diff options
author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-06-01 17:44:10 (EDT) |
---|---|---|
committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-06-01 17:44:10 (EDT) |
commit | ddc7c8fb8a37b64ef5c94c0f873fe48a71512d4a (patch) | |
tree | 39d915ad43db8a1b59567982bcaa2c0187841f53 /localoptions.h | |
parent | 22f788e92e1485cc2109dc0ee1567a21a1490e08 (diff) |
localoptions.h: New file
Diffstat (limited to 'localoptions.h')
-rw-r--r-- | localoptions.h | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/localoptions.h b/localoptions.h new file mode 100644 index 0000000..941863a --- /dev/null +++ b/localoptions.h @@ -0,0 +1,24 @@ +/* Non-inetd mode enables protections like MAX_UNAUTH_PER_IP and + * MAX_AUTH_CLIENTS. */ +#define INETD_MODE 0 + +/* ProteanOS will likely never have X11. */ +#define DROPBEAR_X11FWD 0 + +/* Disable weak algorithms. Most if not all of these are removed from newer + * OpenSSH versions, but Dropbear leaves them enabled by default(!). */ +#define DROPBEAR_3DES 0 /* Triple DES cipher */ +#define DROPBEAR_ENABLE_CBC_MODE 0 /* CBC block cipher mode */ +#define DROPBEAR_SHA1_HMAC 0 /* SHA-1 message hashing */ +#define DROPBEAR_SHA1_96_HMAC 0 /* SHA-1 message hashing */ +#define DROPBEAR_DSS 0 /* 1024-bit DSA keys */ +#define DROPBEAR_DH_GROUP1 0 /* 1024-bit SHA-1 key exchange */ + +/* Send beautiful ASCII art from "/etc/motd". */ +#define DO_MOTD 1 + +/* Disable server password authentication, requiring public keys instead. */ +#define DROPBEAR_SVR_PASSWORD_AUTH 0 + +/* Disable use of an SFTP server (not provided by Dropbear). */ +#define DROPBEAR_SFTPSERVER 0 |