From 6371159b4ae8b4dd94d6319ac805b0c26962bb14 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Tue, 27 Jun 2017 22:30:01 +0200 Subject: [PATCH] dropbear: add option to set max auth tries Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel --- package/network/services/dropbear/Makefile | 2 +- package/network/services/dropbear/files/dropbear.init | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 05df1bc6ac..7302db273c 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2017.75 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 2d23ebd045..3d8cb2ca5e 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -41,6 +41,7 @@ validate_section_dropbear() 'Port:list(port):22' \ 'SSHKeepAlive:uinteger:300' \ 'IdleTimeout:uinteger:0' \ + 'MaxAuthTries:uinteger:3' \ 'mdns:bool:1' } @@ -49,7 +50,7 @@ dropbear_instance() local PasswordAuth enable Interface GatewayPorts \ RootPasswordAuth RootLogin rsakeyfile \ BannerFile Port SSHKeepAlive IdleTimeout \ - mdns ipaddrs + MaxAuthTries mdns ipaddrs validate_section_dropbear "${1}" || { echo "validation failed" @@ -78,6 +79,7 @@ dropbear_instance() append_ports "${ipaddrs}" "${Port}" [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" + [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}" [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" procd_set_param respawn procd_close_instance