This still can't be actually used, because dropbear won't be looking in the recipe folder and nothing puts that file into the source tree. Put a #error in it if you don't believe me. :)
Ross On 12 September 2018 at 22:56, <[email protected]> wrote: > This changes the Dropbear SSH server configuration so it will not > accept medium-strength encryption ciphers including: CBC mode, MD5, > 96-bit MAC, and triple DES. This is consistent with the default > supported OpenSSH ciphers. > > Upstream-Status: Pending > > Signed-off-by: Joseph Reynolds <[email protected]> > --- > meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++ > 1 file changed, 8 insertions(+) > create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h > > diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h > b/meta/recipes-core/dropbear/dropbear/localoptions.h > new file mode 100644 > index 0000000..ec48c26 > --- /dev/null > +++ b/meta/recipes-core/dropbear/dropbear/localoptions.h > @@ -0,0 +1,8 @@ > +/* Customize dropbear per default_options.h in the dropbear project */ > + > +/* Disable insecure ciphers */ > +#define DROPBEAR_TWOFISH256 0 > +#define DROPBEAR_TWOFISH128 0 > +#define DROPBEAR_ENABLE_CBC_MODE 0 > +#define DROPBEAR_SHA1_HMAC 0 > +#define DROPBEAR_SHA1_96_HMAC 0 > -- > 1.8.3.1 > > > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core > -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
