mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-18 10:46:41 +00:00
d0f295837a
The Ed25519 key pairs are much shorter than RSA pairs and are supported by default in OpenSSH. Looking at websites explaining how to create new SSH keys, many suggest using Ed25519 rather than RSA, however consider the former as not yet widely established. OpenWrt likely has a positive influence on that development. As enabling Ed25519 is a compile time option, it is currently not possible to install the feature via `opkg` nor select that option in an ImageBuilder. Due to the size impact of **12kB** the option should only be enabled for devices with `!SMALL_FLASH`. This approach seems cleaner than splitting `dropbear` into two packages like `dropbear` and `dropbear-ed25519`. Signed-off-by: Paul Spooren <mail@aparcar.org>
103 lines
2.3 KiB
Plaintext
103 lines
2.3 KiB
Plaintext
menu "Configuration"
|
|
depends on PACKAGE_dropbear
|
|
|
|
config DROPBEAR_CURVE25519
|
|
bool "Curve25519 support"
|
|
default y
|
|
help
|
|
This enables the following key exchange algorithm:
|
|
curve25519-sha256@libssh.org
|
|
|
|
Increases binary size by about 4 kB (MIPS).
|
|
|
|
config DROPBEAR_ECC
|
|
bool "Elliptic curve cryptography (ECC)"
|
|
default n
|
|
help
|
|
Enables basic support for elliptic curve cryptography (ECC)
|
|
in key exchange and public key authentication.
|
|
|
|
Key exchange algorithms:
|
|
ecdh-sha2-nistp256
|
|
|
|
Public key algorithms:
|
|
ecdsa-sha2-nistp256
|
|
|
|
Increases binary size by about 24 kB (MIPS).
|
|
|
|
If full ECC support is required, also select DROPBEAR_ECC_FULL.
|
|
|
|
config DROPBEAR_ECC_FULL
|
|
bool "Elliptic curve cryptography (ECC), full support"
|
|
default n
|
|
depends on DROPBEAR_ECC
|
|
help
|
|
Enables full support for elliptic curve cryptography (ECC)
|
|
in key exchange and public key authentication.
|
|
|
|
Key exchange algorithms:
|
|
ecdh-sha2-nistp256 (*)
|
|
ecdh-sha2-nistp384
|
|
ecdh-sha2-nistp521
|
|
|
|
Public key algorithms:
|
|
ecdsa-sha2-nistp256 (*)
|
|
ecdsa-sha2-nistp384
|
|
ecdsa-sha2-nistp521
|
|
|
|
(*) - basic ECC support; provided by DROPBEAR_ECC.
|
|
|
|
Increases binary size by about 4 kB (MIPS).
|
|
|
|
config DROPBEAR_ED25519
|
|
bool "Ed25519 support"
|
|
default y if !SMALL_FLASH
|
|
help
|
|
This enables the following public key algorithm:
|
|
ssh-ed25519
|
|
|
|
Increases binary size by about 12 kB (MIPS).
|
|
|
|
config DROPBEAR_CHACHA20POLY1305
|
|
bool "Chacha20-Poly1305 support"
|
|
default y
|
|
help
|
|
This enables the following authenticated encryption cipher:
|
|
chacha20-poly1305@openssh.com
|
|
|
|
Increases binary size by about 4 kB (MIPS).
|
|
|
|
config DROPBEAR_ZLIB
|
|
bool "Enable compression"
|
|
default n
|
|
help
|
|
Enables compression using shared zlib library.
|
|
|
|
Increases binary size by about 0.1 kB (MIPS) and requires additional 62 kB (MIPS)
|
|
for a shared zlib library.
|
|
|
|
config DROPBEAR_UTMP
|
|
bool "Utmp support"
|
|
default n
|
|
depends on BUSYBOX_CONFIG_FEATURE_UTMP
|
|
help
|
|
This enables dropbear utmp support, the file /var/run/utmp is used to
|
|
track who is currently logged in.
|
|
|
|
config DROPBEAR_PUTUTLINE
|
|
bool "Pututline support"
|
|
default n
|
|
depends on DROPBEAR_UTMP
|
|
help
|
|
Dropbear will use pututline() to write the utmp structure into the utmp file.
|
|
|
|
config DROPBEAR_DBCLIENT
|
|
bool "Build dropbear with dbclient"
|
|
default y
|
|
|
|
config DROPBEAR_SCP
|
|
bool "Build dropbear with scp"
|
|
default y
|
|
|
|
endmenu
|