Hi Dave, My first approach would be to run "timeout 600 dropbear -F -E". Established sessions won't be killed since they each session is a forked process. That assumes "timeout" exists on the system busybox etc.
If you want to modify the code put a check after the select() in main_noinetd(). As-is it seems fairly specific so mightn't be worth merging, though maybe there's a more general way to do it. Cheers, Matt On Thu, Mar 08, 2018 at 02:41:12PM +0000, Dave Haynes wrote: > We have a small range of embedded linux devices used in security systems. We > are undertaking a gradual process to harden the default security, and one of > our first tasks has been replace the legacy telnet server with dropbear for > diagnostic access. > > We have compiled dropbear and have it running well, set up to only allow one > session using a patch found on this list. > > We are now considering if it would be worthwhile/useful to modify dropbear > to exit after a period with no active connections. So dropbear runs at boot, > but exits after (say) 10 minutes with no login. The devices can be remotely > rebooted via other means, so there are no access issues for authorised > users. > > Does anyone see any reason this wouldn't be a useful approach? Anyone > patched anything similar before we start hacking about, or any pointers > where to start? > > (We could give the system a task to terminate dropbear, but it would seem > neater to produce a self contained solution.) > > -- > Dave Haynes > RF Design Consultant - Wireless Solutions Ltd. >