From 0422754bce96ada3b228333f1eb3db8cf11cd862 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Sun, 11 Apr 2010 23:37:33 +0200 Subject: dropbear: reenable DSS algo support Tragically, disabling DSS support in order to prevent an error message from showing up at startup (because of missing dss host key) also disables support for pubkey auth using DSS keys. And guess which type mine is. ;) To provide a usable compromise, make dropbear.init generate the formerly missing dss host key. So there won't be any error message, either. Probably this fixes for hosts not being able to authenticate using an RSS host key, too. --- package/dropbear/patches/patch-options_h | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'package/dropbear/patches/patch-options_h') diff --git a/package/dropbear/patches/patch-options_h b/package/dropbear/patches/patch-options_h index b0903f45d..00914dda2 100644 --- a/package/dropbear/patches/patch-options_h +++ b/package/dropbear/patches/patch-options_h @@ -1,6 +1,6 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $ --- dropbear-0.52.orig/options.h 2008-11-11 15:13:50.000000000 +0100 -+++ dropbear-0.52/options.h 2010-01-22 17:55:09.000000000 +0100 ++++ dropbear-0.52/options.h 2010-03-14 23:30:26.277667006 +0100 @@ -10,6 +10,11 @@ * parts are to allow for commandline -DDROPBEAR_XXX options etc. ******************************************************************/ @@ -13,15 +13,6 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $ #ifndef DROPBEAR_DEFPORT #define DROPBEAR_DEFPORT "22" #endif -@@ -115,7 +120,7 @@ etc) slower (perhaps by 50%). Recommende - * Removing either of these won't save very much space. - * SSH2 RFC Draft requires dss, recommends rsa */ - #define DROPBEAR_RSA --#define DROPBEAR_DSS -+/* #define DROPBEAR_DSS */ - - /* RSA can be vulnerable to timing attacks which use the time required for - * signing to guess the private key. Blinding avoids this attack, though makes @@ -129,7 +134,7 @@ etc) slower (perhaps by 50%). Recommende /* #define DSS_PROTOK */ -- cgit v1.2.3