diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2007-02-03 08:20:34 +0000 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2007-02-03 08:20:34 +0000 |
| commit | d9aeb2773e236e662c8b493f4bcee978f9908d7c (patch) | |
| tree | bac48e388bf3ac739ae14cdf98da0eb4bb9d17bf /options.h | |
| parent | 056b92bd4c8a42ce1843493310d382159166edb8 (diff) | |
| parent | c5fd7dd5548f28e32d846e39d17e5c4de4e769af (diff) | |
merge of '5fdf69ca60d1683cdd9f4c2595134bed26394834'
and '6b61c50f4cf888bea302ac8fcf5dbb573b443251'
--HG--
extra : convert_revision : b1dd3b94e60a07a176dba2b035ac79968595990a
Diffstat (limited to 'options.h')
| -rw-r--r-- | options.h | 23 |
1 files changed, 18 insertions, 5 deletions
@@ -128,7 +128,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * You can't enable both PASSWORD and PAM. */ #define ENABLE_SVR_PASSWORD_AUTH -/*#define ENABLE_SVR_PAM_AUTH*/ +/*#define ENABLE_SVR_PAM_AUTH */ #define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_CLI_PASSWORD_AUTH @@ -161,6 +161,13 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ /* Specify the number of clients we will allow to be connected but * not yet authenticated. After this limit, connections are rejected */ +/* The first setting is per-IP, to avoid denial of service */ +#ifndef MAX_UNAUTH_PER_IP +#define MAX_UNAUTH_PER_IP 5 +#endif + +/* And then a global limit to avoid chewing memory if connections + * come from many IPs */ #ifndef MAX_UNAUTH_CLIENTS #define MAX_UNAUTH_CLIENTS 30 #endif @@ -192,15 +199,17 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * not using the Dropbear client, you'll need to change it */ #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" -/* Multi-purpose binary configuration has now moved. Look at the top - * of the Makefile for instructions, or INSTALL */ +/* Whether to log commands executed by a client. This only logs the + * (single) command sent to the server, not what a user did in a + * shell/sftp session etc. */ +/* #define LOG_COMMANDS */ /******************************************************************* * You shouldn't edit below here unless you know you need to. *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "0.46" +#define DROPBEAR_VERSION "0.49" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION @@ -243,8 +252,13 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, ipv4 and ipv6 don't count twice */ +/* Each port might have at least a v4 and a v6 address */ +#define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3) + #define _PATH_TTY "/dev/tty" +#define _PATH_CP "/bin/cp" + /* Timeouts in seconds */ #define SELECT_TIMEOUT 20 @@ -291,7 +305,6 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define MAX_PROPOSED_ALGO 20 /* size/count limits */ -#define MAX_LISTEN_ADDR 10 #define MAX_PACKET_LEN 35000 #define MIN_PACKET_LEN 16 |