Opened 7 years ago

Closed 11 months ago

#9459 closed enhancement (no change required)

sshd should not be enabled by default

Reported by: bbjimmy Owned by: darkwyrm
Priority: low Milestone: R1
Component: Servers/services_daemon Version: R1/alpha4.1
Keywords: sshd Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

The sshd daemon is launched on a default set-up of haiku. This is on the latest nightly, haiku-nightly-hrev45284-x86gcc2hybrid-raw.zip as well as r1a4.1

This service should not be enabled by default.

/boot/common/settings/network/services:

#service telnet {
#	launch	telnetd
#}

#service ftp {
#	launch	ftpd
#}

service ssh {
	launch	/boot/common/bin/sshd -D
	stand_alone
}

should be:

#service telnet {
#	launch	telnetd
#}

#service ftp {
#	launch	ftpd
#}

#service ssh {
#	launch	/boot/common/bin/sshd -D
#	stand_alone
#}

Change History (6)

comment:1 by axeld, 7 years ago

Do you have any actual reasons against it? It's very convenient to have one running, and we do not have any UI method to enable/disable them.

comment:2 by bbjimmy, 7 years ago

HAIKU already has a reputation of lacking security. There is no need to add to this.

It is generally considered to be a security risk to have an unrequested network service open by default. Is there a valid reason to have an ssh daemon running on a desktop computer that has just one user?

A simple bash script could be added to enable/disable sshd after install, but at least give the user the option to enable or not.

in reply to:  2 comment:3 by siarzhuk, 7 years ago

Replying to bbjimmy:

It is generally considered to be a security risk to have an unrequested network service open by default. Is there a valid reason to have an ssh daemon running on a desktop computer that has just one user?

Have you already hacked freshly installed Haiku in this way? ;-) It is development platform and developers sometime need any available way to access systems with locked UI or dead graphics hardware to find the source of problem. Disabling sshd now dosen't help to improve security but make more problems in developing Haiku.

-1

comment:4 by umccullough, 7 years ago

Priority: normallow
Type: bugenhancement

Certainly not a bug...

I think it's fine to leave this open as an "R1" milestone item - perhaps it makes sense to turn it off during the beta cycles.

comment:5 by umccullough, 7 years ago

Summary: sshd enabled by defaultsshd should not be enabled by default

comment:6 by waddlesplash, 11 months ago

Resolution: no change required
Status: newclosed

It is generally considered to be a security risk to have an unrequested network service open by default.

All Linuxes and BSDs ship with sshd running by default. And it is not a security risk really; it disables signing in as root by default, and does not allow signing in as users with no passwords (and so there is no way to "use" it unless you manually create a user or set a password, but this is the expected behavior.)

Note: See TracTickets for help on using tickets.