Dropbear server exit when idle?
Matt Johnston
matt at ucc.asn.au
Fri Mar 9 23:30:16 AWST 2018
Hi Dave,
My first approach would be to run "timeout 600 dropbear -F
-E". Established sessions won't be killed since they each
session is a forked process. That assumes "timeout" exists
on the system busybox etc.
If you want to modify the code put a check after the
select() in main_noinetd(). As-is it seems fairly specific
so mightn't be worth merging, though maybe there's a more
general way to do it.
Cheers,
Matt
On Thu, Mar 08, 2018 at 02:41:12PM +0000, Dave Haynes wrote:
> We have a small range of embedded linux devices used in security systems. We
> are undertaking a gradual process to harden the default security, and one of
> our first tasks has been replace the legacy telnet server with dropbear for
> diagnostic access.
>
> We have compiled dropbear and have it running well, set up to only allow one
> session using a patch found on this list.
>
> We are now considering if it would be worthwhile/useful to modify dropbear
> to exit after a period with no active connections. So dropbear runs at boot,
> but exits after (say) 10 minutes with no login. The devices can be remotely
> rebooted via other means, so there are no access issues for authorised
> users.
>
> Does anyone see any reason this wouldn't be a useful approach? Anyone
> patched anything similar before we start hacking about, or any pointers
> where to start?
>
> (We could give the system a task to terminate dropbear, but it would seem
> neater to produce a self contained solution.)
>
> --
> Dave Haynes
> RF Design Consultant - Wireless Solutions Ltd.
>
More information about the Dropbear
mailing list