| Age | Commit message (Collapse) | Author |
|---|
|
* added option to disable trivial auth methods
* rename argument to match with other ssh clients
* fixed trivial auth detection for pubkeys
|
|
|
|
|
|
For the sake of review, this commit alters only the code; the affiliated
comments within the source files also need to be updated, but doing so
now would obscure the operational changes that have been made here.
* All on/off options have been switched to the numeric `#if' variant;
that is the only way to make this `default_options.h.in' thing work
in a reasonable manner.
* There is now some very minor compile-time checking of the user's
choice of options.
* NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed.
* ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST,
and this commit completes that work.
* DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option,
which was added by the following commit:
commit 6e0b539e9ca0b5628c6c5a3d118ad6a2e79e8039
Author: Matt Johnston <matt@ucc.asn.au>
Date: Tue May 23 22:29:21 2017 +0800
split out checkpubkey_line() separately
It has now been added to `sysoptions.h' and defined as `0' by default.
* The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in
`default_options.h.in'; it is no longer meant to be set by the user, and
is instead left to be defined in `sysoptions.h' (where it was already being
defined) as merely the name of the environment variable in question:
DROPBEAR_PASSWORD
To enable or disable use of that environment variable, the user must now
toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'.
* The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the
path of the sFTP server program is set independently through the usual
SFTPSERVER_PATH.
|
|
|
|
|
|
|
|
|
|
some systems (like android's bionic) do not provide getpass. you can
disable ENABLE_CLI_PASSWORD_AUTH & ENABLE_CLI_INTERACT_AUTH to avoid
its use (and rely on pubkey auth), but the link still fails because
the support file calls getpass. do not define this func if both of
those auth methods are not used.
|
|
|
|
|
|
|
|
auth requests). Regresssion in ff597bf2cfb0
|
|
|
|
|
|
Only use it if we have pubkeys to try, or we have $DROPBEAR_PASSWORD set
|
|
|
|
This needs a bit of testing to make sure it doesn't have side-effects.
|
|
--HG--
branch : insecure-nocrypto
|
|
--HG--
branch : insecure-nocrypto
|
|
--HG--
branch : insecure-nocrypto
|
|
agent forwarding.
--HG--
branch : agent-client
extra : convert_revision : 276cf5e82276b6c879d246ba64739ec6868f5150
|
|
bad interactions with multihop or netcat-alike mode.
--HG--
extra : convert_revision : 899a8851a5edf840b2f7925bcc26ffe99dcac54d
|
|
cdcc3c729e29544e8b98a408e2dc60e4483dfd2a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
--HG--
branch : insecure-nocrypto
extra : convert_revision : dbb093e087a68abf2e54ab0b711af70771ddb29d
|
|
Are still advertising 'zlib' for the server, need to allow
delayed-only as an option
--HG--
extra : convert_revision : 319df675cc3c9b35a10b7d8357c94f33fdab1a46
|
|
--HG--
extra : convert_revision : 9a5277c058af96e8fb7a3ade558dd1aeeafa1d3a
|
|
--HG--
extra : convert_revision : 3bcfb35f7a6065dafbd695d943b95d64efff1c99
|
|
--HG--
extra : convert_revision : 84eb6fedc6df0666f8053b9018bf16635dbfb257
|
|
7ad1775ed65e75dbece27fe6b65bf1a234db386a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 88ed2b94d9bfec9a4f661caf592ed01da5eb3b6a)
--HG--
branch : insecure-nocrypto
extra : convert_revision : 2b954d406290e6a2be8eb4a262d3675ac95ac544
|
|
Enter still has to be pressed since glibc blocks ctrl-c in getpass()
--HG--
extra : convert_revision : 1c8128fba89431f2460dd5914f0614850d529b76
|
|
DO NOT USE IF YOU DON'T KNOW THE CONSEQUENCES
Here is your noose. Use it wisely.
--HG--
branch : insecure-nocrypto
extra : convert_revision : 88ed2b94d9bfec9a4f661caf592ed01da5eb3b6a
|
|
--HG--
extra : convert_revision : 3df738e42f4fc8b7f0f3ff9ca767386f54edb1ea
|
|
connect to auth socket (server)
* differentiate between get_byte and get_bool
* get rid of some // comments
* general tidying
--HG--
extra : convert_revision : fb8d188ce33b6b45804a5ce51b9f601f83bdf3d7
|
|
--HG--
extra : convert_revision : d928bc851e32be7bd429bf7504b148c0e4bf7e2f
|
|
--HG--
extra : convert_revision : 43fdd8b10616b9d5e11f677d16763c7a876a5ec3
|
|
--HG--
extra : convert_revision : 75c02f80c4ed25bd4697e7f17ffac6eded54c148
|
|
--HG--
extra : convert_revision : 149ce7a9a9cc5fe670994d6789b40be49895c595
|
|
remote hostkey verification though.
--HG--
extra : convert_revision : 8635abe49e499e16d44a8ee79d474dc35257e9cc
|
|
--HG--
extra : convert_revision : a38558944355bb9b4c8e9e22147c1f2d8d327775
|
|
- Refactored the terminal-mode handling for the server
- Improved session closing for the client
--HG--
extra : convert_revision : 9d19b4f22c39798af5f3f24c2022f8caec4919e8
|
|
--HG--
extra : convert_revision : ab7e63234f2c134c2321406598ae67038e0ca576
|
|
fix password auth for the server
--HG--
extra : convert_revision : 234eb604aabaef9ed0dd496ff8db8ecc212ca18c
|
|
Need to rework algo-choosing etc, since server is now broken.
--HG--
extra : convert_revision : 458dc4eed0e885e7c91633d4781d3348213a0e19
|
|
--HG--
extra : convert_revision : 48946be1cef774d1c33b0f78689962b18720c627
|
