Possible values: 1 to 80 (from src/sysoptions.h)
Default: 10
+ config DROPBEAR_MAX_PUBKEY_QUERIES
+ int "Max. public key queries per session"
+ range 1 80
+ default 15
+ help
+ Default maximum number of public key queries per session (server option).
+
+ Public key queries aren't a risk for brute forcing authentication,
+ but can be a user enumeration/privacy concern if an attacker
+ attempts to iterate known public keys such as those published by GitHub.
+
+ This limit has a trade-off. Having a smaller limit reduces the number
+ of legitimate public keys that can be presented by a client/ssh agent.
+
+ That is still a risk against a single host,
+ but this limit may deter internet-wide scanning.
+
+ If -T argument or DROPBEAR_MAX_AUTH_TRIES is larger that will be used instead.
+
+ Possible values: 1 to 80 (same as for DROPBEAR_MAX_AUTH_TRIES)
+ Default: 15
+
config DROPBEAR_UNAUTH_CLOSE_DELAY
int "Delay closing unauth. connections (seconds)"
range 0 3600
Possible values: 0 to 604800 (7 days)
Default: 0 (disabled).
+ config DROPBEAR_DEFAULT_MAX_DURATION
+ int "Default max. session duration (seconds)"
+ range 0 604800
+ default 0
+ help
+ If session duration exceeds specified limit, disconnect.
+ Applies to both server and client.
+
+ Note: values below 30 seconds are not recommended.
+
+ This can be changed at run-time with the -M argument.
+
+ Possible values: 0 to 604800 (7 days)
+ Default: 0 (disabled).
+
endmenu
## </RESOURCE LIMITS>
Post-quantum KEM can avoid harvest-now-decrypt-later style attacks.
- Default: enabled, except devices with very small flash.
+ Default: disabled.
config DROPBEAR_SNTRUP761
bool "sntrup761 [POST-QUANTUM]"
CONFIG_DROPBEAR_DO_HOST_LOOKUP CONFIG_DROPBEAR_SVR_PUBKEY_OPTIONS CONFIG_DROPBEAR_LASTLOG CONFIG_DROPBEAR_LASTLOG_PATH CONFIG_DROPBEAR_WTMP CONFIG_DROPBEAR_WTMP_PATH CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_UTMP_PATH CONFIG_DROPBEAR_PUTUTLINE CONFIG_DROPBEAR_LOGINFUNC \
CONFIG_DROPBEAR_REEXEC CONFIG_DROPBEAR_ZLIB CONFIG_DROPBEAR_DELAY_HOSTKEY CONFIG_DROPBEAR_SVR_AGENTFWD CONFIG_DROPBEAR_SVR_REMOTETCPFWD CONFIG_DROPBEAR_SVR_LOCALTCPFWD CONFIG_DROPBEAR_SVR_LOCALSTREAMFWD CONFIG_DROPBEAR_X11FWD CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_SFTPSERVER \
CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_USER_ALGO_LIST CONFIG_DROPBEAR_USE_SSH_CONFIG CONFIG_DROPBEAR_CLI_IMMEDIATE_AUTH CONFIG_DROPBEAR_USE_PASSWORD_ENV CONFIG_DROPBEAR_CLI_ASKPASS_HELPER CONFIG_DROPBEAR_CLI_AGENTFWD CONFIG_DROPBEAR_CLI_LOCALTCPFWD CONFIG_DROPBEAR_CLI_REMOTETCPFWD CONFIG_DROPBEAR_CLI_PROXYCMD CONFIG_DROPBEAR_CLI_NETCAT CONFIG_DROPBEAR_CLI_MULTIHOP \
- CONFIG_DROPBEAR_KEX_REKEY_TIMEOUT CONFIG_DROPBEAR_KEX_REKEY_DATA CONFIG_DROPBEAR_AUTH_TIMEOUT CONFIG_DROPBEAR_MAX_AUTH_TRIES CONFIG_DROPBEAR_UNAUTH_CLOSE_DELAY CONFIG_DROPBEAR_MAX_UNAUTH_PER_IP CONFIG_DROPBEAR_MAX_UNAUTH_CLIENTS CONFIG_DROPBEAR_DEFAULT_RECV_WINDOW CONFIG_DROPBEAR_DEFAULT_KEEPALIVE CONFIG_DROPBEAR_DEFAULT_KEEPALIVE_LIMIT CONFIG_DROPBEAR_DEFAULT_IDLE_TIMEOUT \
+ CONFIG_DROPBEAR_KEX_REKEY_TIMEOUT CONFIG_DROPBEAR_KEX_REKEY_DATA CONFIG_DROPBEAR_AUTH_TIMEOUT CONFIG_DROPBEAR_MAX_AUTH_TRIES CONFIG_DROPBEAR_UNAUTH_CLOSE_DELAY CONFIG_DROPBEAR_MAX_UNAUTH_PER_IP CONFIG_DROPBEAR_MAX_UNAUTH_CLIENTS CONFIG_DROPBEAR_DEFAULT_RECV_WINDOW CONFIG_DROPBEAR_DEFAULT_KEEPALIVE CONFIG_DROPBEAR_DEFAULT_KEEPALIVE_LIMIT CONFIG_DROPBEAR_DEFAULT_IDLE_TIMEOUT CONFIG_DROPBEAR_MAX_PUBKEY_QUERIES CONFIG_DROPBEAR_DEFAULT_MAX_DURATION \
CONFIG_DROPBEAR_3DES CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256 CONFIG_DROPBEAR_CHACHA20POLY1305 \
CONFIG_DROPBEAR_ENABLE_CTR_MODE CONFIG_DROPBEAR_ENABLE_CBC_MODE CONFIG_DROPBEAR_ENABLE_GCM_MODE \
CONFIG_DROPBEAR_SHA1_96_HMAC CONFIG_DROPBEAR_SHA1_HMAC CONFIG_DROPBEAR_SHA2_256_HMAC CONFIG_DROPBEAR_SHA2_512_HMAC \
DEFAULT_IDLE_TIMEOUT,$(CONFIG_DROPBEAR_DEFAULT_IDLE_TIMEOUT) \
DEFAULT_KEEPALIVE_LIMIT,$(CONFIG_DROPBEAR_DEFAULT_KEEPALIVE_LIMIT) \
DEFAULT_KEEPALIVE,$(CONFIG_DROPBEAR_DEFAULT_KEEPALIVE) \
+ DEFAULT_MAX_DURATION,$(CONFIG_DROPBEAR_DEFAULT_MAX_DURATION) \
DEFAULT_RECV_WINDOW,$(CONFIG_DROPBEAR_DEFAULT_RECV_WINDOW) \
KEX_REKEY_DATA,$(CONFIG_DROPBEAR_KEX_REKEY_DATA) \
KEX_REKEY_TIMEOUT,$(CONFIG_DROPBEAR_KEX_REKEY_TIMEOUT) \
MAX_AUTH_TRIES,$(CONFIG_DROPBEAR_MAX_AUTH_TRIES) \
+ MAX_PUBKEY_QUERIES,$(CONFIG_DROPBEAR_MAX_PUBKEY_QUERIES) \
MAX_UNAUTH_CLIENTS,$(CONFIG_DROPBEAR_MAX_UNAUTH_CLIENTS) \
MAX_UNAUTH_PER_IP,$(CONFIG_DROPBEAR_MAX_UNAUTH_PER_IP) \
UNAUTH_CLOSE_DELAY,$(CONFIG_DROPBEAR_UNAUTH_CLOSE_DELAY) \
projects / thirdparty / openwrt.git / commitdiff
