2 depends on PACKAGE_dropbear
4 config DROPBEAR_CURVE25519
5 bool "Curve25519 support"
8 This enables the following key exchange algorithm:
9 curve25519-sha256@libssh.org
11 Increases binary size by about 4 kB (MIPS).
14 bool "Elliptic curve cryptography (ECC)"
16 Enables basic support for elliptic curve cryptography (ECC)
17 in key exchange and public key authentication.
19 Key exchange algorithms:
22 Public key algorithms:
25 Increases binary size by about 24 kB (MIPS).
27 Note: select DROPBEAR_ECC_FULL if full ECC support is required.
29 config DROPBEAR_ECC_FULL
30 bool "Elliptic curve cryptography (ECC), full support"
31 depends on DROPBEAR_ECC
33 Enables full support for elliptic curve cryptography (ECC)
34 in key exchange and public key authentication.
36 Key exchange algorithms:
37 ecdh-sha2-nistp256 (*)
41 Public key algorithms:
42 ecdsa-sha2-nistp256 (*)
46 (*) - basic ECC support; provided by DROPBEAR_ECC.
48 Increases binary size by about 4 kB (MIPS).
50 config DROPBEAR_ED25519
51 bool "Ed25519 support"
52 default y if !SMALL_FLASH
54 This enables the following public key algorithm:
57 Increases binary size by about 12 kB (MIPS).
59 config DROPBEAR_CHACHA20POLY1305
60 bool "Chacha20-Poly1305 support"
63 This enables the following authenticated encryption cipher:
64 chacha20-poly1305@openssh.com
66 Increases binary size by about 4 kB (MIPS).
69 bool "U2F/FIDO support"
72 This option itself doesn't enable any support for U2F/FIDO
73 but subordinate options do:
75 - DROPBEAR_ECDSA_SK - ecdsa-sk keys support
76 depends on DROPBEAR_ECC ("Elliptic curve cryptography (ECC)")
77 - DROPBEAR_ED25519_SK - ed25519-sk keys support
78 depends on DROPBEAR_ED25519 ("Ed25519 support")
80 config DROPBEAR_ECDSA_SK
81 bool "ECDSA-SK support"
83 depends on DROPBEAR_U2F && DROPBEAR_ECC
85 This enables the following public key algorithm:
86 sk-ecdsa-sha2-nistp256@openssh.com
88 config DROPBEAR_ED25519_SK
89 bool "Ed25519-SK support"
91 depends on DROPBEAR_U2F && DROPBEAR_ED25519
93 This enables the following public key algorithm:
94 sk-ssh-ed25519@openssh.com
97 bool "Enable compression"
99 Enables compression using shared zlib library.
101 Increases binary size by about 0.1 kB (MIPS) and requires
102 additional 62 kB (MIPS) for a shared zlib library.
106 depends on BUSYBOX_CONFIG_FEATURE_UTMP
108 This enables dropbear utmp support, the file /var/run/utmp is
109 used to track who is currently logged in.
111 config DROPBEAR_PUTUTLINE
112 bool "Pututline support"
113 depends on DROPBEAR_UTMP
115 Dropbear will use pututline() to write the utmp structure into
118 config DROPBEAR_DBCLIENT
119 bool "Build dropbear with dbclient"
122 config DROPBEAR_ASKPASS
123 bool "Enable askpass helper support"
124 depends on DROPBEAR_DBCLIENT
126 This enables support for ssh-askpass helper in dropbear client
127 in order to authenticate on remote hosts.
129 Increases binary size by about 0.1 kB (MIPS).
131 config DROPBEAR_DBCLIENT_AGENTFORWARD
132 bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
134 depends on DROPBEAR_DBCLIENT
136 Increases binary size by about 0.1 kB (MIPS).
140 SSH agent forwarding might cause security issues (locally and
141 on the jump machine).
143 Hovewer, it's enabled by default for compatibility with
144 previous OpenWrt/dropbear releases.
146 Consider DISABLING this option if you're building own OpenWrt
149 Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
153 bool "Build dropbear with scp"
156 config DROPBEAR_AGENTFORWARD
157 bool "Enable agent forwarding [LEGACY/SECURITY]"
160 Increases binary size by about 0.1 kB (MIPS).
164 SSH agent forwarding might cause security issues (locally and
165 on the jump machine).
167 Hovewer, it's enabled by default for compatibility with
168 previous OpenWrt/dropbear releases.
170 Consider DISABLING this option if you're building own OpenWrt
173 Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
174 dropbear client) if DROPBEAR_DBCLIENT is selected.
176 config DROPBEAR_MODERN_ONLY
177 bool "Use modern crypto only [BREAKS COMPATIBILITY]"
178 select DROPBEAR_ED25519
179 select DROPBEAR_CURVE25519
180 select DROPBEAR_CHACHA20POLY1305
191 Reduces binary size by about 64 kB (MIPS) from default
194 Consider enabling this option if you're building own OpenWrt
195 image and using modern SSH software everywhere.