domenico/openwrt-armor-g5
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit
Some checks failed
Build Kernel / Build all affected Kernels (push) Has been cancelled
Details
Build all core packages / Build all core packages for selected target (push) Has been cancelled
Details
Build and Push prebuilt tools container / Build and Push all prebuilt containers (push) Has been cancelled
Details
Build Toolchains / Build Toolchains for each target (push) Has been cancelled
Details
Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
Details
Coverity scan build / Coverity x86/64 build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
domenico
2025-06-24 12:51:15 +02:00
commit 27c9d80f51
10493 changed files with 1885777 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
package/network/services/dropbear/Config.in Normal file
View File

@@ -0,0 +1,196 @@
menu "Configuration"
depends on PACKAGE_dropbear
config DROPBEAR_CURVE25519
bool "Curve25519 support"
default y
help
This enables the following key exchange algorithm:
curve25519-sha256@libssh.org
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
help
Enables basic support for elliptic curve cryptography (ECC)
in key exchange and public key authentication.
Key exchange algorithms:
ecdh-sha2-nistp256
Public key algorithms:
ecdsa-sha2-nistp256
Increases binary size by about 24 kB (MIPS).
Note: select DROPBEAR_ECC_FULL if full ECC support is required.
config DROPBEAR_ECC_FULL
bool "Elliptic curve cryptography (ECC), full support"
depends on DROPBEAR_ECC
help
Enables full support for elliptic curve cryptography (ECC)
in key exchange and public key authentication.
Key exchange algorithms:
ecdh-sha2-nistp256 (*)
ecdh-sha2-nistp384
ecdh-sha2-nistp521
Public key algorithms:
ecdsa-sha2-nistp256 (*)
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
(*) - basic ECC support; provided by DROPBEAR_ECC.
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ED25519
bool "Ed25519 support"
default y if !SMALL_FLASH
help
This enables the following public key algorithm:
ssh-ed25519
Increases binary size by about 12 kB (MIPS).
config DROPBEAR_CHACHA20POLY1305
bool "Chacha20-Poly1305 support"
default y
help
This enables the following authenticated encryption cipher:
chacha20-poly1305@openssh.com
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_U2F
bool "U2F/FIDO support"
default y
help
This option itself doesn't enable any support for U2F/FIDO
but subordinate options do:
- DROPBEAR_ECDSA_SK - ecdsa-sk keys support
depends on DROPBEAR_ECC ("Elliptic curve cryptography (ECC)")
- DROPBEAR_ED25519_SK - ed25519-sk keys support
depends on DROPBEAR_ED25519 ("Ed25519 support")
config DROPBEAR_ECDSA_SK
bool "ECDSA-SK support"
default y
depends on DROPBEAR_U2F && DROPBEAR_ECC
help
This enables the following public key algorithm:
sk-ecdsa-sha2-nistp256@openssh.com
config DROPBEAR_ED25519_SK
bool "Ed25519-SK support"
default y
depends on DROPBEAR_U2F && DROPBEAR_ED25519
help
This enables the following public key algorithm:
sk-ssh-ed25519@openssh.com
config DROPBEAR_ZLIB
bool "Enable compression"
help
Enables compression using shared zlib library.
Increases binary size by about 0.1 kB (MIPS) and requires
additional 62 kB (MIPS) for a shared zlib library.
config DROPBEAR_UTMP
bool "Utmp support"
depends on BUSYBOX_CONFIG_FEATURE_UTMP
help
This enables dropbear utmp support, the file /var/run/utmp is
used to track who is currently logged in.
config DROPBEAR_PUTUTLINE
bool "Pututline support"
depends on DROPBEAR_UTMP
help
Dropbear will use pututline() to write the utmp structure into
the utmp file.
config DROPBEAR_DBCLIENT
bool "Build dropbear with dbclient"
default y
config DROPBEAR_ASKPASS
bool "Enable askpass helper support"
depends on DROPBEAR_DBCLIENT
help
This enables support for ssh-askpass helper in dropbear client
in order to authenticate on remote hosts.
Increases binary size by about 0.1 kB (MIPS).
config DROPBEAR_DBCLIENT_AGENTFORWARD
bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
default y
depends on DROPBEAR_DBCLIENT
help
Increases binary size by about 0.1 kB (MIPS).
Security notes:
SSH agent forwarding might cause security issues (locally and
on the jump machine).
Hovewer, it's enabled by default for compatibility with
previous OpenWrt/dropbear releases.
Consider DISABLING this option if you're building own OpenWrt
image.
Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
server itself).
config DROPBEAR_SCP
bool "Build dropbear with scp"
default y
config DROPBEAR_AGENTFORWARD
bool "Enable agent forwarding [LEGACY/SECURITY]"
default y
help
Increases binary size by about 0.1 kB (MIPS).
Security notes:
SSH agent forwarding might cause security issues (locally and
on the jump machine).
Hovewer, it's enabled by default for compatibility with
previous OpenWrt/dropbear releases.
Consider DISABLING this option if you're building own OpenWrt
image.
Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
dropbear client) if DROPBEAR_DBCLIENT is selected.
config DROPBEAR_MODERN_ONLY
bool "Use modern crypto only [BREAKS COMPATIBILITY]"
select DROPBEAR_ED25519
select DROPBEAR_CURVE25519
select DROPBEAR_CHACHA20POLY1305
help
This option enables:
- Chacha20-Poly1305
- Curve25519
- Ed25519
and disables:
- AES
- RSA
Reduces binary size by about 64 kB (MIPS) from default
configuration.
Consider enabling this option if you're building own OpenWrt
image and using modern SSH software everywhere.
endmenu