity, at least one required --- RFC Draft requires sha1-hmac"
config DROPBEAR_SHA1
bool
prompt "sha1"
default y
help
The Secure Hash Algorithm (SHA) was developed by NIST and
is specified in the Secure Hash Standard (SHS, FIPS 180).
SHA-1 is a revision to this version and was published in
1994. It is also described in the ANSI X9.30 (part 2)
standard. SHA-1 produces a 160-bit (20 byte) message digest.
Although slower than MD5, this larger digest size makes it
stronger against brute force attacks.
config DROPBEAR_MD5
bool
prompt "md5"
help
MD5 was developed by Professor Ronald L. Rivest in 1994.
Its 128 bit (16 byte) message digest makes it a faster
implementation than SHA-1.
comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss"
config DROPBEAR_RSA
bool
prompt "rsa"
help
RSA was announced in 1978. The security of the RSA system
is based upon the RSA Problem (RSAP). This problem is
conjectured (but not proven) to be equivalent to the
Integer Factorisation Problem (IFP).
config DROPBEAR_DSS
bool
prompt "dss"
default y
help
DSS stands for Digital Signature Standard.
DSS employs the ElGamal and Schnorr PK systems to produce
a fixed width signature (irrespective of the public/private
key size). In contrast, RSA signature length is a function
of the key length employed.
comment "Authentication types, at least one required --- RFC Draft requires pubkey auth"
config DROPBEAR_PASSWD
bool
prompt "password"
default y
help
Use password authentication
config DROPBEAR_PUBKEY
bool
prompt "pubkey"
default y
help
Use public key authentication
comment "installation options ---"
config DROPBEAR_DROPBEAR
bool
prompt "Install dropbear SSH server"
default y
select DROPBEAR_DROPBEAR_KEY
select DROPBEAR_RSA
select DROPBEAR_DSS
select BB_CONFIG_START_STOP_DAEMON if BUSYBOX
help
Installs the dropbar server in /usr/sbin/dropbear on the target
config DROPBEAR_DROPBEAR_KEY
bool
prompt "Install dropbearkey"
help
This program is used to generate the host key(s).
Select this, if you want this program on your target platform.
config DROPBEAR_DROPBEAR_CONVERT
bool
prompt "Install dropbearconvert"
help
With this utility you can convert ssh hostkeys from openssh to dropbear format.
Select this, if you want this program on your target platform.
config DROPBEAR_SCP
bool
prompt "Install dropbear's scp"
help
This is dropbear's implementation of the scp utility.
comment "runtime options ---"
config ROOTFS_ETC_INITD_DROPBEAR
bool
default y
prompt "Install startup script"
help
The /etc/init.d/dropbear script lets you control the dropbear daemon.
choice
prompt "Kind of startup script"
depends on ROOTFS_ETC_INITD_DROPBEAR
default ROOTFS_ETC_INITD_DROPBEAR_DEFAULT
config ROOTFS_ETC_INITD_DROPBEAR_DEFAULT
bool
prompt "Use generic"
help
Installs a generic /etc/init.d/dropbear startup script.
See <ptxdist-install>/generic/etc/init.d/dropbear
config ROOTFS_ETC_INITD_DROPBEAR_USER
bool
prompt "User defined"
help
This uses a user defined dropbear startup script. PTXdist
uses files projectroot/etc/init.d/dropbear in your local
project
endchoice
endif
|
