dropbear_kill_clients.sh

#!/bin/sh -eu

#
# This InitRAMFS script provides:
# Simple script to kill all DropBear client sessions if the InitRAMFS is left
# Intended for Debian 6.0 Squeeze
#
# Copyright: Matthias Bücher, see https://www.maddes.net/
# License: GNU GPL v2 or later, see http://www.gnu.org/licenses/gpl.html
#
# Adopted from http://www.howtoforge.com/unlock-a-luks-encrypted-root-partition-via-ssh-on-ubuntu#comment-25990
#
# Thanks to:
# - Wulf Coulmann; http://gpl.coulmann.de/ssh_luks_unlock.html
#   for his tremendeous effort to unlock LUKS root parititon remotely on Debian 5.0 Lenny and before
#
# How to use:
# - Copy this hook script as /etc/initramfs-tools/scripts/local-bottom/dropbear_kill_clients.sh
# - chmod +x /etc/initramfs-tools/scripts/local-bottom/dropbear_kill_clients.sh
# - update-initramfs -u -k all
#
# History:
# v1.0 - 2011-02-15
#  initial release
# v1.1 - 2011-03-29
#  fixed some typos, thanks to Sven Greuer
#

PREREQ=""

prereqs()
{
	printf -- '%s\n' "${PREREQ}"
}

case "${1:-}" in
 prereqs)
	prereqs
	exit 0
	;;
esac

#
# Begin real processing
#

NAME=dropbear
PROG=/sbin/dropbear

# get all server pids that should be ignored
unset -v ignore
for server in `cat /var/run/${NAME}*.pid`
 do
	ignore="${ignore:+${ignore} }${server}"
done

# get all running pids and kill client connections
for pid in `pidof "${NAME}"`
 do
	# check if correct program, otherwise process next pid
	grep -q -F -e "${PROG}" "/proc/${pid}/cmdline" || {
		continue
	}

	# check if pid should be ignored (servers)
	skip=0
	for server in ${ignore}
	 do
		if [ "${pid}" = "${server}" ]; then
			skip=1
			break
		fi
	done
	[ "${skip}" -eq 0 ] || continue

	# kill process
	printf -- '%s\n' "${0}: Killing ${pid}..."
	kill -KILL "${pid}"
done