dropbear/repos/community-x86_64/localoptions.h

   1 /*
   2  * Arch Linux configuration for DropBear
   3  *
   4  * The majority of these options are disabled or enabled as a result of
   5  * running ssh-audit:
   6  *
   7  * https://github.com/arthepsy/ssh-audit
   8  */
   9
  10 /* Disable CBC mode for ciphers */
  11 #define DROPBEAR_ENABLE_CBC_MODE 0
  12
  13 /* Disable X11 forwarding on the server */
  14 #define DROPBEAR_X11FWD 0
  15
  16 /* Disable reverse DNS lookups */
  17 #define DO_HOST_LOOKUP 0
  18
  19 /* Enable twofish128 and twofish256 */
  20 #define DROPBEAR_TWOFISH128 1
  21 #define DROPBEAR_TWOFISH256 1
  22
  23 /* Disable SHA-96 */
  24 #define DROPBEAR_SHA1_HMAC 0
  25 #define DROPBEAR_SHA1_96_HMAC 0
  26
  27 /* Disable DSS */
  28 #define DROPBEAR_DSS 0
  29
  30 /* Disable ECDH */
  31 #define DROPBEAR_ECDH 0
  32
  33 /* Keep ECDSA, for practical purposes */
  34 #define DROPBEAR_ECDSA 1
  35
  36 /* SFTP server path */
  37 #define SFTPSERVER_PATH "/usr/lib/ssh/sftp-server"
  38
  39 /* Spend a small amount of bytes for an increase in performance */
  40 #define DROPBEAR_SMALL_CODE 0
  41
  42 /* Default path */
  43 #define DEFAULT_PATH "/usr/bin"
  44
  45 /* Enable GCM mode, ref. FS#70781 */
  46 #define DROPBEAR_ENABLE_GCM_MODE 1