summaryrefslogtreecommitdiffhomepage
path: root/options.h
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2012-05-17 08:33:11 +0800
committerMatt Johnston <matt@ucc.asn.au>2012-05-17 08:33:11 +0800
commita02d38072a9172980c5af78e7d0f236868684ebd (patch)
treed7de0c63796eb2d6205e032e81e4ac4e808c50d4 /options.h
parentf2cd610750c62c90020e2b14d167ba25d4c2eab3 (diff)
Add ALLOW_NONE_PASSWORD_AUTH option
--HG-- branch : insecure-nocrypto
Diffstat (limited to 'options.h')
-rw-r--r--options.h12
1 files changed, 5 insertions, 7 deletions
diff --git a/options.h b/options.h
index ecbae05..e3cdcf3 100644
--- a/options.h
+++ b/options.h
@@ -103,15 +103,13 @@ much traffic. */
/* You can compile with no encryption if you want. In some circumstances
* this could be safe security-wise, though make sure you know what
* you're doing. Anyone can see everything that goes over the wire, so
- * the only safe auth method is public key. You'll have to disable all other
- * ciphers above in the client if you want to use this, or implement cipher
- * prioritisation in cli-runopts.
- *
- * The best way to do things is probably make normal compile of dropbear with
- * all ciphers including "none" as the server, then recompile a special
- * "dbclient-insecure" client. */
+ * the only safe auth method is public key. */
#define DROPBEAR_NONE_CIPHER
+/* Define this to allow password authentication even when no encryption
+ * is being used. This can be unsafe */
+#define ALLOW_NONE_PASSWORD_AUTH
+
/* Message Integrity - at least one required.
* Protocol RFC requires sha1 and recommends sha1-96.
* sha1-96 is of use for slow links as it has a smaller overhead.