diff options
author | Sven Roederer <devel-sven@geroedel.de> | 2021-07-16 00:44:53 +0200 |
---|---|---|
committer | Christian Lamparter <chunkeey@gmail.com> | 2021-10-30 16:32:54 +0200 |
commit | 5287defa1fa47a037ba29b653c4599ee145a7e03 (patch) | |
tree | 95016defc09a5fd143280a3db09e8a0aaaed1e18 | |
parent | 88a2ea41da6b67d1575b958ed8f97bfd9b7d4cbb (diff) | |
download | upstream-5287defa1fa47a037ba29b653c4599ee145a7e03.tar.gz upstream-5287defa1fa47a037ba29b653c4599ee145a7e03.tar.bz2 upstream-5287defa1fa47a037ba29b653c4599ee145a7e03.zip |
dropbear: add config options for agent-forwarding support
* SSH agent forwarding might cause security issues, locally and on the jump
machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to
completely disabling it.
* separate options for client and server
* keep it enabled by default
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
-rw-r--r-- | package/network/services/dropbear/Config.in | 9 | ||||
-rw-r--r-- | package/network/services/dropbear/Makefile | 5 |
2 files changed, 13 insertions, 1 deletions
diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index 15000eff53..d4644fc88f 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -95,6 +95,11 @@ config DROPBEAR_DBCLIENT bool "Build dropbear with dbclient" default y +config DROPBEAR_DBCLIENT_AGENTFORWARD + bool "Enable agent forwarding in dbclient" + default y + depends on DROPBEAR_DBCLIENT + config DROPBEAR_SCP bool "Build dropbear with scp" default y @@ -109,4 +114,8 @@ config DROPBEAR_ASKPASS Increases binary size by about 0.1 kB (MIPS). +config DROPBEAR_AGENTFORWARD + bool "Enable agent forwarding" + default y + endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 7fb4b7f123..d518de3f70 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -32,7 +32,8 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \ CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \ CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \ - CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS + CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \ + CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD CONFIG_DROPBEAR_AGENTFORWARD include $(INCLUDE_DIR)/package.mk @@ -135,6 +136,8 @@ DB_OPT_CONFIG = \ !!DROPBEAR_ECC_384|CONFIG_DROPBEAR_ECC_FULL|1|0 \ !!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \ DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \ + DROPBEAR_CLI_AGENTFWD|CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD|1|0 \ + DROPBEAR_SVR_AGENTFWD|CONFIG_DROPBEAR_AGENTFORWARD|1|0 \ TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto |