From: Sven Roederer Date: Thu, 15 Jul 2021 22:44:53 +0000 (+0200) Subject: dropbear: add config options for agent-forwarding support X-Git-Tag: v22.03.0-rc1~1422 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=5287defa1fa47a037ba29b653c4599ee145a7e03;p=openwrt%2Fstaging%2Fhauke.git dropbear: add config options for agent-forwarding support * SSH agent forwarding might cause security issues, locally and on the jump machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to completely disabling it. * separate options for client and server * keep it enabled by default Signed-off-by: Sven Roederer --- diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index 15000eff53..d4644fc88f 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -95,6 +95,11 @@ config DROPBEAR_DBCLIENT bool "Build dropbear with dbclient" default y +config DROPBEAR_DBCLIENT_AGENTFORWARD + bool "Enable agent forwarding in dbclient" + default y + depends on DROPBEAR_DBCLIENT + config DROPBEAR_SCP bool "Build dropbear with scp" default y @@ -109,4 +114,8 @@ config DROPBEAR_ASKPASS Increases binary size by about 0.1 kB (MIPS). +config DROPBEAR_AGENTFORWARD + bool "Enable agent forwarding" + default y + endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 7fb4b7f123..d518de3f70 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -32,7 +32,8 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \ CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \ CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \ - CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS + CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \ + CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD CONFIG_DROPBEAR_AGENTFORWARD include $(INCLUDE_DIR)/package.mk @@ -135,6 +136,8 @@ DB_OPT_CONFIG = \ !!DROPBEAR_ECC_384|CONFIG_DROPBEAR_ECC_FULL|1|0 \ !!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \ DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \ + DROPBEAR_CLI_AGENTFWD|CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD|1|0 \ + DROPBEAR_SVR_AGENTFWD|CONFIG_DROPBEAR_AGENTFORWARD|1|0 \ TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto