Hi Fabrizio Thanks for the reply. We have a similar bash script in our existing system, limiting the number of telnet sessions, I just felt it would be neater, and easier to maintain, if we had a slightly modified dropbear binary for our application, which put all the functionality in one place. Especially so, since we already have a patch in place to limit the number of sessions.
I wasn't really sure what the preferred method might be for this sort of problem in general, so thanks for the feedback. Regards Dave On 08/03/18 16:42, Fabrizio Bertocci wrote: > I don't think you should have this functionality in Dropbear. This is > specific to your use case. > You can still do it with a bash script. At boot the script can check the > /var/log/secure file to see if there is any activity on dropbear (poll > the file size every few seconds)... Reset the internal timer whenever > the file size change between poll cycles, then kill dropbear after your > 10 minutes of inactivity. > > Regards, > Fabrizio > > On Thu, Mar 8, 2018 at 9:41 AM, Dave Haynes > <d...@wireless-solutions.ltd.uk <mailto:d...@wireless-solutions.ltd.uk>> > wrote: > > We have a small range of embedded linux devices used in security > systems. We are undertaking a gradual process to harden the default > security, and one of our first tasks has been replace the legacy > telnet server with dropbear for diagnostic access. > > We have compiled dropbear and have it running well, set up to only > allow one session using a patch found on this list. > > We are now considering if it would be worthwhile/useful to modify > dropbear to exit after a period with no active connections. So > dropbear runs at boot, but exits after (say) 10 minutes with no > login. The devices can be remotely rebooted via other means, so > there are no access issues for authorised users. > > Does anyone see any reason this wouldn't be a useful approach? > Anyone patched anything similar before we start hacking about, or > any pointers where to start? > > (We could give the system a task to terminate dropbear, but it would > seem neater to produce a self contained solution.) > > -- > Dave Haynes > RF Design Consultant - Wireless Solutions Ltd. > > -- Dave Haynes RF Design Consultant - Wireless Solutions Ltd. Tel : +44 (0) 1264 358865 Mob : +44 (0) 7887 604950 Wireless Solutions Ltd. Registered in England & Wales : No. 3813706 Reg. Office : Station House, 50 North St., Havant, Hants. PO9 1QU http://www.wireless-solutions.ltd.uk