package/network/services/dropbear/Config.in

   1 menu "Configuration"
   2         depends on PACKAGE_dropbear
   3
   4 config DROPBEAR_CURVE25519
   5         bool "Curve25519 support"
   6         default y
   7         help
   8                 This enables the following key exchange algorithm:
   9                   curve25519-sha256@libssh.org
  10
  11                 Increases binary size by about 4 kB (MIPS).
  12
  13 config DROPBEAR_ECC
  14         bool "Elliptic curve cryptography (ECC)"
  15         help
  16                 Enables basic support for elliptic curve cryptography (ECC)
  17                 in key exchange and public key authentication.
  18
  19                 Key exchange algorithms:
  20                   ecdh-sha2-nistp256
  21
  22                 Public key algorithms:
  23                   ecdsa-sha2-nistp256
  24
  25                 Increases binary size by about 24 kB (MIPS).
  26
  27                 Note: select DROPBEAR_ECC_FULL if full ECC support is required.
  28
  29 config DROPBEAR_ECC_FULL
  30         bool "Elliptic curve cryptography (ECC), full support"
  31         depends on DROPBEAR_ECC
  32         help
  33                 Enables full support for elliptic curve cryptography (ECC)
  34                 in key exchange and public key authentication.
  35
  36                 Key exchange algorithms:
  37                   ecdh-sha2-nistp256 (*)
  38                   ecdh-sha2-nistp384
  39                   ecdh-sha2-nistp521
  40
  41                 Public key algorithms:
  42                   ecdsa-sha2-nistp256 (*)
  43                   ecdsa-sha2-nistp384
  44                   ecdsa-sha2-nistp521
  45
  46                 (*) - basic ECC support; provided by DROPBEAR_ECC.
  47
  48                 Increases binary size by about 4 kB (MIPS).
  49
  50 config DROPBEAR_ED25519
  51         bool "Ed25519 support"
  52         default y if !SMALL_FLASH
  53         help
  54                 This enables the following public key algorithm:
  55                   ssh-ed25519
  56
  57                 Increases binary size by about 12 kB (MIPS).
  58
  59 config DROPBEAR_CHACHA20POLY1305
  60         bool "Chacha20-Poly1305 support"
  61         default y
  62         help
  63                 This enables the following authenticated encryption cipher:
  64                   chacha20-poly1305@openssh.com
  65
  66                 Increases binary size by about 4 kB (MIPS).
  67
  68 config DROPBEAR_ZLIB
  69         bool "Enable compression"
  70         help
  71                 Enables compression using shared zlib library.
  72
  73                 Increases binary size by about 0.1 kB (MIPS) and requires
  74                 additional 62 kB (MIPS) for a shared zlib library.
  75
  76 config DROPBEAR_UTMP
  77         bool "Utmp support"
  78         depends on BUSYBOX_CONFIG_FEATURE_UTMP
  79         help
  80                 This enables dropbear utmp support, the file /var/run/utmp is
  81                 used to track who is currently logged in.
  82
  83 config DROPBEAR_PUTUTLINE
  84         bool "Pututline support"
  85         depends on DROPBEAR_UTMP
  86         help
  87                 Dropbear will use pututline() to write the utmp structure into
  88                 the utmp file.
  89
  90 config DROPBEAR_DBCLIENT
  91         bool "Build dropbear with dbclient"
  92         default y
  93
  94 config DROPBEAR_DBCLIENT_AGENTFORWARD
  95         bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
  96         default y
  97         depends on DROPBEAR_DBCLIENT
  98         help
  99                 Increases binary size by about 0.1 kB (MIPS).
 100
 101                 Security notes:
 102
 103                 SSH agent forwarding might cause security issues (locally and
 104                 on the jump machine).
 105
 106                 Hovewer, it's enabled by default for compatibility with
 107                 previous OpenWrt/dropbear releases.
 108
 109                 Consider DISABLING this option if you're building own OpenWrt
 110                 image.
 111
 112                 Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
 113                 server itself).
 114
 115 config DROPBEAR_SCP
 116         bool "Build dropbear with scp"
 117         default y
 118
 119 config DROPBEAR_ASKPASS
 120         bool "Enable askpass helper support"
 121         depends on DROPBEAR_DBCLIENT
 122         help
 123                 This enables support for ssh-askpass helper in dropbear client
 124                 in order to authenticate on remote hosts.
 125
 126                 Increases binary size by about 0.1 kB (MIPS).
 127
 128 config DROPBEAR_AGENTFORWARD
 129         bool "Enable agent forwarding [LEGACY/SECURITY]"
 130         default y
 131         help
 132                 Increases binary size by about 0.1 kB (MIPS).
 133
 134                 Security notes:
 135
 136                 SSH agent forwarding might cause security issues (locally and
 137                 on the jump machine).
 138
 139                 Hovewer, it's enabled by default for compatibility with
 140                 previous OpenWrt/dropbear releases.
 141
 142                 Consider DISABLING this option if you're building own OpenWrt
 143                 image.
 144
 145                 Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
 146                 dropbear client) if DROPBEAR_DBCLIENT is selected.
 147
 148 endmenu