You are not logged in.

#1 2008-06-02 03:09:24

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Arch install CD has SSH running - why?

Is there a good reason for the OpenSSH daemon to be started on boot on the Arch install CD? It seems hardly likely that anyone would want to do a CD install over SSH. On the other hand, there's security hazard if sshd allows root access (AFAIK the CD doesn't have a root password), and if it doesn't, then it's just taking up space on the CD.

What's the rationale here?

Offline

#2 2008-06-02 04:26:07

Redroar
Member
Registered: 2008-03-17
Posts: 200

Re: Arch install CD has SSH running - why?

Why wouldn't someone want to do a CD install over SSH? A lot of servers don't have monitors attached, and if all you have to do is insert CD and log in via SSH to do the installation, it can be easier than pulling a monitor + keyboard into the server room to do it directly. And as far as security risk...if you're that concerned, then just unplug the ethernet cable when installing, kill sshd, and reconnect the ethernet cable.

Oh, and as far as space, it takes up 1.7MB. For what is an essential in servers, meaning the package will be on the CD anyway (weighing in at .7MB compressed), it really isn't that much. Again, this could be very helpful if for some reason you *must* do a SSH install.


Stop looking at my signature. It betrays your nature.

Offline

#3 2008-06-02 04:56:17

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: Arch install CD has SSH running - why?

Okay, now I feel dumb. tongue

Offline

#4 2008-06-02 12:52:05

broch
Banned
From: L.A. California
Registered: 2006-11-13
Posts: 975

Re: Arch install CD has SSH running - why?

shrug,
the proper order:
1) no servers running
2) start whichever server you want,

..and stop making assumptions

Offline

#5 2008-06-02 15:04:09

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: Arch install CD has SSH running - why?

broch wrote:

shrug,
the proper order:
1) no servers running
2) start whichever server you want,

yea, for a terminal without a keyboard and a monitor
1) no servers running
2) you're screwed

Offline

#6 2008-06-02 16:18:42

Redroar
Member
Registered: 2008-03-17
Posts: 200

Re: Arch install CD has SSH running - why?

It would be good if they made it so that the default boot timeout had sshd running (because that means it's likely there is no locally attached monitor and keyboard) but if it is started before timeout (meaning there has to be a local monitor and keyboard) sshd won't run. I think that could be a reasonable compromise.


Stop looking at my signature. It betrays your nature.

Offline

#7 2008-06-02 16:28:49

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: Arch install CD has SSH running - why?

I think that's just overcomplicated. I still don't get why it's such a big problem with sshd running by default.

Offline

#8 2008-06-02 16:31:38

anykey
Member
From: Trier, Germany
Registered: 2004-06-12
Posts: 79

Re: Arch install CD has SSH running - why?

of course one absolutely *wants* to do ssh installs. EVEN if the machine *does* have keyboard and monitor.

I don't install many machines otherwise. Reasonable is, kill ssh and all instances via script... but don't turn it off by default please...

Last edited by anykey (2008-06-02 16:32:23)

Offline

#9 2008-06-06 07:16:03

robmaloy
Member
From: Germany
Registered: 2008-05-14
Posts: 263

Re: Arch install CD has SSH running - why?

lol i didnt know that.

imho a really cool feature


☃ Snowman ☃

Offline

#10 2008-06-06 16:02:19

broch
Banned
From: L.A. California
Registered: 2006-11-13
Posts: 975

Re: Arch install CD has SSH running - why?

bender02 wrote:
broch wrote:

shrug,
the proper order:
1) no servers running
2) start whichever server you want,

yea, for a terminal without a keyboard and a monitor
1) no servers running
2) you're screwed

definitely, you are screwed if you don't know how/can't enable server, then you are correct.

Last edited by broch (2008-06-06 16:02:56)

Offline

#11 2008-06-06 16:09:37

Asgaroth
Member
From: Hesse, Germany
Registered: 2008-03-26
Posts: 58

Re: Arch install CD has SSH running - why?

broch wrote:
bender02 wrote:
broch wrote:

shrug,
the proper order:
1) no servers running
2) start whichever server you want,

yea, for a terminal without a keyboard and a monitor
1) no servers running
2) you're screwed

definitely, you are screwed if you don't know how/can't enable server, then you are correct.

I for one definitely don't know how to start a ssh server on a box with no keyboard/$input-device available, if there are no other services running.

So, please enlighten us, how do I start a ssh server without any input devices nor any network access(attaching a keyboard doesn't count)?

Last edited by Asgaroth (2008-06-06 16:11:00)

Offline

#12 2008-06-06 17:18:17

Aaron
Member
From: PA, USA
Registered: 2007-12-19
Posts: 108
Website

Re: Arch install CD has SSH running - why?

SSHD isn't started and enabled by default on your actual setup.

It is ONLY started automatically by the live cd, while you're running off of it.  Once the install is done and you reboot into your arch install, OpenSSH isn't even installed by default.

Where's the issue?

Offline

#13 2008-06-06 17:21:07

elide
Member
From: Russia
Registered: 2007-12-02
Posts: 40

Re: Arch install CD has SSH running - why?

I think that running ssh on install cd is useless, because there is no network autoconfiguration...
Yeah. Ssh running! And what? How should I access host with all network interfaces down? And what about 'ALL: ALL: DENY' in /etc/hosts.deny on install cd?
Last time I install arch on headless machine, I had to connect keyboard and type blindly 'dhcpcd eth0; :>/etc/hosts.deny'...

Offline

#14 2008-06-06 20:50:12

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Arch install CD has SSH running - why?

Can you clarify which cd this is? I didn't think the newest RC ISOs started sshd.

Offline

#15 2008-06-06 22:52:00

Mr.Elendig
#archlinux@freenode channel op
From: The intertubes
Registered: 2004-11-07
Posts: 4,092

Re: Arch install CD has SSH running - why?

elide wrote:

I think that running ssh on install cd is useless, because there is no network autoconfiguration...
Yeah. Ssh running! And what? How should I access host with all network interfaces down? And what about 'ALL: ALL: DENY' in /etc/hosts.deny on install cd?
Last time I install arch on headless machine, I had to connect keyboard and type blindly 'dhcpcd eth0; :>/etc/hosts.deny'...

bugs.archlinux.org => make a feature request for optional autosetup of net (with dhcpcd) and ssh allowed in hosts.allow
Or even better, add it youself and submit a patch >_>


Evil #archlinux@libera.chat channel op and general support dude.
. files on github, Screenshots, Random pics and the rest

Offline

#16 2008-06-07 02:20:28

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: Arch install CD has SSH running - why?

phrakture wrote:

Can you clarify which cd this is? I didn't think the newest RC ISOs started sshd.

Oh... I'm using 2008.03. N/M.

Offline

#17 2013-08-31 15:47:30

Jasper1984
Member
Registered: 2012-09-06
Posts: 9

Re: Arch install CD has SSH running - why?

Does this mean that if you're connected to the internet during use of live cd, anyone can access the live cd session with ssh and arbitrarilly alter the install? AFAICS it does. Even if you dont install, it might leave something nasty behind.

If so, how can you possibly not see the problem? (Dig deep)

How is this 'the arch way' if people cannot take control of their security?

A timeout waiting for the user to do something and then using sshd is only a partial solution. People may start it and walk away.. Another one may be having a separate .iso for it, or running a command to add a file to the iso, that instructs the live cd what to do?(that might be useful otherwise)

Btw: as long as it fits a plain cdrom, stuff whatever goodies you can in the iso imo smile why the fuck not. Just dont run too much of it defaultly.

Last edited by Jasper1984 (2013-08-31 15:48:56)

Offline

#18 2013-08-31 16:12:44

mariusmeyer
Member
From: Norway
Registered: 2009-04-25
Posts: 244

Re: Arch install CD has SSH running - why?

Epic necrobump tongue

Offline

#19 2013-08-31 16:22:25

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Arch install CD has SSH running - why?

Closed.

I don't think a somewhat trollish response to a 5 year old thread is going to be off much use.  If there is a question regarding a modern install media, please start a new thread.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

Board footer

Powered by FluxBB