Hi Hans, sysoptions.h is intentional, those options haven't been tested enough to make them readily accessible. sysoptions.h's warning applies: * You shouldn't edit this file unless you know you need to.
When the draft was proposing group14-256 and group16-256 I tested against OpenSSH [1], but the spec has now moved to group16-sha512. Hopefully they should be ready in the next Dropbear release, also with the ability to disable sha1 in other place it is used. Cheers, Matt [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2515 On Sun, Mar 20, 2016 at 11:05:48AM +0100, Hans Harder wrote: > Hi Matt, > > noticed that in sysoptions.h this is added at line 130 > > /* These are disabled in Dropbear 2016.73 by default since the spec > draft-ietf-curdle-ssh-kex-sha2-02 is under development. */ > #define DROPBEAR_DH_GROUP14_256 0 > #define DROPBEAR_DH_GROUP16 0 > > > Should that not be in options.h underneath line 174 > > /* Group14 (2048 bit) is recommended. Group1 is less secure (1024 bit) > though > is the only option for interoperability with some older SSH programs */ > #define DROPBEAR_DH_GROUP1 1 > #define DROPBEAR_DH_GROUP14 1 > > > Hans > > > > > > > On Fri, Mar 18, 2016 at 4:52 PM, Matt Johnston <[email protected]> wrote: > > > Hi all, > > > > Dropbear 2016.73 is released. It has a few new features and > > other small improvements. > > > > Download at https://matt.ucc.asn.au/dropbear/dropbear.html > > > > Cheers, > > Matt > > > > 2016.73 - 18 March 2016 > > > > - Support syslog in dbclient, option -o usesyslog=yes. Patch from > > Konstantin Tokarev > > > > - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev > > > > - Option to exit when a TCP forward fails, patch from Konstantin Tokarev > > > > - New "-o" option parsing from Konstantin Tokarev. This allows handling > > some extra options > > in the style of OpenSSH, though implementing all OpenSSH options is not > > planned. > > > > - Fix crash when fallback initshells() is used, reported by Michael Nowak > > and Mike Tzou > > > > - Allow specifying commands eg "dropbearmulti dbclient ..." instead of > > symlinks > > > > - Various cleanups for issues found by a lint tool, patch from Francois > > Perrad > > > > - Fix tab indent consistency, patch from Francois Perrad > > > > - Fix issues found by cppcheck, reported by Mike Tzou > > > > - Use system memset_s() or explicit_bzero() if available to clear memory. > > Also make > > libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()). > > > > - Prevent scp failing when the local user doesn't exist. Based on patch > > from Michael Witten. > > > > - Improved Travis CI test running, thanks to Mike Tzou > > > > - Improve some code that was flagged by Coverity and Fortify Static Code > > Analyzer > >
