projects / openwrt / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 88a2ea4)
dropbear: add config options for agent-forwarding support
authorSven Roederer <devel-sven@geroedel.de>
Thu, 15 Jul 2021 22:44:53 +0000 (00:44 +0200)
committerChristian Lamparter <chunkeey@gmail.com>
Sat, 30 Oct 2021 14:32:54 +0000 (16:32 +0200)
* SSH agent forwarding might cause security issues, locally and on the jump
  machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to
  completely disabling it.
* separate options for client and server
* keep it enabled by default

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
package/network/services/dropbear/Config.in patch | blob | history
package/network/services/dropbear/Makefile patch | blob | history

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index 15000eff53e4f8bc388fdcaa1c252b78429c662c..d4644fc88f9582f4caa4e7915cc8ffd4992c3cea 100644 (file)
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -95,6 +95,11 @@ config DROPBEAR_DBCLIENT
        bool "Build dropbear with dbclient"
        default y
 
+config DROPBEAR_DBCLIENT_AGENTFORWARD
+       bool "Enable agent forwarding in dbclient"
+       default y
+       depends on DROPBEAR_DBCLIENT
+
 config DROPBEAR_SCP
        bool "Build dropbear with scp"
        default y
@@ -109,4 +114,8 @@ config DROPBEAR_ASKPASS
 
                Increases binary size by about 0.1 kB (MIPS).
 
+config DROPBEAR_AGENTFORWARD
+       bool "Enable agent forwarding"
+       default y
+
 endmenu
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 7fb4b7f123f6e18f517da11e09b119e16455174e..d518de3f702463934fb8ea4ae31cdbd738a0af46 100644 (file)
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -32,7 +32,8 @@ PKG_CONFIG_DEPENDS:= \
        CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
        CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
        CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
-       CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS
+       CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \
+       CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD CONFIG_DROPBEAR_AGENTFORWARD
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -135,6 +136,8 @@ DB_OPT_CONFIG = \
        !!DROPBEAR_ECC_384|CONFIG_DROPBEAR_ECC_FULL|1|0 \
        !!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \
        DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \
+       DROPBEAR_CLI_AGENTFWD|CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD|1|0 \
+       DROPBEAR_SVR_AGENTFWD|CONFIG_DROPBEAR_AGENTFORWARD|1|0 \
 
 
 TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto
OpenWrt Source Repository