You are not logged in.
The problem is at the client. When i mount a samba share (with # mount), avahi is started, which starts ssh and sftp. This is wrong on many levels.
Not sure how long this has been going on, someone else already asked this on stackexchange on 11.2.15, but didn't get any answers.
Journal output immediatly after mounting (hostname, ip etc. removed):
Mär 18 01:35:51 hostname dbus[434]: [system] Activating via systemd: service name='org.freedesktop.Avahi' unit='dbus-org.freedesktop.Avahi.service'
Mär 18 01:35:51 hostname systemd[1]: Cannot add dependency job for unit boot.automount, ignoring: Unit boot.automount is masked.
Mär 18 01:35:51 hostname systemd[1]: Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
Mär 18 01:35:51 hostname systemd[1]: Starting Avahi mDNS/DNS-SD Stack Activation Socket.
Mär 18 01:35:51 hostname systemd[1]: Starting Avahi mDNS/DNS-SD Stack...
Mär 18 01:35:51 hostname avahi-daemon[2583]: Found user 'avahi' (UID 84) and group 'avahi' (GID 84).
Mär 18 01:35:51 hostname avahi-daemon[2583]: Successfully dropped root privileges.
Mär 18 01:35:51 hostname avahi-daemon[2583]: avahi-daemon 0.6.31 starting up.
Mär 18 01:35:51 hostname avahi-daemon[2583]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Mär 18 01:35:51 hostname dbus[434]: [system] Successfully activated service 'org.freedesktop.Avahi'
Mär 18 01:35:51 hostname systemd[1]: Started Avahi mDNS/DNS-SD Stack.
Mär 18 01:35:51 hostname avahi-daemon[2583]: Successfully called chroot().
Mär 18 01:35:51 hostname avahi-daemon[2583]: Successfully dropped remaining capabilities.
Mär 18 01:35:51 hostname avahi-daemon[2583]: Loading service file /services/sftp-ssh.service.
Mär 18 01:35:51 hostname avahi-daemon[2583]: Loading service file /services/ssh.service.
Mär 18 01:35:51 hostname avahi-daemon[2583]: Joining mDNS multicast group on interface enp1234.IPv4 with address myip.
Mär 18 01:35:51 hostname avahi-daemon[2583]: New relevant interface enp1234.IPv4 for mDNS.
Mär 18 01:35:51 hostname avahi-daemon[2583]: Network interface enumeration completed.
Mär 18 01:35:51 hostname avahi-daemon[2583]: Registering new address record for myip on enp1234.IPv4.
Mär 18 01:35:51 hostname avahi-daemon[2583]: Registering HINFO record with values 'X86_64'/'LINUX'.
Mär 18 01:35:52 hostname avahi-daemon[2583]: Server startup complete. Host name is hostname.local. Local service cookie is 123.
Mär 18 01:35:53 hostname avahi-daemon[2583]: Service "hostname" (/services/ssh.service) successfully established.
Mär 18 01:35:53 hostname avahi-daemon[2583]: Service "hostname" (/services/sftp-ssh.service) successfully established.Offline
Are you sure it is actually starting ssh and ssftp or is it just having avahi advertise them as existing? From the snippet you quoted, it looks like the latter. Unless you have alread started socket activation for ssh or sftp, whether via systemd *.socket or inetd, I'm not sure it would actually be started.
I think you can rm/mv the sftp-ssh.service and ssh.service files /etc/avahi/services/ and prevent those services from being advertised.
Regards,
Offline
Thanks for your answer.
Are you sure it is actually starting ssh and ssftp or is it just having avahi advertise them as existing?
I'm not sure if anything is started, the term "Service ssh successfully established" sounds like the ssh serrver is started to me, but it might just be strange wording. What does "advertise as existing" mean?
From the snippet you quoted, it looks like the latter. Unless you have alread started socket activation for ssh or sftp, whether via systemd *.socket or inetd, I'm not sure it would actually be started.
I didn't enable anything manually.
I think you can rm/mv the sftp-ssh.service and ssh.service files /etc/avahi/services/ and prevent those services from being advertised.
OK thanks for the hint. Nontheless i would rather stop avahi from starting than configuring it.
Begin rant...
I'm a bit annoyed that avahi is starting without my permission. Seems like systemd is getting a bit overzealous with starting services. Interestingly this was one of the big problems with upstart, and was supposed to be solved with systemd. I still like systemd.
Offline