Dropbear server exit when idle?
Dave Haynes
dh at wireless-solutions.ltd.uk
Sat Mar 10 07:26:45 AWST 2018
Hi Fabrizio
Thanks for the reply. We have a similar bash script in our existing
system, limiting the number of telnet sessions, I just felt it would be
neater, and easier to maintain, if we had a slightly modified dropbear
binary for our application, which put all the functionality in one
place. Especially so, since we already have a patch in place to limit
the number of sessions.
I wasn't really sure what the preferred method might be for this sort of
problem in general, so thanks for the feedback.
Regards
Dave
On 08/03/18 16:42, Fabrizio Bertocci wrote:
> I don't think you should have this functionality in Dropbear. This is
> specific to your use case.
> You can still do it with a bash script. At boot the script can check the
> /var/log/secure file to see if there is any activity on dropbear (poll
> the file size every few seconds)... Reset the internal timer whenever
> the file size change between poll cycles, then kill dropbear after your
> 10 minutes of inactivity.
>
> Regards,
> Fabrizio
>
> On Thu, Mar 8, 2018 at 9:41 AM, Dave Haynes
> <dh at wireless-solutions.ltd.uk <mailto:dh at wireless-solutions.ltd.uk>> wrote:
>
> We have a small range of embedded linux devices used in security
> systems. We are undertaking a gradual process to harden the default
> security, and one of our first tasks has been replace the legacy
> telnet server with dropbear for diagnostic access.
>
> We have compiled dropbear and have it running well, set up to only
> allow one session using a patch found on this list.
>
> We are now considering if it would be worthwhile/useful to modify
> dropbear to exit after a period with no active connections. So
> dropbear runs at boot, but exits after (say) 10 minutes with no
> login. The devices can be remotely rebooted via other means, so
> there are no access issues for authorised users.
>
> Does anyone see any reason this wouldn't be a useful approach?
> Anyone patched anything similar before we start hacking about, or
> any pointers where to start?
>
> (We could give the system a task to terminate dropbear, but it would
> seem neater to produce a self contained solution.)
>
> --
> Dave Haynes
> RF Design Consultant - Wireless Solutions Ltd.
>
>
--
Dave Haynes
RF Design Consultant - Wireless Solutions Ltd.
Tel : +44 (0) 1264 358865
Mob : +44 (0) 7887 604950
Wireless Solutions Ltd.
Registered in England & Wales : No. 3813706
Reg. Office : Station House, 50 North St., Havant, Hants. PO9 1QU
http://www.wireless-solutions.ltd.uk
More information about the Dropbear
mailing list