gnome-control-center incorrectly claims remote login is off
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-control-center (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
GNOME control center offers a way to disable or enable remote shell (ssh) connections. This functionality is outsourced to /usr/libexec/
if (!cc_disable_
...
if (!cc_enable_service (SSHD_SERVICE, G_BUS_TYPE_SYSTEM, &error))
The irony is that ssh.service is socket activated:
zyga@x240:~$ systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/
Drop-In: /etc/systemd/
Active: active (running) since Tue 2023-10-17 16:40:04 CEST; 21s ago
TriggeredBy: ● ssh.socket
Docs: man:sshd(8)
Process: 7055 ExecStartPre=
Main PID: 7056 (sshd)
Tasks: 1 (limit: 9305)
Memory: 1.4M
CPU: 21ms
CGroup: /system.
└─7056 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
paź 17 16:40:04 x240 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
paź 17 16:40:04 x240 sshd[7056]: Server listening on :: port 22.
paź 17 16:40:04 x240 systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
In effect, it will always activate again whenever someone attempts to connect.
This bug is a security vulnerability, as users may be prone to attacks while thinking remote shell is disabled.
I would suggest to *mask* the service, so that it cannot be socket activated.
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: gnome-control-
ProcVersionSign
Uname: Linux 6.5.0-9-generic x86_64
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Tue Oct 17 16:36:23 2023
InstallationDate: Installed on 2023-10-17 (0 days ago)
InstallationMedia: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1)
ProcEnviron:
LANG=pl_PL.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-
XDG_RUNTIME_
SourcePackage: gnome-control-
UpgradeStatus: No upgrade log present (probably fresh install)
CVE References
information type: | Private Security → Public Security |
Subscribing Sebastien and Jeremy from the Desktop team so they can take a look at the issue.