[PATCH] dropbear: add config options for agent-forwarding support
Paul Spooren
mail at aparcar.org
Sun Jul 25 16:02:54 PDT 2021
On 7/24/21 8:08 PM, Hauke Mehrtens wrote:
> On 7/16/21 12:44 AM, Sven Roederer wrote:
>> * SSH agent forwarding might cause security issues, locally and on
>> the jump
>> machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to
>> completely disabling it.
>> * separate options for client and server
>> * keep it enabled by default
>>
>
> How much bigger will the dropbear binary get with these options?
>
> Will dropbear always activate agent forwarding for the client connection?
>
> I think it is no security problem when the server always uses agent
> forwarding, but when the client forwards the agent to every host it
> could get a problem.
If I read Svens patch correctly it's only about disabling things
explicitly which are "possible" by default. Forwarding only happens when
using `ssh -A`. Therefore this patch shouldn't add any size at all.
>
>> Signed-of-by: Sven Roederer <devel-sven at geroedel.de>
>> ---
>> package/network/services/dropbear/Config.in | 9 +++++++++
>> package/network/services/dropbear/Makefile | 5 ++++-
>> 2 files changed, 13 insertions(+), 1 deletion(-)
>>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list