Enhancement #2138

SSH: ssh daemon should listen on 0.0.0.0

Added by Giacomo Sanchietti almost 8 years ago. Updated almost 8 years ago.

Status:CLOSEDStart date:09/03/2013
Priority:NormalDue date:09/16/2013
Assignee:-% Done:

100%

Category:nethserver-openssh
Target version:v6.4-beta2
Resolution: NEEDINFO:No

Description

Like any other daemon, sshd should listen on 0.0.0.0.
With this configuration, the service will be always accessible regardless of system IP changes.

Tested patch:

--- /etc/e-smith/templates/etc/ssh/sshd_config/15ListenAddress    2013-04-30 09:28:33.000000000 +0000
+++ /etc/e-smith/templates-custom/etc/ssh/sshd_config/15ListenAddress    2013-08-28 14:53:55.142023193 +0000
@@ -1,23 +1,5 @@
 #
-# 15ListenAddress -- access is { $sshd{'access'} || 'private' }
+# 15ListenAddress
 #
-{
-    use esmith::NetworksDB;
-
-    my $access = $sshd{'access'} || 'private';
-    my $LocalIP;
-
-    if($access eq 'public') {
-    $OUT = 'ListenAddress 0.0.0.0';
-    } else {
-    my $greenInterface = esmith::NetworksDB->open_ro()->green();
-    if($greenInterface) {
-        $LocalIP = $greenInterface->prop('ipaddr');
-    } else {
-        $LocalIP = '127.0.0.1';
-    }
-    $OUT = 'ListenAddress ' . $LocalIP;
-    }
-}
-

+ListenAddress 0.0.0.0

Associated revisions

Revision 450825f3
Added by Giacomo Sanchietti almost 8 years ago

sshd_config template: listen on 0.0.0.0. Refs #2138

History

#1 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti almost 8 years ago

  • Subject changed from SSH: ssh daemon should listen to 0.0.0.0 to SSH: ssh daemon should listen on 0.0.0.0

#3 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#4 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
New package in nethserver-testing:
  • nethserver-openssh-1.0.2-2.0git450825f3.ns6.noarch.rpm

Test case
OpenSSH server must always listen on 0.0.0.0, no matter what is the value of access property.

Eg:

[root@nsrv ~]# netstat -lanp | grep ssh
tcp        0      0 0.0.0.0:2222                0.0.0.0:*                   LISTEN      24445/sshd

#6 Updated by Davide Principi almost 8 years ago

  • Assignee set to Davide Principi
  • Start date set to 09/03/2013

#7 Updated by Davide Principi almost 8 years ago

  • Due date set to 09/16/2013
  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

Before update

  # cat /etc/ssh/sshd_config  | grep Listen
# 15ListenAddress -- access is private
ListenAddress 192.168.8.2
  # config show sshd
sshd=service
    LoginGraceTime=2m
    MaxAuthTries=6
    PasswordAuthentication=yes
    PermitRootLogin=yes
    Protocol=2
    Runlevels=2,3,4,5
    TCPPort=22
    UsePAM=yes
    access=private
    status=enabled

Upgraded to nethserver-openssh-1.0.2-2.0git450825f3.ns6.noarch

    # cat /etc/ssh/sshd_config  | grep Listen
# 15ListenAddress
ListenAddress 0.0.0.0
    # config show sshd
sshd=service
    LoginGraceTime=2m
    MaxAuthTries=6
    PasswordAuthentication=yes
    PermitRootLogin=yes
    Protocol=2
    Runlevels=2,3,4,5
    TCPPort=22
    UsePAM=yes
    access=private
    status=enabled

#8 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
In nethserver-updates:
  • nethserver-openssh-1.0.3-1.ns6.noarch.rpm

Also available in: Atom PDF