summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--Makefile.in2
-rw-r--r--cli-auth.c4
-rw-r--r--cli-runopts.c4
-rw-r--r--dbrandom.c8
-rw-r--r--dbutil.c2
-rw-r--r--dbutil.h2
-rw-r--r--default_options.h.in78
-rw-r--r--keyimport.c4
-rw-r--r--libtomcrypt/src/headers/tomcrypt_custom.h4
-rw-r--r--netio.c2
-rw-r--r--runopts.h2
-rw-r--r--signkey.c6
-rw-r--r--svr-authpubkey.c8
-rw-r--r--svr-authpubkeyoptions.c2
-rw-r--r--svr-chansession.c8
-rw-r--r--svr-main.c12
-rw-r--r--svr-runopts.c10
-rw-r--r--svr-tcpfwd.c2
-rw-r--r--sysoptions.h2
19 files changed, 100 insertions, 62 deletions
diff --git a/Makefile.in b/Makefile.in
index 8c2b7c7..8c9fbfe 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -20,7 +20,7 @@ LIBTOM_LIBS=@LIBTOM_LIBS@
ifeq (@BUNDLED_LIBTOM@, 1)
LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM)
CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
-LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
+LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
endif
ifneq ($(wildcard localoptions.h),)
diff --git a/cli-auth.c b/cli-auth.c
index bfeee58..bcc7281 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -60,9 +60,11 @@ void cli_auth_getmethods() {
*/
if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
+#if DROPBEAR_USE_DROPBEAR_PASSWORD
if (getenv(DROPBEAR_PASSWORD_ENV)) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
}
+#endif
if (cli_auth_try() == DROPBEAR_SUCCESS) {
TRACE(("skipped initial none auth query"))
/* Note that there will be two auth responses in-flight */
@@ -335,7 +337,7 @@ char* getpass_or_cancel(const char* prompt)
{
char* password = NULL;
-#ifdef DROPBEAR_PASSWORD_ENV
+#if DROPBEAR_USE_DROPBEAR_PASSWORD
/* Password provided in an environment var */
password = getenv(DROPBEAR_PASSWORD_ENV);
if (password)
diff --git a/cli-runopts.c b/cli-runopts.c
index d69a719..abcfc9f 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -306,10 +306,10 @@ void cli_getopts(int argc, char ** argv) {
case 'm':
#endif
case 'D':
-#ifndef DROPBEAR_CLI_REMOTETCPFWD
+#if !DROPBEAR_CLI_REMOTETCPFWD
case 'R':
#endif
-#ifndef DROPBEAR_CLI_LOCALTCPFWD
+#if !DROPBEAR_CLI_LOCALTCPFWD
case 'L':
#endif
case 'V':
diff --git a/dbrandom.c b/dbrandom.c
index 28b0d48..a117b10 100644
--- a/dbrandom.c
+++ b/dbrandom.c
@@ -59,7 +59,7 @@ process_file(hash_state *hs, const char *filename,
unsigned int readcount;
int ret = DROPBEAR_FAILURE;
-#ifdef DROPBEAR_PRNGD_SOCKET
+#if DROPBEAR_USE_PRNGD
if (prngd)
{
readfd = connect_unix(filename);
@@ -107,7 +107,7 @@ process_file(hash_state *hs, const char *filename,
wantread = MIN(sizeof(readbuf), len-readcount);
}
-#ifdef DROPBEAR_PRNGD_SOCKET
+#if DROPBEAR_USE_PRNGD
if (prngd)
{
char egdcmd[2];
@@ -157,7 +157,7 @@ void addrandom(const unsigned char * buf, unsigned int len)
static void write_urandom()
{
-#ifndef DROPBEAR_PRNGD_SOCKET
+#if !DROPBEAR_USE_PRNGD
/* This is opportunistic, don't worry about failure */
unsigned char buf[INIT_SEED_SIZE];
FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
@@ -185,7 +185,7 @@ void seedrandom() {
/* existing state */
sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
-#ifdef DROPBEAR_PRNGD_SOCKET
+#if DROPBEAR_USE_PRNGD
if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1)
!= DROPBEAR_SUCCESS) {
dropbear_exit("Failure reading random device %s",
diff --git a/dbutil.c b/dbutil.c
index 1134dd6..18fe634 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -214,7 +214,7 @@ void dropbear_trace2(const char* format, ...) {
#endif /* DEBUG_TRACE */
/* Connect to a given unix socket. The socket is blocking */
-#ifdef ENABLE_CONNECT_UNIX
+#if ENABLE_CONNECT_UNIX
int connect_unix(const char* path) {
struct sockaddr_un addr;
int fd = -1;
diff --git a/dbutil.h b/dbutil.h
index fe82272..645b428 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -59,7 +59,7 @@ char * stripcontrol(const char * text);
int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data,
int *writefd, int *readfd, int *errfd, pid_t *pid);
void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell);
-#ifdef ENABLE_CONNECT_UNIX
+#if ENABLE_CONNECT_UNIX
int connect_unix(const char* addr);
#endif
int buf_readfile(buffer* buf, const char* filename);
diff --git a/default_options.h.in b/default_options.h.in
index 95097ac..3e7052f 100644
--- a/default_options.h.in
+++ b/default_options.h.in
@@ -36,10 +36,9 @@ IMPORTANT: Many options will require "make clean" after changes */
#define NON_INETD_MODE 1
#define INETD_MODE 1
-/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
- * perhaps 20% slower for pubkey operations (it is probably worth experimenting
- * if you want to use this) */
-/*#define NO_FAST_EXPTMOD*/
+#if !(NON_INETD_MODE || INETD_MODE)
+ #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
+#endif
/* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
several kB in binary size however will make the symmetrical ciphers and hashes
@@ -77,7 +76,7 @@ much traffic. */
#define DROPBEAR_CLI_NETCAT 1
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
-#define ENABLE_USER_ALGO_LIST 1
+#define DROPBEAR_USER_ALGO_LIST 1
/* Encryption - at least one required.
* Protocol RFC requires 3DES and recommends AES128 for interoperability.
@@ -86,10 +85,15 @@ much traffic. */
#define DROPBEAR_AES128 1
#define DROPBEAR_3DES 1
#define DROPBEAR_AES256 1
-/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-/*#define DROPBEAR_BLOWFISH*/
#define DROPBEAR_TWOFISH256 1
#define DROPBEAR_TWOFISH128 1
+/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+#define DROPBEAR_BLOWFISH 0
+
+#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
+ || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
+ #error "At least one encryption algorithm must be enabled; 3DES and AES128 are recommended."
+#endif
/* Enable CBC mode for ciphers. This has security issues though
* is the most compatible with older SSH implementations */
@@ -129,6 +133,10 @@ If you test it please contact the Dropbear author */
* on x86-64 */
#define DROPBEAR_ECDSA 1
+#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
+ #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
+#endif
+
/* RSA must be >=1024 */
#define DROPBEAR_DEFAULT_RSA_SIZE 2048
/* DSS is always 1024 */
@@ -193,27 +201,57 @@ If you test it please contact the Dropbear author */
* PAM challenge/response.
* You can't enable both PASSWORD and PAM. */
+/* PAM requires ./configure --enable-pam */
+#if defined(HAVE_LIBPAM) && !DROPBEAR_SVR_PASSWORD_AUTH
+ #define DROPBEAR_SVR_PAM_AUTH 1
+#else
+ #define DROPBEAR_SVR_PAM_AUTH 0
+#endif
+
/* This requires crypt() */
-#ifdef HAVE_CRYPT
-#define DROPBEAR_SVR_PASSWORD_AUTH 1
+#if defined(HAVE_CRYPT) && !DROPBEAR_SVR_PAM_AUTH
+ #define DROPBEAR_SVR_PASSWORD_AUTH 1
#else
-#define DROPBEAR_SVR_PASSWORD_AUTH 0
+ #define DROPBEAR_SVR_PASSWORD_AUTH 0
#endif
-/* PAM requires ./configure --enable-pam */
-#define DROPBEAR_SVR_PAM_AUTH 0
+
#define DROPBEAR_SVR_PUBKEY_AUTH 1
+#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
+ #error "At least one server authentication type must be enabled; PUBKEY and PASSWORD are recommended."
+#endif
+
+#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
+ #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
+#endif
+
+#if DROPBEAR_SVR_PAM_AUTH
+ #if DISABLE_PAM
+ #error "DROPBEAR_SVR_PAM_AUTH requires 'configure --enable-pam' to succeed."
+ #endif
+ #if DROPBEAR_SVR_PASSWORD_AUTH
+ #error "DROPBEAR_SVR_PASSWORD_AUTH cannot be enabled at the same time as DROPBEAR_SVR_PAM_AUTH."
+ #endif
+#endif
+
/* Whether to take public key options in
* authorized_keys file into account */
#define DROPBEAR_SVR_PUBKEY_OPTIONS 1
/* This requires getpass. */
#ifdef HAVE_GETPASS
-#define DROPBEAR_CLI_PASSWORD_AUTH 1
-#define DROPBEAR_CLI_INTERACT_AUTH 1
+ #define DROPBEAR_CLI_PASSWORD_AUTH 1
+ #define DROPBEAR_CLI_INTERACT_AUTH 1
+#else
+ #define DROPBEAR_CLI_PASSWORD_AUTH 0
+ #define DROPBEAR_CLI_INTERACT_AUTH 0
#endif
#define DROPBEAR_CLI_PUBKEY_AUTH 1
+#if !(DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_PUBKEY_AUTH)
+ #error "At least one client authentication type must be enabled; PUBKEY and PASSWORD are recommended."
+#endif
+
/* A default argument for dbclient -i <privatekey>.
Homedir is prepended unless path begins with / */
#define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
@@ -224,7 +262,7 @@ Homedir is prepended unless path begins with / */
* note that it will be provided for all "hidden" client-interactive
* style prompts - if you want something more sophisticated, use
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
+#define DROPBEAR_USE_DROPBEAR_PASSWORD 1
/* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
* a helper program for the ssh client. The helper program should be
@@ -233,6 +271,10 @@ Homedir is prepended unless path begins with / */
* return the password on standard output */
#define DROPBEAR_CLI_ASKPASS_HELPER 0
+#if DROPBEAR_CLI_ASKPASS_HELPER
+ #define DROPBEAR_CLI_PASSWORD_AUTH 1
+#endif
+
/* Save a network roundtrip by sendng a real auth request immediately after
* sending a query for the available methods. It is at the expense of < 100
* bytes of extra network traffic. This is not yet enabled by default since it
@@ -245,8 +287,8 @@ Homedir is prepended unless path begins with / */
#define DROPBEAR_URANDOM_DEV "/dev/urandom"
/* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
-/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
-
+#define DROPBEAR_USE_PRNGD 0
+#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
/* Specify the number of clients we will allow to be connected but
* not yet authenticated. After this limit, connections are rejected */
@@ -269,6 +311,8 @@ Homedir is prepended unless path begins with / */
* "-q" for quiet */
#define XAUTH_COMMAND "/usr/bin/xauth -q"
+#define DROPBEAR_SFTPSERVER 1
+
/* if you want to enable running an sftp server (such as the one included with
* OpenSSH), set the path below. If the path isn't defined, sftp will not
* be enabled */
diff --git a/keyimport.c b/keyimport.c
index e44ee56..ea3164c 100644
--- a/keyimport.c
+++ b/keyimport.c
@@ -870,7 +870,7 @@ static int openssh_write(const char *filename, sign_key *key,
*/
numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
- #ifdef DROPBEAR_RSA
+ #if DROPBEAR_RSA
if (key->type == DROPBEAR_SIGNKEY_RSA) {
if (key->rsakey->p == NULL || key->rsakey->q == NULL) {
@@ -966,7 +966,7 @@ static int openssh_write(const char *filename, sign_key *key,
}
#endif /* DROPBEAR_RSA */
- #ifdef DROPBEAR_DSS
+ #if DROPBEAR_DSS
if (key->type == DROPBEAR_SIGNKEY_DSS) {
/* p */
diff --git a/libtomcrypt/src/headers/tomcrypt_custom.h b/libtomcrypt/src/headers/tomcrypt_custom.h
index e58de71..b7bd20c 100644
--- a/libtomcrypt/src/headers/tomcrypt_custom.h
+++ b/libtomcrypt/src/headers/tomcrypt_custom.h
@@ -68,8 +68,8 @@
#define LTC_NO_MODES
#define LTC_NO_HASHES
#define LTC_NO_MACS
- #define LTC_NO_PRNGS
- #define LTC_NO_PK
+ #define LTC_NO_PRNGS
+ #define LTC_NO_PK
#define LTC_NO_PKCS
#define LTC_NO_MISC
#endif /* LTC_NOTHING */
diff --git a/netio.c b/netio.c
index 04413e1..c73a1fe 100644
--- a/netio.c
+++ b/netio.c
@@ -613,7 +613,7 @@ void getaddrstring(struct sockaddr_storage* addr,
int flags = NI_NUMERICSERV | NI_NUMERICHOST;
-#ifndef DO_HOST_LOOKUP
+#if !DO_HOST_LOOKUP
host_lookup = 0;
#endif
diff --git a/runopts.h b/runopts.h
index 770ae8f..5118769 100644
--- a/runopts.h
+++ b/runopts.h
@@ -86,7 +86,7 @@ typedef struct svr_runopts {
int ipv6;
*/
-#ifdef DO_MOTD
+#if DO_MOTD
/* whether to print the MOTD */
int domotd;
#endif
diff --git a/signkey.c b/signkey.c
index 682d445..d33ef44 100644
--- a/signkey.c
+++ b/signkey.c
@@ -78,13 +78,13 @@ enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen)
#if DROPBEAR_ECDSA
/* Some of the ECDSA key sizes are defined even if they're not compiled in */
if (0
-#ifndef DROPBEAR_ECC_256
+#if !DROPBEAR_ECC_256
|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
#endif
-#ifndef DROPBEAR_ECC_384
+#if !DROPBEAR_ECC_384
|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
#endif
-#ifndef DROPBEAR_ECC_521
+#if !DROPBEAR_ECC_521
|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
#endif
) {
diff --git a/svr-authpubkey.c b/svr-authpubkey.c
index 8905ac9..aa6087c 100644
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -473,12 +473,4 @@ static int checkfileperm(char * filename) {
return DROPBEAR_SUCCESS;
}
-#ifdef DROPBEAR_FUZZ
-int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
- const char* algo, unsigned int algolen,
- const unsigned char* keyblob, unsigned int keybloblen) {
- return checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen);
-}
-#endif
-
#endif
diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c
index d08fc2c..19f07b9 100644
--- a/svr-authpubkeyoptions.c
+++ b/svr-authpubkeyoptions.c
@@ -100,7 +100,7 @@ void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
chansess->original_command = m_strdup("");
}
chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command);
-#ifdef LOG_COMMANDS
+#if LOG_COMMANDS
dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command);
#endif
}
diff --git a/svr-chansession.c b/svr-chansession.c
index 5542ad1..cdc6e94 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -663,7 +663,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
}
}
if (issubsys) {
-#ifdef SFTPSERVER_PATH
+#if DROPBEAR_SFTPSERVER
if ((cmdlen == 4) && strncmp(chansess->cmd, "sftp", 4) == 0) {
m_free(chansess->cmd);
chansess->cmd = m_strdup(SFTPSERVER_PATH);
@@ -687,7 +687,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
}
-#ifdef LOG_COMMANDS
+#if LOG_COMMANDS
if (chansess->cmd) {
dropbear_log(LOG_INFO, "User %s executing '%s'",
ses.authstate.pw_name, chansess->cmd);
@@ -774,7 +774,7 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) {
pid_t pid;
struct logininfo *li = NULL;
-#ifdef DO_MOTD
+#if DO_MOTD
buffer * motdbuf = NULL;
int len;
struct stat sb;
@@ -826,7 +826,7 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) {
login_login(li);
login_free_entry(li);
-#ifdef DO_MOTD
+#if DO_MOTD
if (svr_opts.domotd && !chansess->cmd) {
/* don't show the motd if ~/.hushlogin exists */
diff --git a/svr-main.c b/svr-main.c
index 4d82ec1..a7e447e 100644
--- a/svr-main.c
+++ b/svr-main.c
@@ -35,10 +35,10 @@ static size_t listensockets(int *sock, size_t sockcount, int *maxfd);
static void sigchld_handler(int dummy);
static void sigsegv_handler(int);
static void sigintterm_handler(int fish);
-#ifdef INETD_MODE
+#if INETD_MODE
static void main_inetd(void);
#endif
-#ifdef NON_INETD_MODE
+#if NON_INETD_MODE
static void main_noinetd(void);
#endif
static void commonsetup(void);
@@ -58,7 +58,7 @@ int main(int argc, char ** argv)
/* get commandline options */
svr_getopts(argc, argv);
-#ifdef INETD_MODE
+#if INETD_MODE
/* service program mode */
if (svr_opts.inetdmode) {
main_inetd();
@@ -66,7 +66,7 @@ int main(int argc, char ** argv)
}
#endif
-#ifdef NON_INETD_MODE
+#if NON_INETD_MODE
main_noinetd();
/* notreached */
#endif
@@ -76,7 +76,7 @@ int main(int argc, char ** argv)
}
#endif
-#ifdef INETD_MODE
+#if INETD_MODE
static void main_inetd() {
char *host, *port = NULL;
@@ -110,7 +110,7 @@ static void main_inetd() {
}
#endif /* INETD_MODE */
-#ifdef NON_INETD_MODE
+#if NON_INETD_MODE
static void main_noinetd() {
fd_set fds;
unsigned int i, j;
diff --git a/svr-runopts.c b/svr-runopts.c
index cca5562..3d97023 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -64,7 +64,7 @@ static void printhelp(const char * progname) {
#else
"-E Log to stderr rather than syslog\n"
#endif
-#ifdef DO_MOTD
+#if DO_MOTD
"-m Don't display the motd on login\n"
#endif
"-w Disallow root logins\n"
@@ -88,7 +88,7 @@ static void printhelp(const char * progname) {
" (default port is %s if none specified)\n"
"-P PidFile Create pid file PidFile\n"
" (default %s)\n"
-#ifdef INETD_MODE
+#if INETD_MODE
"-i Start for inetd\n"
#endif
"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
@@ -156,7 +156,7 @@ void svr_getopts(int argc, char ** argv) {
opts.ipv4 = 1;
opts.ipv6 = 1;
*/
-#ifdef DO_MOTD
+#if DO_MOTD
svr_opts.domotd = 1;
#endif
#ifndef DISABLE_SYSLOG
@@ -210,7 +210,7 @@ void svr_getopts(int argc, char ** argv) {
opts.listen_fwd_all = 1;
break;
#endif
-#ifdef INETD_MODE
+#if INETD_MODE
case 'i':
svr_opts.inetdmode = 1;
break;
@@ -221,7 +221,7 @@ void svr_getopts(int argc, char ** argv) {
case 'P':
next = &svr_opts.pidfile;
break;
-#ifdef DO_MOTD
+#if DO_MOTD
/* motd is displayed by default, -m turns it off */
case 'm':
svr_opts.domotd = 0;
diff --git a/svr-tcpfwd.c b/svr-tcpfwd.c
index 480beb6..16d0859 100644
--- a/svr-tcpfwd.c
+++ b/svr-tcpfwd.c
@@ -35,7 +35,7 @@
#include "auth.h"
#include "netio.h"
-#ifndef DROPBEAR_SVR_REMOTETCPFWD
+#if !DROPBEAR_SVR_REMOTETCPFWD
/* This is better than SSH_MSG_UNIMPLEMENTED */
void recv_msg_global_request_remotetcp() {
diff --git a/sysoptions.h b/sysoptions.h
index 7aa1314..bf88cf3 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -192,7 +192,7 @@
#define DROPBEAR_CLI_MULTIHOP ((DROPBEAR_CLI_NETCAT) && (DROPBEAR_CLI_PROXYCMD))
-#define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) || (DROPBEAR_PRNGD_SOCKET))
+#define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) || (DROPBEAR_USE_PRNGD))
/* if we're using authorized_keys or known_hosts */
#define DROPBEAR_KEY_LINES ((DROPBEAR_CLIENT) || (DROPBEAR_SVR_PUBKEY_AUTH))