DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default confusion about ssh

Hi during insatall of 6.2 I was asked if I want to

(a) enable sshd and (b) allow root login (ssh)

I was in a hurry and cant recall what I chose.

Now that installation is finished is there a way to find out

if I had enabled ssh ? I don't need it.

Code:
$ rcctl ls on
check_quotas
cron
library_aslr
ntpd
pf
pflogd
slaacd
smtpd
sndiod
syslogd

Last edited by bsd007; 9th October 2017 at 09:51 PM.
Reply With Quote
  #2   (View Single Post)  
Old 9th October 2017
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

sshd_config(5)
Specifically, the option PermitRootLogin.
I would leave sshd running tbh. Even if you feel you don't need it, it will almost certainly save you in an emergency. As long as you have sane passwords (or perhaps, use keys and disable passwords), it's fine.
Reply With Quote
  #3   (View Single Post)  
Old 9th October 2017
PapaParrot's Avatar
PapaParrot PapaParrot is offline
parrot
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 472
Default

Quote:
Now that installation is finished is there a way to find out

if I had enabled ssh ?
One way would be to try to connect to your localhost via ssh, if it is not enabled you won't be able to.
Code:
$ ssh localhost
garry@localhost's password: 
 Last login: Mon Oct  9 06:41:34 2017
OpenBSD 6.1 (GENERIC.MP) #5: Mon Jun 12 20:52:45 CEST 2017

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

$
Much more details are available :

how to see if ssh is enabled on OpenBsd
================
https://man.openbsd.org/ssh_config
===============================
https://man.openbsd.org/sshd
====================
http://daemonforums.org/showthread.php?t=2012
Quote:
Nightweaver >>
SSH server is already there. You just have to enable it in /etc/rc.conf to be started at boot. Configuration is done in /etc/ssh/sshd_config. For more details check: http://www.openssh.org/faq.html
__________________
If it moves, crypt it. Unless it's static - than you should double-crypt it.
__________________
My best friends are parrots
Reply With Quote
  #4   (View Single Post)  
Old 9th October 2017
TronDD TronDD is offline
Spam Deminer
 
Join Date: Sep 2014
Posts: 304
Default

Looks like it's not enabled according to rcctl. You'd see sshd there, normally.

Also, check root's mail. The installer mails root the responses used during install/upgrade.

If you set up a user during install, the mail will be forwarded to that user's mailbox.
Reply With Quote
  #5   (View Single Post)  
Old 9th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Code:
$ ssh localhost
ssh: connect to host localhost port 22: Connection refused


When I do

Code:
$ pgrep sshd                                                                 
$
I get nothing but when I do

Code:
$ pgrep ssh  
29731
I get 29731.

What is this 29731 ?
Reply With Quote
  #6   (View Single Post)  
Old 9th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Code:
$  ps aux | grep ssh 
bsd      29731  0.0  0.1   532  1284 ??  Isp    2:00AM    0:00.00 /usr/bin/ssh-agent -s
bsd      79471  0.0  0.0   140   384 p0  R+/0   4:16AM    0:00.00 grep ssh
Reply With Quote
  #7   (View Single Post)  
Old 9th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Found this in mail

Quote:
Start sshd(8) by default = no
So, I guess I am okay.

Thanks for your replies.
Reply With Quote
  #8   (View Single Post)  
Old 10th October 2017
PapaParrot's Avatar
PapaParrot PapaParrot is offline
parrot
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 472
Default

This is a interesting topic to me, and I learned a new command now as well:
Thanks
Quote:
TronDD: Looks like it's not enabled according to rcctl. You'd see sshd there, normally.

Also, check root's mail. The installer mails root the responses used during install/upgrade.

If you set up a user during install, the mail will be forwarded to that user's mailbox.


Code:
$ rcctl ls on
check_quotas
cron
ntpd
pf
pflogd
smtpd
sndiod
sshd
syslogd
$
Thanks
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Words confusion punk0x29a Off-Topic 5 12th June 2013 11:07 PM
confusion about imaps unixjingleman FreeBSD Security 0 10th June 2011 09:59 PM
I.P addressing confusion unixjingleman OpenBSD General 7 16th January 2011 08:42 PM
ip alias confusion hamba FreeBSD General 2 5th June 2008 10:23 AM
Install confusion delboy FreeBSD Ports and Packages 2 25th May 2008 09:20 PM


All times are GMT. The time now is 01:25 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick