Mercurial > dropbear

view debian/README.runit @ 1715:3974f087d9c0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Disallow leading lines before the ident for server (#102) Per RFC4253 4.2 clients must be able to process other lines of data before the version string, server behavior is not defined neither with MUST/SHOULD nor with MAY. If server process up to 50 lines too - it may cause too long hanging session with invalid/evil client that consume host resources and potentially may lead to DDoS on poor embedded boxes. Let's require first line from client to be version string and fail early if it's not - matches both RFC and real OpenSSH behavior.
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Mon, 15 Jun 2020 18:22:18 +0500
parents 8c2d2edadf2a
children
line wrap: on
line source

Using the dropbear SSH server with runit's services supervision
---------------------------------------------------------------

The dropbear SSH server is perfectly suited to be run under runit's
service supervision, and this package already has prepared an adequate
service directory.  Follow these steps to enable the dropbear service
using the runit package.

If not yet installed on your system, install the runit package, and make
sure its service supervision is enabled (it's by default)

 # apt-get install runit

Make sure the dropbear service normally handled through the sysv init
script is stopped

 # /etc/init.d/dropbear stop

Create the system user ``dropbearlog'' which will run the logger service,
and own the logs

 # adduser --system --home /var/log/dropbear --no-create-home dropbearlog

Create the log directory and make the newly created system user the owner
of this directory

 # mkdir -p /var/log/dropbear && chown dropbearlog /var/log/dropbear

Optionally adjust the configuration of the dropbear service by editing the
run script

 # vi /etc/dropbear/run

Finally enable the service through runit's update-service(8) program, the
service will be started within five seconds, and automatically at boot
time, and the sysv init script will automatically be disabled; see the
sv(8) program for information on how to control services handled by runit.
See the svlogd(8) program on how to configure the log service.

 # update-service --add /etc/dropbear

Optionally check the status of the service a few seconds later

 # sv status dropbear

 -- Gerrit Pape <[email protected]>, Fri, 02 Mar 2007 20:41:08 +0000