mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-12-27 22:32:03 +02:00
d779c21114
r25831 reduced the size of the dropbear executable by, among other things, disabling support for keyboard-interactive authentication. The default sshd configuration on Mac OS X only permits keyboard-interactive and public-key authentication, so unless a public key is set up, the default OpenWrt ssh client is now unable to connect to Mac OS X hosts. This patch re-enables keyboard-interactive authentication. In my tests, this increases the size of the stripped dropbear executable by 416 bytes on mips and 1,104 bytes on mipsel. In my opinion, such a small space savings isn't worthwhile when the resultant executable is severely hamstrung. Signed-off-by: Mark Mentovai <mark@moxienet.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26390 3c298f89-4303-0410-b956-a3cf2f4a3e73
68 lines
2.5 KiB
Diff
68 lines
2.5 KiB
Diff
--- a/options.h
|
|
+++ b/options.h
|
|
@@ -38,7 +38,7 @@
|
|
* Both of these flags can be defined at once, don't compile without at least
|
|
* one of them. */
|
|
#define NON_INETD_MODE
|
|
-#define INETD_MODE
|
|
+/*#define INETD_MODE*/
|
|
|
|
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
|
|
* perhaps 20% slower for pubkey operations (it is probably worth experimenting
|
|
@@ -49,7 +49,7 @@
|
|
several kB in binary size however will make the symmetrical ciphers and hashes
|
|
slower, perhaps by 50%. Recommended for small systems that aren't doing
|
|
much traffic. */
|
|
-/*#define DROPBEAR_SMALL_CODE*/
|
|
+#define DROPBEAR_SMALL_CODE
|
|
|
|
/* Enable X11 Forwarding - server only */
|
|
#define ENABLE_X11FWD
|
|
@@ -78,7 +78,7 @@ much traffic. */
|
|
|
|
/* Enable "Netcat mode" option. This will forward standard input/output
|
|
* to a remote TCP-forwarded connection */
|
|
-#define ENABLE_CLI_NETCAT
|
|
+/*#define ENABLE_CLI_NETCAT*/
|
|
|
|
/* Encryption - at least one required.
|
|
* Protocol RFC requires 3DES and recommends AES128 for interoperability.
|
|
@@ -89,8 +89,8 @@ much traffic. */
|
|
#define DROPBEAR_AES256
|
|
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
|
|
/*#define DROPBEAR_BLOWFISH*/
|
|
-#define DROPBEAR_TWOFISH256
|
|
-#define DROPBEAR_TWOFISH128
|
|
+/*#define DROPBEAR_TWOFISH256
|
|
+#define DROPBEAR_TWOFISH128*/
|
|
|
|
/* Enable "Counter Mode" for ciphers. This is more secure than normal
|
|
* CBC mode against certain attacks. This adds around 1kB to binary
|
|
@@ -110,7 +110,7 @@ much traffic. */
|
|
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
|
|
* which are not the standard form. */
|
|
#define DROPBEAR_SHA1_HMAC
|
|
-#define DROPBEAR_SHA1_96_HMAC
|
|
+/*#define DROPBEAR_SHA1_96_HMAC*/
|
|
#define DROPBEAR_MD5_HMAC
|
|
|
|
/* Hostkey/public key algorithms - at least one required, these are used
|
|
@@ -148,7 +148,7 @@ much traffic. */
|
|
|
|
/* Whether to print the message of the day (MOTD). This doesn't add much code
|
|
* size */
|
|
-#define DO_MOTD
|
|
+/*#define DO_MOTD*/
|
|
|
|
/* The MOTD file path */
|
|
#ifndef MOTD_FILENAME
|
|
@@ -185,7 +185,7 @@ much traffic. */
|
|
* note that it will be provided for all "hidden" client-interactive
|
|
* style prompts - if you want something more sophisticated, use
|
|
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
|
|
-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
|
|
+/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/
|
|
|
|
/* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
|
|
* a helper program for the ssh client. The helper program should be
|