Dropbear server exit when idle?
Dave Haynes
dh at wireless-solutions.ltd.uk
Sat Mar 10 07:17:34 AWST 2018
Matt
Many thanks, that's an excellent sounding suggestion! I wasn't aware of
the timeout command somehow - always good to learn a new trick :-)
I'm not sure if we have timeout on the system at the moment, but I've
already built busybox from source in order to have a more up to date
version, so it won't be any problem to add it. I think we still have to
chase through some unrelated issues caused by the updated busybox, but
it should be worth the effort.
Failing that we will follow your pointers and dig into the code...
Regards
Dave
On 09/03/18 15:30, Matt Johnston wrote:
> Hi Dave,
>
> My first approach would be to run "timeout 600 dropbear -F
> -E". Established sessions won't be killed since they each
> session is a forked process. That assumes "timeout" exists
> on the system busybox etc.
>
> If you want to modify the code put a check after the
> select() in main_noinetd(). As-is it seems fairly specific
> so mightn't be worth merging, though maybe there's a more
> general way to do it.
>
> Cheers,
> Matt
>
> On Thu, Mar 08, 2018 at 02:41:12PM +0000, Dave Haynes wrote:
>> We have a small range of embedded linux devices used in security systems. We
>> are undertaking a gradual process to harden the default security, and one of
>> our first tasks has been replace the legacy telnet server with dropbear for
>> diagnostic access.
>>
>> We have compiled dropbear and have it running well, set up to only allow one
>> session using a patch found on this list.
>>
>> We are now considering if it would be worthwhile/useful to modify dropbear
>> to exit after a period with no active connections. So dropbear runs at boot,
>> but exits after (say) 10 minutes with no login. The devices can be remotely
>> rebooted via other means, so there are no access issues for authorised
>> users.
>>
>> Does anyone see any reason this wouldn't be a useful approach? Anyone
>> patched anything similar before we start hacking about, or any pointers
>> where to start?
>>
>> (We could give the system a task to terminate dropbear, but it would seem
>> neater to produce a self contained solution.)
>>
>> --
>> Dave Haynes
>> RF Design Consultant - Wireless Solutions Ltd.
>>
>
--
Dave Haynes
RF Design Consultant - Wireless Solutions Ltd.
Tel : +44 (0) 1264 358865
Mob : +44 (0) 7887 604950
Wireless Solutions Ltd.
Registered in England & Wales : No. 3813706
Reg. Office : Station House, 50 North St., Havant, Hants. PO9 1QU
http://www.wireless-solutions.ltd.uk
More information about the Dropbear
mailing list