[openwrt/openwrt] dropbear: add config options for agent-forwarding support

LEDE Commits lede-commits at lists.infradead.org
Sat Oct 30 07:33:20 PDT 2021 

chunkeey pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/5287defa1fa47a037ba29b653c4599ee145a7e03

commit 5287defa1fa47a037ba29b653c4599ee145a7e03
Author: Sven Roederer <devel-sven at geroedel.de>
AuthorDate: Fri Jul 16 00:44:53 2021 +0200

    dropbear: add config options for agent-forwarding support
    
    * SSH agent forwarding might cause security issues, locally and on the jump
      machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to
      completely disabling it.
    * separate options for client and server
    * keep it enabled by default
    
    Signed-off-by: Sven Roederer <devel-sven at geroedel.de>
---
 package/network/services/dropbear/Config.in | 9 +++++++++
 package/network/services/dropbear/Makefile  | 5 ++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index 15000eff53..d4644fc88f 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -95,6 +95,11 @@ config DROPBEAR_DBCLIENT
 	bool "Build dropbear with dbclient"
 	default y
 
+config DROPBEAR_DBCLIENT_AGENTFORWARD
+	bool "Enable agent forwarding in dbclient"
+	default y
+	depends on DROPBEAR_DBCLIENT
+
 config DROPBEAR_SCP
 	bool "Build dropbear with scp"
 	default y
@@ -109,4 +114,8 @@ config DROPBEAR_ASKPASS
 
 		Increases binary size by about 0.1 kB (MIPS).
 
+config DROPBEAR_AGENTFORWARD
+	bool "Enable agent forwarding"
+	default y
+
 endmenu
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 7fb4b7f123..d518de3f70 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -32,7 +32,8 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
 	CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
 	CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
-	CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS
+	CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \
+	CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD CONFIG_DROPBEAR_AGENTFORWARD
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -135,6 +136,8 @@ DB_OPT_CONFIG = \
 	!!DROPBEAR_ECC_384|CONFIG_DROPBEAR_ECC_FULL|1|0 \
 	!!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \
 	DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \
+	DROPBEAR_CLI_AGENTFWD|CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD|1|0 \
+	DROPBEAR_SVR_AGENTFWD|CONFIG_DROPBEAR_AGENTFORWARD|1|0 \
 
 
 TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto

More information about the lede-commits mailing list