Openwrt/package/dropbear/patches/120-openwrt_options.patch
John Crispin 9fd342d913 r25831 reduced the size of the dropbear executable by, among other things,
disabling support for keyboard-interactive authentication. The default
sshd configuration on Mac OS X only permits keyboard-interactive and
public-key authentication, so unless a public key is set up, the default
OpenWrt ssh client is now unable to connect to Mac OS X hosts. This patch
re-enables keyboard-interactive authentication.

In my tests, this increases the size of the stripped dropbear executable
by 416 bytes on mips and 1,104 bytes on mipsel. In my opinion, such a
small space savings isn't worthwhile when the resultant executable is
severely hamstrung.

Signed-off-by: Mark Mentovai <mark@moxienet.com>

SVN-Revision: 26390
2011-04-01 10:55:23 +00:00

68 lines
2.5 KiB
Diff

--- a/options.h
+++ b/options.h
@@ -38,7 +38,7 @@
* Both of these flags can be defined at once, don't compile without at least
* one of them. */
#define NON_INETD_MODE
-#define INETD_MODE
+/*#define INETD_MODE*/
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
* perhaps 20% slower for pubkey operations (it is probably worth experimenting
@@ -49,7 +49,7 @@
several kB in binary size however will make the symmetrical ciphers and hashes
slower, perhaps by 50%. Recommended for small systems that aren't doing
much traffic. */
-/*#define DROPBEAR_SMALL_CODE*/
+#define DROPBEAR_SMALL_CODE
/* Enable X11 Forwarding - server only */
#define ENABLE_X11FWD
@@ -78,7 +78,7 @@ much traffic. */
/* Enable "Netcat mode" option. This will forward standard input/output
* to a remote TCP-forwarded connection */
-#define ENABLE_CLI_NETCAT
+/*#define ENABLE_CLI_NETCAT*/
/* Encryption - at least one required.
* Protocol RFC requires 3DES and recommends AES128 for interoperability.
@@ -89,8 +89,8 @@ much traffic. */
#define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
/*#define DROPBEAR_BLOWFISH*/
-#define DROPBEAR_TWOFISH256
-#define DROPBEAR_TWOFISH128
+/*#define DROPBEAR_TWOFISH256
+#define DROPBEAR_TWOFISH128*/
/* Enable "Counter Mode" for ciphers. This is more secure than normal
* CBC mode against certain attacks. This adds around 1kB to binary
@@ -110,7 +110,7 @@ much traffic. */
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
* which are not the standard form. */
#define DROPBEAR_SHA1_HMAC
-#define DROPBEAR_SHA1_96_HMAC
+/*#define DROPBEAR_SHA1_96_HMAC*/
#define DROPBEAR_MD5_HMAC
/* Hostkey/public key algorithms - at least one required, these are used
@@ -148,7 +148,7 @@ much traffic. */
/* Whether to print the message of the day (MOTD). This doesn't add much code
* size */
-#define DO_MOTD
+/*#define DO_MOTD*/
/* The MOTD file path */
#ifndef MOTD_FILENAME
@@ -185,7 +185,7 @@ much traffic. */
* note that it will be provided for all "hidden" client-interactive
* style prompts - if you want something more sophisticated, use
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
+/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/
/* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
* a helper program for the ssh client. The helper program should be