26708469ad
As discussed in https://patchwork.ozlabs.org/patch/1104071/, this commit adds a new option that allows the user to provide a file that contains custom definitions to tweak the Dropbear configuration. It will be appended to Dropbear's localoptions.h file before the build. The patch was tested successfully with the DO_MOTD option. Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> [Thomas: tweak commit log, rename config option.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
77 lines
2.3 KiB
Plaintext
77 lines
2.3 KiB
Plaintext
config BR2_PACKAGE_DROPBEAR
|
|
bool "dropbear"
|
|
select BR2_PACKAGE_ZLIB if !BR2_PACKAGE_DROPBEAR_SMALL
|
|
select BR2_PACKAGE_LIBTOMCRYPT if !BR2_PACKAGE_DROPBEAR_SMALL
|
|
help
|
|
A small SSH 2 server designed for small memory environments.
|
|
|
|
Note that dropbear requires a per-device unique host key. The
|
|
key will be generated when dropbear starts, but it is not
|
|
persistent over reboot (if you have a read-only rootfs) or
|
|
upgrade (if you have a read-write rootfs). To make the key
|
|
persistent, replace /etc/dropbear with a symlink to a
|
|
directory on a persistent, writeable filesystem.
|
|
Alternatively, mount a persistent unionfs over your root
|
|
filesystem.
|
|
|
|
https://matt.ucc.asn.au/dropbear/dropbear.html
|
|
|
|
if BR2_PACKAGE_DROPBEAR
|
|
|
|
config BR2_PACKAGE_DROPBEAR_CLIENT
|
|
bool "client programs"
|
|
default y
|
|
help
|
|
Provides the programs: dbclient, ssh
|
|
|
|
Note that the following programs are also used server-side
|
|
and are therefore always build regardless this setting:
|
|
dropbear, dropbearkey, dropbearconvert, scp
|
|
|
|
config BR2_PACKAGE_DROPBEAR_DISABLE_REVERSEDNS
|
|
bool "disable reverse DNS lookups"
|
|
help
|
|
Disable reverse DNS lookups on connection. This can be handy
|
|
on systems without working DNS, as connections otherwise
|
|
stall until DNS times out.
|
|
|
|
config BR2_PACKAGE_DROPBEAR_SMALL
|
|
bool "optimize for size"
|
|
default y
|
|
help
|
|
Compile dropbear for the smallest possible binary size.
|
|
|
|
Tradeoffs are slower hashes and ciphers, and disabling of the
|
|
blowfish cipher and zlib.
|
|
|
|
config BR2_PACKAGE_DROPBEAR_WTMP
|
|
bool "log dropbear access to wtmp"
|
|
help
|
|
Enable logging of dropbear access to wtmp. Notice that
|
|
Buildroot does not generate wtmp by default.
|
|
|
|
config BR2_PACKAGE_DROPBEAR_LASTLOG
|
|
bool "log dropbear access to lastlog"
|
|
help
|
|
Enable logging of dropbear access to lastlog. Notice that
|
|
Buildroot does not generate lastlog by default.
|
|
|
|
config BR2_PACKAGE_DROPBEAR_LEGACY_CRYPTO
|
|
bool "enable legacy crypto"
|
|
help
|
|
Enable legacy and possibly insecure algorithms:
|
|
3DES encryption
|
|
SHA1-96 message integrity
|
|
CBC encryption mode
|
|
DSA public keys
|
|
Diffie-Hellman Group1 key exchange
|
|
|
|
config BR2_PACKAGE_DROPBEAR_LOCALOPTIONS_FILE
|
|
string "path to custom localoptions.h definitions file"
|
|
help
|
|
Path to a file whose contents will be appended to Dropbear
|
|
localoptions.h. It can be used to tweak the Dropbear
|
|
configuration.
|
|
|
|
endif
|