Halaman utama Jelajahi Bantuan
Daftar Masuk
OpenWrt
/
openwrt
cermin dari https://github.com/openwrt/openwrt.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: v24.10.4
Ranting Tag
openwrt
/
package
/
network
/
services
/
dropbear
/
Config.in

Config.in 4.8 KB
Permalink Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196 
  1. menu "Configuration"
    2. 

  2. 	depends on PACKAGE_dropbear
    3. 

  3. 

  4. config DROPBEAR_CURVE25519
    5. 

  5. 	bool "Curve25519 support"
    6. 

  6. 	default y
    7. 

  7. 	help
    8. 

  8. 		This enables the following key exchange algorithm:
    9. 

  9. 		  [email protected]
    10. 

  10. 

  11. 		Increases binary size by about 4 kB (MIPS).
    12. 

  12. 

  13. config DROPBEAR_ECC
    14. 

  14. 	bool "Elliptic curve cryptography (ECC)"
    15. 

  15. 	help
    16. 

  16. 		Enables basic support for elliptic curve cryptography (ECC)
    17. 

  17. 		in key exchange and public key authentication.
    18. 

  18. 

  19. 		Key exchange algorithms:
    20. 

  20. 		  ecdh-sha2-nistp256
    21. 

  21. 

  22. 		Public key algorithms:
    23. 

  23. 		  ecdsa-sha2-nistp256
    24. 

  24. 

  25. 		Increases binary size by about 24 kB (MIPS).
    26. 

  26. 

  27. 		Note: select DROPBEAR_ECC_FULL if full ECC support is required.
    28. 

  28. 

  29. config DROPBEAR_ECC_FULL
    30. 

  30. 	bool "Elliptic curve cryptography (ECC), full support"
    31. 

  31. 	depends on DROPBEAR_ECC
    32. 

  32. 	help
    33. 

  33. 		Enables full support for elliptic curve cryptography (ECC)
    34. 

  34. 		in key exchange and public key authentication.
    35. 

  35. 

  36. 		Key exchange algorithms:
    37. 

  37. 		  ecdh-sha2-nistp256 (*)
    38. 

  38. 		  ecdh-sha2-nistp384
    39. 

  39. 		  ecdh-sha2-nistp521
    40. 

  40. 

  41. 		Public key algorithms:
    42. 

  42. 		  ecdsa-sha2-nistp256 (*)
    43. 

  43. 		  ecdsa-sha2-nistp384
    44. 

  44. 		  ecdsa-sha2-nistp521
    45. 

  45. 

  46. 		(*) - basic ECC support; provided by DROPBEAR_ECC.
    47. 

  47. 

  48. 		Increases binary size by about 4 kB (MIPS).
    49. 

  49. 

  50. config DROPBEAR_ED25519
    51. 

  51. 	bool "Ed25519 support"
    52. 

  52. 	default y if !SMALL_FLASH
    53. 

  53. 	help
    54. 

  54. 		This enables the following public key algorithm:
    55. 

  55. 		  ssh-ed25519
    56. 

  56. 

  57. 		Increases binary size by about 12 kB (MIPS).
    58. 

  58. 

  59. config DROPBEAR_CHACHA20POLY1305
    60. 

  60. 	bool "Chacha20-Poly1305 support"
    61. 

  61. 	default y
    62. 

  62. 	help
    63. 

  63. 		This enables the following authenticated encryption cipher:
    64. 

  64. 		  [email protected]
    65. 

  65. 

  66. 		Increases binary size by about 4 kB (MIPS).
    67. 

  67. 

  68. config DROPBEAR_U2F
    69. 

  69. 	bool "U2F/FIDO support"
    70. 

  70. 	default y
    71. 

  71. 	help
    72. 

  72. 		This option itself doesn't enable any support for U2F/FIDO
    73. 

  73. 		but subordinate options do:
    74. 

  74. 

  75. 		- DROPBEAR_ECDSA_SK   - ecdsa-sk keys support
    76. 

  76. 		  depends on DROPBEAR_ECC ("Elliptic curve cryptography (ECC)")
    77. 

  77. 		- DROPBEAR_ED25519_SK - ed25519-sk keys support
    78. 

  78. 		  depends on DROPBEAR_ED25519 ("Ed25519 support")
    79. 

  79. 

  80. config DROPBEAR_ECDSA_SK
    81. 

  81. 	bool "ECDSA-SK support"
    82. 

  82. 	default y
    83. 

  83. 	depends on DROPBEAR_U2F && DROPBEAR_ECC
    84. 

  84. 	help
    85. 

  85. 		This enables the following public key algorithm:
    86. 

  86. 		  [email protected]
    87. 

  87. 

  88. config DROPBEAR_ED25519_SK
    89. 

  89. 	bool "Ed25519-SK support"
    90. 

  90. 	default y
    91. 

  91. 	depends on DROPBEAR_U2F && DROPBEAR_ED25519
    92. 

  92. 	help
    93. 

  93. 		This enables the following public key algorithm:
    94. 

  94. 		  [email protected]
    95. 

  95. 

  96. config DROPBEAR_ZLIB
    97. 

  97. 	bool "Enable compression"
    98. 

  98. 	help
    99. 

  99. 		Enables compression using shared zlib library.
    100. 

  100. 

  101. 		Increases binary size by about 0.1 kB (MIPS) and requires
    102. 

  102. 		additional 62 kB (MIPS) for a shared zlib library.
    103. 

  103. 

  104. config DROPBEAR_UTMP
    105. 

  105. 	bool "Utmp support"
    106. 

  106. 	depends on BUSYBOX_CONFIG_FEATURE_UTMP
    107. 

  107. 	help
    108. 

  108. 		This enables dropbear utmp support, the file /var/run/utmp is
    109. 

  109. 		used to track who is currently logged in.
    110. 

  110. 

  111. config DROPBEAR_PUTUTLINE
    112. 

  112. 	bool "Pututline support"
    113. 

  113. 	depends on DROPBEAR_UTMP
    114. 

  114. 	help
    115. 

  115. 		Dropbear will use pututline() to write the utmp structure into
    116. 

  116. 		the utmp file.
    117. 

  117. 

  118. config DROPBEAR_DBCLIENT
    119. 

  119. 	bool "Build dropbear with dbclient"
    120. 

  120. 	default y
    121. 

  121. 

  122. config DROPBEAR_ASKPASS
    123. 

  123. 	bool "Enable askpass helper support"
    124. 

  124. 	depends on DROPBEAR_DBCLIENT
    125. 

  125. 	help
    126. 

  126. 		This enables support for ssh-askpass helper in dropbear client
    127. 

  127. 		in order to authenticate on remote hosts.
    128. 

  128. 

  129. 		Increases binary size by about 0.1 kB (MIPS).
    130. 

  130. 

  131. config DROPBEAR_DBCLIENT_AGENTFORWARD
    132. 

  132. 	bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
    133. 

  133. 	default y
    134. 

  134. 	depends on DROPBEAR_DBCLIENT
    135. 

  135. 	help
    136. 

  136. 		Increases binary size by about 0.1 kB (MIPS).
    137. 

  137. 

  138. 		Security notes:
    139. 

  139. 

  140. 		SSH agent forwarding might cause security issues (locally and
    141. 

  141. 		on the jump machine).
    142. 

  142. 

  143. 		Hovewer, it's enabled by default for compatibility with
    144. 

  144. 		previous OpenWrt/dropbear releases.
    145. 

  145. 

  146. 		Consider DISABLING this option if you're building own OpenWrt
    147. 

  147. 		image.
    148. 

  148. 

  149. 		Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
    150. 

  150. 		server itself).
    151. 

  151. 

  152. config DROPBEAR_SCP
    153. 

  153. 	bool "Build dropbear with scp"
    154. 

  154. 	default y
    155. 

  155. 

  156. config DROPBEAR_AGENTFORWARD
    157. 

  157. 	bool "Enable agent forwarding [LEGACY/SECURITY]"
    158. 

  158. 	default y
    159. 

  159. 	help
    160. 

  160. 		Increases binary size by about 0.1 kB (MIPS).
    161. 

  161. 

  162. 		Security notes:
    163. 

  163. 

  164. 		SSH agent forwarding might cause security issues (locally and
    165. 

  165. 		on the jump machine).
    166. 

  166. 

  167. 		Hovewer, it's enabled by default for compatibility with
    168. 

  168. 		previous OpenWrt/dropbear releases.
    169. 

  169. 

  170. 		Consider DISABLING this option if you're building own OpenWrt
    171. 

  171. 		image.
    172. 

  172. 

  173. 		Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
    174. 

  174. 		dropbear client) if DROPBEAR_DBCLIENT is selected.
    175. 

  175. 

  176. config DROPBEAR_MODERN_ONLY
    177. 

  177. 	bool "Use modern crypto only [BREAKS COMPATIBILITY]"
    178. 

  178. 	select DROPBEAR_ED25519
    179. 

  179. 	select DROPBEAR_CURVE25519
    180. 

  180. 	select DROPBEAR_CHACHA20POLY1305
    181. 

  181. 	help
    182. 

  182. 		This option enables:
    183. 

  183. 		 - Chacha20-Poly1305
    184. 

  184. 		 - Curve25519
    185. 

  185. 		 - Ed25519
    186. 

  186. 		and disables:
    187. 

  187. 		 - AES
    188. 

  188. 		 - RSA
    189. 

  189. 

  190. 		Reduces binary size by about 64 kB (MIPS) from default
    191. 

  191. 		configuration.
    192. 

  192. 

  193. 		Consider enabling this option if you're building own OpenWrt
    194. 

  194. 		image and using modern SSH software everywhere.
    195. 

  195. 

  196. endmenu
    197.