You are not logged in.

Pages: 1

#1 2015-08-12 05:06:17

michaelgira
Member
Registered: 2015-07-29
Posts: 25

How do i disable/remove ssh?

Hello.

I recently noticed that two ssh service's from the avahi daemon were being started each time i logged in.

I would like to disable ssh since i do not use it. I see no way to disable it in the configuration file and I'm having a tough time finding an answer online.

I would just remove avahi all together but MPD has it listed as a required package, and MPD is something i use.

Online i found another person with this problem, although the people who replied said they fixed it in an update https://bugzilla.redhat.com/show_bug.cgi?id=845860
However, i don't see a way to disable it in the config files.

What should i do? Removing it will just bring it back whenever avahi updates (unless the way the bug was fixed was to make sure not to bring it back to people who removed it?).

Offline

#2 2015-08-12 07:20:52

ooo
Member
Registered: 2013-04-10
Posts: 1,638

Re: How do i disable/remove ssh?

You could just remove /etc/avahi/services/ssh.service, and add the file to NoExtract in your pacman.conf to prevent it from returning with future updates. See 'man pacman.conf' for details.

Offline

#3 2015-08-12 08:36:25

michaelgira
Member
Registered: 2015-07-29
Posts: 25

Re: How do i disable/remove ssh?

ooo wrote:

You could just remove /etc/avahi/services/ssh.service, and add the file to NoExtract in your pacman.conf to prevent it from returning with future updates. See 'man pacman.conf' for details.


Thank you! I didn't know you could do that with pacman. I'll try it out tomorrow when i can.

I have a bonus question if you or anyone else knows the answer,

Does having avahi with the ssh service thing bad security wise? I've just started to realize how many packages rely on it, so it seems hard to avoid.

I don't know much about ssh, but i'm always hearing people say to make sure you disable ssh for root remote login, etc. There isn't an option for that in avahi.
I never downloaded anything specifically ssh related, such as openssh. Avahi just happened to contain ssh service.

So, am i making a big deal over nothing? Or is it a security fault to do this?

Offline

#4 2015-08-12 08:47:52

Awebb
Member
Registered: 2010-05-06
Posts: 6,294

Re: How do i disable/remove ssh?

You should read yourself into systemctl and general service handling in systemd.

Offline

#5 2015-08-12 08:51:54

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: How do i disable/remove ssh?

The avahi service file just advertises the availability of a service on a given port (SSH on 22 in this case). AFAICT, if sshd is not running, or-for example--is running on either a non-standard port or with a sane configuration (ie., password and root logins disabled, etc) then there is no issue.

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#6 2015-08-12 09:43:09

ooo
Member
Registered: 2013-04-10
Posts: 1,638

Re: How do i disable/remove ssh?

If you don't have ssh server installed, there's no way avahi could have started it.

Looks like I too have avahi installed and started automatically as gnome dependency. Interestingly I don't see any ssh processes started by avahi or otherwise running. I have openssh installed as well, but I've never used it as server.

Awebb wrote:

You should read yourself into systemctl and general service handling in systemd.

avahi services are completely different thing from systemd services.

Offline

#7 2015-08-12 10:23:08

Awebb
Member
Registered: 2010-05-06
Posts: 6,294

Re: How do i disable/remove ssh?

ooo wrote:
Awebb wrote:

You should read yourself into systemctl and general service handling in systemd.

avahi services are completely different thing from systemd services.

I know. That doesn't change anything. If sshd is running, then it is running as a systemd service. Avahi does not start servers.

Offline

#8 2015-08-12 10:50:38

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: How do i disable/remove ssh?

OP should post the messages he's seeing.

Offline

#9 2015-08-12 20:03:03

michaelgira
Member
Registered: 2015-07-29
Posts: 25

Re: How do i disable/remove ssh?

jasonwryan wrote:

The avahi service file just advertises the availability of a service on a given port (SSH on 22 in this case). AFAICT, if sshd is not running, or-for example--is running on either a non-standard port or with a sane configuration (ie., password and root logins disabled, etc) then there is no issue.

I don't remember installing anything ssh related. I used 

sudo pacman -Qi sshd

and it said 

error: packages 'sshd' was not found

i checked my services and couldn't find it either. Is there another way i should check to see if i have it running?

ooo wrote:

If you don't have ssh server installed, there's no way avahi could have started it.

Looks like I too have avahi installed and started automatically as gnome dependency. Interestingly I don't see any ssh processes started by avahi or otherwise running. I have openssh installed as well, but I've never used it as server.

I didn't install openssh or anything like that. I don't see it in my processes, just in my log. I actually came across it by accident when looking for something else.

karol wrote:

OP should post the messages he's seeing.

Sure thing.

avahi-daemon: Loading service file /services/sftp-ssh.service.
avahi-daemon: Loading service file /services/ssh.service.
avahi-daemon: Service "myhostname" (/services/ssh.service) successfully established.
avahi-daemon: Service "myhostname" (/services/sftp-ssh.service) successfully established.

Offline

#10 2015-08-12 20:04:10

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: How do i disable/remove ssh?

$ pkgfile -v ssh.service
extra/avahi 0.6.31-16   /etc/avahi/services/ssh.service

Offline

#11 2015-08-12 20:37:04

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: How do i disable/remove ssh?

In addition to what karol posted:

┌─[Veles ~]
└─╼ pkgfile sshd
core/openssh
community/fail2ban
community/logwatch

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#12 2015-08-12 20:41:44

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: How do i disable/remove ssh?

$ systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
   Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
$ systemctl status ssh
● ssh.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

Offline

#13 2015-08-12 21:49:26

michaelgira
Member
Registered: 2015-07-29
Posts: 25

Re: How do i disable/remove ssh?

karol wrote:
$ pkgfile -v ssh.service
extra/avahi 0.6.31-16   /etc/avahi/services/ssh.service

I got the same result you did.

$ pkgfile -v ssh.service
extra/avahi 0.6.31-16	/etc/avahi/services/ssh.service
jasonwryan wrote:

In addition to what karol posted:

┌─[Veles ~]
└─╼ pkgfile sshd
core/openssh
community/fail2ban
community/logwatch

I'm sorry, I'm not too sure what I should do here. Is something i should post in my pacman.conf?

karol wrote:

$ systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
   Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
$ systemctl status ssh
● ssh.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

I get 

$ systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
   Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

and 

$ systemctl status ssh
● ssh.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

Which both looks like the same output that you got again.

Judging by the last output, it looks like i don't have ssh. Is that correct? Does this mean I'm okay?

Offline

#14 2015-08-13 11:54:52

Makko
Member
Registered: 2015-08-05
Posts: 2

Re: How do i disable/remove ssh?

I think it should be pointed out that avahi .service files and systemd .service files are not the same thing.

systemd controls the services running on your machine. For ssh, the server is called sshd and the accompanying service file should be in 

/lib/systemd/system/sshd.service

Note that this service file, the ssh server itself (sshd) and the ssh client (ssh) are all provided by the openssh package.
So to check if you have openssh installed: 

pacman -Q openssh

and to see if you have the ssh server running: 

systemctl status sshd

avahi, on the other hand, uses .service files to figure out how to announce services over the network. These files are found in 

/etc/avahi/services

Note that it just announces the services, but doesn't start any systemd services on your system.
Now, I personally have no experience with avahi, and I find it strange that it would announce services which aren't actually running, but that might just be how it works.

Whatever the case, if you don't have sshd running or if you do have it running, but have it set up properly, you should be safe smile

Hope this helps

Offline

Pages: 1

Board footer

Powered by FluxBB