config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
- default n
help
Enables basic support for elliptic curve cryptography (ECC)
in key exchange and public key authentication.
Increases binary size by about 24 kB (MIPS).
- If full ECC support is required, also select DROPBEAR_ECC_FULL.
+ Note: select DROPBEAR_ECC_FULL if full ECC support is required.
config DROPBEAR_ECC_FULL
bool "Elliptic curve cryptography (ECC), full support"
- default n
depends on DROPBEAR_ECC
help
Enables full support for elliptic curve cryptography (ECC)
config DROPBEAR_ZLIB
bool "Enable compression"
- default n
help
Enables compression using shared zlib library.
- Increases binary size by about 0.1 kB (MIPS) and requires additional 62 kB (MIPS)
- for a shared zlib library.
+ Increases binary size by about 0.1 kB (MIPS) and requires
+ additional 62 kB (MIPS) for a shared zlib library.
config DROPBEAR_UTMP
bool "Utmp support"
- default n
depends on BUSYBOX_CONFIG_FEATURE_UTMP
help
- This enables dropbear utmp support, the file /var/run/utmp is used to
- track who is currently logged in.
+ This enables dropbear utmp support, the file /var/run/utmp is
+ used to track who is currently logged in.
config DROPBEAR_PUTUTLINE
bool "Pututline support"
- default n
depends on DROPBEAR_UTMP
help
- Dropbear will use pututline() to write the utmp structure into the utmp file.
+ Dropbear will use pututline() to write the utmp structure into
+ the utmp file.
config DROPBEAR_DBCLIENT
bool "Build dropbear with dbclient"
default y
config DROPBEAR_DBCLIENT_AGENTFORWARD
- bool "Enable agent forwarding in dbclient"
+ bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
default y
depends on DROPBEAR_DBCLIENT
+ help
+ Increases binary size by about 0.1 kB (MIPS).
+
+ Security notes:
+
+ SSH agent forwarding might cause security issues (locally and
+ on the jump machine).
+
+ Hovewer, it's enabled by default for compatibility with
+ previous OpenWrt/dropbear releases.
+
+ Consider DISABLING this option if you're building own OpenWrt
+ image.
+
+ Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
+ server itself).
config DROPBEAR_SCP
bool "Build dropbear with scp"
config DROPBEAR_ASKPASS
bool "Enable askpass helper support"
- default n
depends on DROPBEAR_DBCLIENT
help
This enables support for ssh-askpass helper in dropbear client
Increases binary size by about 0.1 kB (MIPS).
config DROPBEAR_AGENTFORWARD
- bool "Enable agent forwarding"
+ bool "Enable agent forwarding [LEGACY/SECURITY]"
default y
+ help
+ Increases binary size by about 0.1 kB (MIPS).
+
+ Security notes:
+
+ SSH agent forwarding might cause security issues (locally and
+ on the jump machine).
+
+ Hovewer, it's enabled by default for compatibility with
+ previous OpenWrt/dropbear releases.
+
+ Consider DISABLING this option if you're building own OpenWrt
+ image.
+
+ Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
+ dropbear client) if DROPBEAR_DBCLIENT is selected.
endmenu