Mercurial > dropbear
annotate debian/README.runit @ 1715:3974f087d9c0
Disallow leading lines before the ident for server (#102)
Per RFC4253 4.2 clients must be able to process other lines of data
before the version string, server behavior is not defined neither
with MUST/SHOULD nor with MAY.
If server process up to 50 lines too - it may cause too long hanging
session with invalid/evil client that consume host resources and
potentially may lead to DDoS on poor embedded boxes.
Let's require first line from client to be version string and fail
early if it's not - matches both RFC and real OpenSSH behavior.
| author | Vladislav Grishenko <themiron@users.noreply.github.com> |
|---|---|
| date | Mon, 15 Jun 2020 18:22:18 +0500 |
| parents | 8c2d2edadf2a |
| children |
| rev | line source |
|---|---|
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 Using the dropbear SSH server with runit's services supervision |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 --------------------------------------------------------------- |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 The dropbear SSH server is perfectly suited to be run under runit's |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 service supervision, and this package already has prepared an adequate |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 service directory. Follow these steps to enable the dropbear service |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 using the runit package. |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 If not yet installed on your system, install the runit package, and make |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 sure its service supervision is enabled (it's by default) |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 # apt-get install runit |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 Make sure the dropbear service normally handled through the sysv init |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 script is stopped |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 # /etc/init.d/dropbear stop |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 Create the system user ``dropbearlog'' which will run the logger service, |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 and own the logs |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 # adduser --system --home /var/log/dropbear --no-create-home dropbearlog |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 Create the log directory and make the newly created system user the owner |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 of this directory |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 # mkdir -p /var/log/dropbear && chown dropbearlog /var/log/dropbear |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 Optionally adjust the configuration of the dropbear service by editing the |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 run script |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 # vi /etc/dropbear/run |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
34 Finally enable the service through runit's update-service(8) program, the |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
35 service will be started within five seconds, and automatically at boot |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
36 time, and the sysv init script will automatically be disabled; see the |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
37 sv(8) program for information on how to control services handled by runit. |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
38 See the svlogd(8) program on how to configure the log service. |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
40 # update-service --add /etc/dropbear |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 Optionally check the status of the service a few seconds later |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
44 # sv status dropbear |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
46 -- Gerrit Pape <[email protected]>, Fri, 02 Mar 2007 20:41:08 +0000 |