Puredyne Live

sshd started on boot

Bug #504539 reported by Claude Heiland-Allen
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Puredyne Live
Fix Released
Critical
agagag

Bug Description

sshd is started on boot, which is a big security problem with the known livecd user/pass

Claude Heiland-Allen (claudiusmaximus)
Changed in puredyne-live:
importance: Undecided → Critical
Revision history for this message
agagag (anton) wrote :

the cutest fix for this is to add the /etc/ssh/sshd_not_to_be_run file. This will disable sshd and let you know when the service starts like so:

 sudo /etc/init.d/ssh restart
 * Restarting OpenBSD Secure Shell server sshd [ OK ]
 * OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)

easy to change back by removing this file.

Changed in puredyne-live:
assignee: nobody → agagag (anton)
agagag (anton)
Changed in puredyne-live:
status: New → Fix Committed
Revision history for this message
Aymeric Mansoux (aymeric) wrote :

hey did not know this one!
cute :)

Claude Heiland-Allen (claudiusmaximus)
Changed in puredyne-live:
status: Fix Committed → Fix Released
Claude Heiland-Allen (claudiusmaximus)
visibility: private → public
Revision history for this message
Grant Centauri (gcentauri) wrote :

this is cute, but would there be a way to add a comment to the /etc/ssh/sshd_not_to_be_run file?

i was able to get far enough to discover this file, but had no idea what to do with it.

would it be possible to write a script to easily undo this and start up ssh?

something like:

sudo su
rm /etc/ssh/sshd_not_to_be_run
/etc/init.d/ssh start

?

Revision history for this message
danstowell (danstowell) wrote :

Hi Grant - Good suggestion, but I think it's probably something best solved by documentation rather than a script. (I generally don't like the idea of installing a script with "sudo rm" in it ;)

So I've written this documentation page:
http://en.wikibooks.org/wiki/Puredyne/SSH_into_your_Puredyne_system

Seems OK? Please feel free to edit that page if you can make it better!

Revision history for this message
Grant Centauri (gcentauri) wrote :

You're right about the script. I thought of that a few hours later. Somewhat dangerous.

The documentation looked perfect, covered everything and more!

I still think maybe a comment in the file describing what it is might be helpful too. I opened it in nano when I found it to try and see what it did, but it was just empty.

Thanks.

Revision history for this message
danstowell (danstowell) wrote :

ok done, thanks

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.