2 depends on PACKAGE_dropbear
4 config DROPBEAR_CURVE25519
5 bool "Curve25519 support"
8 This enables the following key exchange algorithm:
9 curve25519-sha256@libssh.org
11 Increases binary size by about 4 kB (MIPS).
14 bool "Elliptic curve cryptography (ECC)"
16 Enables basic support for elliptic curve cryptography (ECC)
17 in key exchange and public key authentication.
19 Key exchange algorithms:
22 Public key algorithms:
25 Increases binary size by about 24 kB (MIPS).
27 Note: select DROPBEAR_ECC_FULL if full ECC support is required.
29 config DROPBEAR_ECC_FULL
30 bool "Elliptic curve cryptography (ECC), full support"
31 depends on DROPBEAR_ECC
33 Enables full support for elliptic curve cryptography (ECC)
34 in key exchange and public key authentication.
36 Key exchange algorithms:
37 ecdh-sha2-nistp256 (*)
41 Public key algorithms:
42 ecdsa-sha2-nistp256 (*)
46 (*) - basic ECC support; provided by DROPBEAR_ECC.
48 Increases binary size by about 4 kB (MIPS).
50 config DROPBEAR_ED25519
51 bool "Ed25519 support"
52 default y if !SMALL_FLASH
54 This enables the following public key algorithm:
57 Increases binary size by about 12 kB (MIPS).
59 config DROPBEAR_CHACHA20POLY1305
60 bool "Chacha20-Poly1305 support"
63 This enables the following authenticated encryption cipher:
64 chacha20-poly1305@openssh.com
66 Increases binary size by about 4 kB (MIPS).
69 bool "Enable compression"
71 Enables compression using shared zlib library.
73 Increases binary size by about 0.1 kB (MIPS) and requires
74 additional 62 kB (MIPS) for a shared zlib library.
78 depends on BUSYBOX_CONFIG_FEATURE_UTMP
80 This enables dropbear utmp support, the file /var/run/utmp is
81 used to track who is currently logged in.
83 config DROPBEAR_PUTUTLINE
84 bool "Pututline support"
85 depends on DROPBEAR_UTMP
87 Dropbear will use pututline() to write the utmp structure into
90 config DROPBEAR_DBCLIENT
91 bool "Build dropbear with dbclient"
94 config DROPBEAR_DBCLIENT_AGENTFORWARD
95 bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
97 depends on DROPBEAR_DBCLIENT
99 Increases binary size by about 0.1 kB (MIPS).
103 SSH agent forwarding might cause security issues (locally and
104 on the jump machine).
106 Hovewer, it's enabled by default for compatibility with
107 previous OpenWrt/dropbear releases.
109 Consider DISABLING this option if you're building own OpenWrt
112 Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
116 bool "Build dropbear with scp"
119 config DROPBEAR_ASKPASS
120 bool "Enable askpass helper support"
121 depends on DROPBEAR_DBCLIENT
123 This enables support for ssh-askpass helper in dropbear client
124 in order to authenticate on remote hosts.
126 Increases binary size by about 0.1 kB (MIPS).
128 config DROPBEAR_AGENTFORWARD
129 bool "Enable agent forwarding [LEGACY/SECURITY]"
132 Increases binary size by about 0.1 kB (MIPS).
136 SSH agent forwarding might cause security issues (locally and
137 on the jump machine).
139 Hovewer, it's enabled by default for compatibility with
140 previous OpenWrt/dropbear releases.
142 Consider DISABLING this option if you're building own OpenWrt
145 Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
146 dropbear client) if DROPBEAR_DBCLIENT is selected.
148 config DROPBEAR_MODERN_ONLY
149 bool "Use modern crypto only [BREAKS COMPATIBILITY]"
150 select DROPBEAR_ED25519
151 select DROPBEAR_CURVE25519
152 select DROPBEAR_CHACHA20POLY1305
163 Reduces binary size by about 64 kB (MIPS) from default
166 Consider enabling this option if you're building own OpenWrt
167 image and using modern SSH software everywhere.