Disable telnet in favor of passwordless SSH

[openwrt/staging/yousong.git] / package / network / services / dropbear / patches / 120-openwrt_options.patch

diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch
index 42204aa646a0d5d8be9715354a5cc605dd365430..805a0964abc5ef9a8d9e3c4c7224c92cb4536ee2 100644 (file)
--- a/package/network/services/dropbear/patches/120-openwrt_options.patch
+++ b/package/network/services/dropbear/patches/120-openwrt_options.patch
@@ -1,6 +1,6 @@
 --- a/options.h
 +++ b/options.h
-@@ -38,7 +38,7 @@
+@@ -41,7 +41,7 @@
   * Both of these flags can be defined at once, don't compile without at least
   * one of them. */
  #define NON_INETD_MODE
@@ -9,45 +9,40 @@
  
  /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
   * perhaps 20% slower for pubkey operations (it is probably worth experimenting
-@@ -49,7 +49,7 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
--/*#define DROPBEAR_SMALL_CODE*/
-+#define DROPBEAR_SMALL_CODE
- 
- /* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
-@@ -78,7 +78,7 @@ much traffic. */
+@@ -81,7 +81,7 @@ much traffic. */
  
  /* Enable "Netcat mode" option. This will forward standard input/output
   * to a remote TCP-forwarded connection */
 -#define ENABLE_CLI_NETCAT
 +/*#define ENABLE_CLI_NETCAT*/
  
- /* Encryption - at least one required.
-  * Protocol RFC requires 3DES and recommends AES128 for interoperability.
-@@ -89,8 +89,8 @@ much traffic. */
+ /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
+ #define ENABLE_USER_ALGO_LIST
+@@ -95,8 +95,8 @@ much traffic. */
  #define DROPBEAR_AES256
  /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
  /*#define DROPBEAR_BLOWFISH*/
 -#define DROPBEAR_TWOFISH256
 -#define DROPBEAR_TWOFISH128
-+/*#define DROPBEAR_TWOFISH256
-+#define DROPBEAR_TWOFISH128*/
++/*#define DROPBEAR_TWOFISH256*/
++/*#define DROPBEAR_TWOFISH128*/
  
- /* Enable "Counter Mode" for ciphers. This is more secure than normal
-  * CBC mode against certain attacks. This adds around 1kB to binary 
-@@ -110,7 +110,7 @@ much traffic. */
+ /* Enable CBC mode for ciphers. This has security issues though
+  * is the most compatible with older SSH implementations */
+@@ -131,9 +131,9 @@ If you test it please contact the Dropbe
   * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
   * which are not the standard form. */
  #define DROPBEAR_SHA1_HMAC
 -#define DROPBEAR_SHA1_96_HMAC
+-#define DROPBEAR_SHA2_256_HMAC
+-#define DROPBEAR_SHA2_512_HMAC
 +/*#define DROPBEAR_SHA1_96_HMAC*/
++/*#define DROPBEAR_SHA2_256_HMAC*/
++/*#define DROPBEAR_SHA2_512_HMAC*/
  #define DROPBEAR_MD5_HMAC
  
- /* Hostkey/public key algorithms - at least one required, these are used
-@@ -148,7 +148,7 @@ much traffic. */
+ /* You can also disable integrity. Don't bother disabling this if you're
+@@ -189,7 +189,7 @@ If you test it please contact the Dropbe
  
  /* Whether to print the message of the day (MOTD). This doesn't add much code
   * size */
@@ -56,7 +51,7 @@
  
  /* The MOTD file path */
  #ifndef MOTD_FILENAME
-@@ -192,7 +192,7 @@ much traffic. */
+@@ -231,7 +231,7 @@ Homedir is prepended unless path begins
   * note that it will be provided for all "hidden" client-interactive
   * style prompts - if you want something more sophisticated, use 
   * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/