Dropbear server exit when idle?

Dave Haynes dh at wireless-solutions.ltd.uk
Sat Mar 10 07:26:45 AWST 2018 

Hi Fabrizio

Thanks for the reply. We have a similar bash script in our existing
system, limiting the number of telnet sessions, I just felt it would be
neater, and easier to maintain, if we had a slightly modified dropbear
binary for our application, which put all the functionality in one
place. Especially so, since we already have a patch in place to limit
the number of sessions.

I wasn't really sure what the preferred method might be for this sort of
problem in general, so thanks for the feedback.

Regards

Dave

On 08/03/18 16:42, Fabrizio Bertocci wrote:
> I don't think you should have this functionality in Dropbear. This is
> specific to your use case.
> You can still do it with a bash script. At boot the script can check the
> /var/log/secure file to see if there is any activity on dropbear (poll
> the file size every few seconds)... Reset the internal timer whenever
> the file size change between poll cycles, then kill dropbear after your
> 10 minutes of inactivity.
> 
> Regards,
> Fabrizio
> 
> On Thu, Mar 8, 2018 at 9:41 AM, Dave Haynes
> <dh at wireless-solutions.ltd.uk <mailto:dh at wireless-solutions.ltd.uk>> wrote:
> 
>     We have a small range of embedded linux devices used in security
>     systems. We are undertaking a gradual process to harden the default
>     security, and one of our first tasks has been replace the legacy
>     telnet server with dropbear for diagnostic access.
> 
>     We have compiled dropbear and have it running well, set up to only
>     allow one session using a patch found on this list.
> 
>     We are now considering if it would be worthwhile/useful to modify
>     dropbear to exit after a period with no active connections. So
>     dropbear runs at boot, but exits after (say) 10 minutes with no
>     login. The devices can be remotely rebooted via other means, so
>     there are no access issues for authorised users.
> 
>     Does anyone see any reason this wouldn't be a useful approach?
>     Anyone patched anything similar before we start hacking about, or
>     any pointers where to start?
> 
>     (We could give the system a task to terminate dropbear, but it would
>     seem neater to produce a self contained solution.)
> 
>     -- 
>     Dave Haynes
>     RF Design Consultant - Wireless Solutions Ltd.
> 
> 

-- 
Dave Haynes
RF Design Consultant - Wireless Solutions Ltd.
Tel : +44 (0) 1264 358865
Mob : +44 (0) 7887 604950

Wireless Solutions Ltd.
Registered in England & Wales : No. 3813706
Reg. Office : Station House, 50 North St., Havant, Hants. PO9 1QU
http://www.wireless-solutions.ltd.uk

More information about the Dropbear mailing list