You are not logged in.
Pages: 1
Hello.
I recently noticed that two ssh service's from the avahi daemon were being started each time i logged in.
I would like to disable ssh since i do not use it. I see no way to disable it in the configuration file and I'm having a tough time finding an answer online.
I would just remove avahi all together but MPD has it listed as a required package, and MPD is something i use.
Online i found another person with this problem, although the people who replied said they fixed it in an update https://bugzilla.redhat.com/show_bug.cgi?id=845860
However, i don't see a way to disable it in the config files.
What should i do? Removing it will just bring it back whenever avahi updates (unless the way the bug was fixed was to make sure not to bring it back to people who removed it?).
Offline
You could just remove /etc/avahi/services/ssh.service, and add the file to NoExtract in your pacman.conf to prevent it from returning with future updates. See 'man pacman.conf' for details.
Offline
You could just remove /etc/avahi/services/ssh.service, and add the file to NoExtract in your pacman.conf to prevent it from returning with future updates. See 'man pacman.conf' for details.
Thank you! I didn't know you could do that with pacman. I'll try it out tomorrow when i can.
I have a bonus question if you or anyone else knows the answer,
Does having avahi with the ssh service thing bad security wise? I've just started to realize how many packages rely on it, so it seems hard to avoid.
I don't know much about ssh, but i'm always hearing people say to make sure you disable ssh for root remote login, etc. There isn't an option for that in avahi.
I never downloaded anything specifically ssh related, such as openssh. Avahi just happened to contain ssh service.
So, am i making a big deal over nothing? Or is it a security fault to do this?
Offline
You should read yourself into systemctl and general service handling in systemd.
Offline
The avahi service file just advertises the availability of a service on a given port (SSH on 22 in this case). AFAICT, if sshd is not running, or-for example--is running on either a non-standard port or with a sane configuration (ie., password and root logins disabled, etc) then there is no issue.
Offline
If you don't have ssh server installed, there's no way avahi could have started it.
Looks like I too have avahi installed and started automatically as gnome dependency. Interestingly I don't see any ssh processes started by avahi or otherwise running. I have openssh installed as well, but I've never used it as server.
You should read yourself into systemctl and general service handling in systemd.
avahi services are completely different thing from systemd services.
Offline
Awebb wrote:You should read yourself into systemctl and general service handling in systemd.
avahi services are completely different thing from systemd services.
I know. That doesn't change anything. If sshd is running, then it is running as a systemd service. Avahi does not start servers.
Offline
OP should post the messages he's seeing.
Offline
The avahi service file just advertises the availability of a service on a given port (SSH on 22 in this case). AFAICT, if sshd is not running, or-for example--is running on either a non-standard port or with a sane configuration (ie., password and root logins disabled, etc) then there is no issue.
I don't remember installing anything ssh related. I used
sudo pacman -Qi sshd
and it said
error: packages 'sshd' was not found
i checked my services and couldn't find it either. Is there another way i should check to see if i have it running?
If you don't have ssh server installed, there's no way avahi could have started it.
Looks like I too have avahi installed and started automatically as gnome dependency. Interestingly I don't see any ssh processes started by avahi or otherwise running. I have openssh installed as well, but I've never used it as server.
I didn't install openssh or anything like that. I don't see it in my processes, just in my log. I actually came across it by accident when looking for something else.
OP should post the messages he's seeing.
Sure thing.
avahi-daemon: Loading service file /services/sftp-ssh.service.
avahi-daemon: Loading service file /services/ssh.service.
avahi-daemon: Service "myhostname" (/services/ssh.service) successfully established.
avahi-daemon: Service "myhostname" (/services/sftp-ssh.service) successfully established.
Offline
$ pkgfile -v ssh.service
extra/avahi 0.6.31-16 /etc/avahi/services/ssh.service
Offline
In addition to what karol posted:
┌─[Veles ~]
└─╼ pkgfile sshd
core/openssh
community/fail2ban
community/logwatch
Offline
$ systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; disabled; vendor preset: disabled)
Active: inactive (dead)
$ systemctl status ssh
● ssh.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
Offline
$ pkgfile -v ssh.service extra/avahi 0.6.31-16 /etc/avahi/services/ssh.service
I got the same result you did.
$ pkgfile -v ssh.service
extra/avahi 0.6.31-16 /etc/avahi/services/ssh.service
In addition to what karol posted:
┌─[Veles ~]
└─╼ pkgfile sshd
core/openssh
community/fail2ban
community/logwatch
I'm sorry, I'm not too sure what I should do here. Is something i should post in my pacman.conf?
$ systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; disabled; vendor preset: disabled)
Active: inactive (dead)
$ systemctl status ssh
● ssh.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
I get
$ systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; disabled; vendor preset: disabled)
Active: inactive (dead)
and
$ systemctl status ssh
● ssh.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
Which both looks like the same output that you got again.
Judging by the last output, it looks like i don't have ssh. Is that correct? Does this mean I'm okay?
Offline
I think it should be pointed out that avahi .service files and systemd .service files are not the same thing.
systemd controls the services running on your machine. For ssh, the server is called sshd and the accompanying service file should be in
/lib/systemd/system/sshd.service
Note that this service file, the ssh server itself (sshd) and the ssh client (ssh) are all provided by the openssh package.
So to check if you have openssh installed:
pacman -Q openssh
and to see if you have the ssh server running:
systemctl status sshd
avahi, on the other hand, uses .service files to figure out how to announce services over the network. These files are found in
/etc/avahi/services
Note that it just announces the services, but doesn't start any systemd services on your system.
Now, I personally have no experience with avahi, and I find it strange that it would announce services which aren't actually running, but that might just be how it works.
Whatever the case, if you don't have sshd running or if you do have it running, but have it set up properly, you should be safe
Hope this helps
Offline
Pages: 1