Enhancement #2138
SSH: ssh daemon should listen on 0.0.0.0
Status: | CLOSED | Start date: | 09/03/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 09/16/2013 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-openssh | |||
Target version: | v6.4-beta2 | |||
Resolution: | NEEDINFO: | No |
Description
Like any other daemon, sshd should listen on 0.0.0.0.
With this configuration, the service will be always accessible regardless of system IP changes.
Tested patch:
--- /etc/e-smith/templates/etc/ssh/sshd_config/15ListenAddress 2013-04-30 09:28:33.000000000 +0000 +++ /etc/e-smith/templates-custom/etc/ssh/sshd_config/15ListenAddress 2013-08-28 14:53:55.142023193 +0000 @@ -1,23 +1,5 @@ # -# 15ListenAddress -- access is { $sshd{'access'} || 'private' } +# 15ListenAddress # -{ - use esmith::NetworksDB; - - my $access = $sshd{'access'} || 'private'; - my $LocalIP; - - if($access eq 'public') { - $OUT = 'ListenAddress 0.0.0.0'; - } else { - my $greenInterface = esmith::NetworksDB->open_ro()->green(); - if($greenInterface) { - $LocalIP = $greenInterface->prop('ipaddr'); - } else { - $LocalIP = '127.0.0.1'; - } - $OUT = 'ListenAddress ' . $LocalIP; - } -} - +ListenAddress 0.0.0.0
Associated revisions
sshd_config template: listen on 0.0.0.0. Refs #2138
History
#1 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti almost 8 years ago
- Subject changed from SSH: ssh daemon should listen to 0.0.0.0 to SSH: ssh daemon should listen on 0.0.0.0
#3 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
New package in nethserver-testing:
- nethserver-openssh-1.0.2-2.0git450825f3.ns6.noarch.rpm
Test case
OpenSSH server must always listen on 0.0.0.0, no matter what is the value of access
property.
Eg:
[root@nsrv ~]# netstat -lanp | grep ssh tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 24445/sshd
#6 Updated by Davide Principi almost 8 years ago
- Assignee set to Davide Principi
- Start date set to 09/03/2013
#7 Updated by Davide Principi almost 8 years ago
- Due date set to 09/16/2013
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
Before update
# cat /etc/ssh/sshd_config | grep Listen # 15ListenAddress -- access is private ListenAddress 192.168.8.2 # config show sshd sshd=service LoginGraceTime=2m MaxAuthTries=6 PasswordAuthentication=yes PermitRootLogin=yes Protocol=2 Runlevels=2,3,4,5 TCPPort=22 UsePAM=yes access=private status=enabled
Upgraded to nethserver-openssh-1.0.2-2.0git450825f3.ns6.noarch
# cat /etc/ssh/sshd_config | grep Listen # 15ListenAddress ListenAddress 0.0.0.0 # config show sshd sshd=service LoginGraceTime=2m MaxAuthTries=6 PasswordAuthentication=yes PermitRootLogin=yes Protocol=2 Runlevels=2,3,4,5 TCPPort=22 UsePAM=yes access=private status=enabled
#8 Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
- nethserver-openssh-1.0.3-1.ns6.noarch.rpm