- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
help
Enables basic support for elliptic curve cryptography (ECC)
in key exchange and public key authentication.
help
Enables basic support for elliptic curve cryptography (ECC)
in key exchange and public key authentication.
Increases binary size by about 24 kB (MIPS).
Increases binary size by about 24 kB (MIPS).
- If full ECC support is required, also select DROPBEAR_ECC_FULL.
+ Note: select DROPBEAR_ECC_FULL if full ECC support is required.
config DROPBEAR_ECC_FULL
bool "Elliptic curve cryptography (ECC), full support"
config DROPBEAR_ECC_FULL
bool "Elliptic curve cryptography (ECC), full support"
depends on DROPBEAR_ECC
help
Enables full support for elliptic curve cryptography (ECC)
depends on DROPBEAR_ECC
help
Enables full support for elliptic curve cryptography (ECC)
config DROPBEAR_ZLIB
bool "Enable compression"
config DROPBEAR_ZLIB
bool "Enable compression"
help
Enables compression using shared zlib library.
help
Enables compression using shared zlib library.
- Increases binary size by about 0.1 kB (MIPS) and requires additional 62 kB (MIPS)
- for a shared zlib library.
+ Increases binary size by about 0.1 kB (MIPS) and requires
+ additional 62 kB (MIPS) for a shared zlib library.
config DROPBEAR_UTMP
bool "Utmp support"
config DROPBEAR_UTMP
bool "Utmp support"
depends on BUSYBOX_CONFIG_FEATURE_UTMP
help
depends on BUSYBOX_CONFIG_FEATURE_UTMP
help
- This enables dropbear utmp support, the file /var/run/utmp is used to
- track who is currently logged in.
+ This enables dropbear utmp support, the file /var/run/utmp is
+ used to track who is currently logged in.
config DROPBEAR_PUTUTLINE
bool "Pututline support"
config DROPBEAR_PUTUTLINE
bool "Pututline support"
depends on DROPBEAR_UTMP
help
depends on DROPBEAR_UTMP
help
- Dropbear will use pututline() to write the utmp structure into the utmp file.
+ Dropbear will use pututline() to write the utmp structure into
+ the utmp file.
config DROPBEAR_DBCLIENT
bool "Build dropbear with dbclient"
default y
config DROPBEAR_DBCLIENT_AGENTFORWARD
config DROPBEAR_DBCLIENT
bool "Build dropbear with dbclient"
default y
config DROPBEAR_DBCLIENT_AGENTFORWARD
- bool "Enable agent forwarding in dbclient"
+ bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
default y
depends on DROPBEAR_DBCLIENT
default y
depends on DROPBEAR_DBCLIENT
+ help
+ Increases binary size by about 0.1 kB (MIPS).
+
+ Security notes:
+
+ SSH agent forwarding might cause security issues (locally and
+ on the jump machine).
+
+ Hovewer, it's enabled by default for compatibility with
+ previous OpenWrt/dropbear releases.
+
+ Consider DISABLING this option if you're building own OpenWrt
+ image.
+
+ Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
+ server itself).
config DROPBEAR_SCP
bool "Build dropbear with scp"
config DROPBEAR_SCP
bool "Build dropbear with scp"
config DROPBEAR_ASKPASS
bool "Enable askpass helper support"
config DROPBEAR_ASKPASS
bool "Enable askpass helper support"
depends on DROPBEAR_DBCLIENT
help
This enables support for ssh-askpass helper in dropbear client
depends on DROPBEAR_DBCLIENT
help
This enables support for ssh-askpass helper in dropbear client
Increases binary size by about 0.1 kB (MIPS).
config DROPBEAR_AGENTFORWARD
Increases binary size by about 0.1 kB (MIPS).
config DROPBEAR_AGENTFORWARD
- bool "Enable agent forwarding"
+ bool "Enable agent forwarding [LEGACY/SECURITY]"
+ help
+ Increases binary size by about 0.1 kB (MIPS).
+
+ Security notes:
+
+ SSH agent forwarding might cause security issues (locally and
+ on the jump machine).
+
+ Hovewer, it's enabled by default for compatibility with
+ previous OpenWrt/dropbear releases.
+
+ Consider DISABLING this option if you're building own OpenWrt
+ image.
+
+ Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
+ dropbear client) if DROPBEAR_DBCLIENT is selected.
projects / openwrt / staging / jow.git / commitdiff