diff options
author | Matt Johnston <matt@ucc.asn.au> | 2012-05-17 08:33:11 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2012-05-17 08:33:11 +0800 |
commit | a02d38072a9172980c5af78e7d0f236868684ebd (patch) | |
tree | d7de0c63796eb2d6205e032e81e4ac4e808c50d4 /options.h | |
parent | f2cd610750c62c90020e2b14d167ba25d4c2eab3 (diff) |
Add ALLOW_NONE_PASSWORD_AUTH option
--HG--
branch : insecure-nocrypto
Diffstat (limited to 'options.h')
-rw-r--r-- | options.h | 12 |
1 files changed, 5 insertions, 7 deletions
@@ -103,15 +103,13 @@ much traffic. */ /* You can compile with no encryption if you want. In some circumstances * this could be safe security-wise, though make sure you know what * you're doing. Anyone can see everything that goes over the wire, so - * the only safe auth method is public key. You'll have to disable all other - * ciphers above in the client if you want to use this, or implement cipher - * prioritisation in cli-runopts. - * - * The best way to do things is probably make normal compile of dropbear with - * all ciphers including "none" as the server, then recompile a special - * "dbclient-insecure" client. */ + * the only safe auth method is public key. */ #define DROPBEAR_NONE_CIPHER +/* Define this to allow password authentication even when no encryption + * is being used. This can be unsafe */ +#define ALLOW_NONE_PASSWORD_AUTH + /* Message Integrity - at least one required. * Protocol RFC requires sha1 and recommends sha1-96. * sha1-96 is of use for slow links as it has a smaller overhead. |