Search Results for 'ssh'

[Member xm4n]

@moddit & @anticapitalista,

Thank you guys, much appreciated.
Oh btw, where in the installation of the Full antix 19.2 installer where would I see the option to disable port 22/openssh server?

[Forum Admin anticapitalista]

The installer also gives users the option to disable ssh and this keeps port 22 closed.

nmap -sV localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-03 16:19 EEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
Other addresses for localhost (not scanned): 127.0.0.1 127.0.0.1 127.0.0.1 ::1
All 1000 scanned ports on localhost (127.0.0.1) are closed

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.61 seconds

I have ssh disabled (I always do this during installation and I also have openssh-server installed.

apt install openssh-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
openssh-server is already the newest version (1:7.9p1-10+deb10u2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Member ModdIt]

@xm4n
Thanks for bringing this up, ssh server was installed on both my own and kids machines including some very recent standard installations.
tcp port 22 open. Did not expect that, anyway it is fixed now.
Purged open-ssh server as suggested and message to users to do same.
SSH Conduit, 1-to-1 Asst, x11VNC never installed so not pulled in by those.

• This reply was modified 3 years, 1 month ago by ModdIt. Reason: Clarify addition

[Member xm4n]

Cool,
Thanks @anticapitalista

Well, I suppose for every fresh install, I’ll just have to manually remove open ssh-server.
But, I was just, you know, as far as Best security practices is concerned, wanted to show awareness to make sure that port 22 is not open.
Thanks for the input guys.

I think I’m good now.

[Forum Admin anticapitalista]

apt purge openssh-server

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Member xm4n]

Hi @Dolphin_Oracle,
(loved your antix linux video btw…:) )

Checked on fresh install the following:

$ find / -iname openssh-server
/usr/share/doc/openssh-server
/etc/ufw/applications.d/openssh-server
$

hmmmm,

Ok, so I did the following:

$ssh localhost
The authenticity of host ‘localhost (::1)’ can’t be established.
ECDSA key fingerprint is SHA256:–deleted for sec purposes—-
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost’ (ECDSA) to the list of known hosts.
stealth@localhost’s password:
$

Seems openssh server is installed on this fresh install.

Used nmap to be sure:
$ nmap -sV localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-02 15:14 CDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned): ::1 127.0.0.1 127.0.0.1 127.0.0.1
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
$

🙁

BTW, I do not have any SSH Conduit, 1-to-1 Asst, x11VNC, etc. installed at all.

Thoughts?

[Forum Admin dolphin_oracle]

I haven’t check the port status, but on default MX installations we don’t install openssh-server, which probably keeps the port closed.

not having openssh-server does not prevent a user from using ssh to “ssh” to another system. It only disables server side function, not client side.

ssh-conduit-antix will bring in openssh-server if its not installed. since ssh-conduit-antix isn’t installed by default, I don’t see a big issue there.

[Forum Admin SamK]

Dave wrote:

…the package openssh-server could be removed though I think that the remote assistance programs needs it?

That would completely disable SSH-Conduit. It would also disable a major part of x11vnc which is installed as a dependency of 1-to-1-Assistance and as a standalone app in the antiX menu. Additionally ssvnc (the standalone partner app of x11vnc) also a dep of 1-to-1 will break.

[Forum Admin Dave]

On live default cheat codes the ssh service is not started. Therefore the netstat output does not show as ssh server listening. However it is indeed the case that the ssh server is started with a fresh installed system. Thus the netstat output shows ssh as listening on all address on port 22.

Iirc you have the option to choose this when installing through the installers. However I do agree that the service likely should default to off or listen to the local ip 127.0.0.1 only. This can be changed in /etc/ssh/sshd.conf. Or the package openssh-server could be removed though I think that the remote assistance programs needs it?

Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown

In the on-line FAQ
1-to-1 Assistance
1-to-1 Voice
SSH Conduit
All return 404-Not Found

In the installed FAQ the above are also missing

Hi,

after a rather recent update (at most couple of weeks), I have noticed a strange behavior of midnight commander (MC) in ROXTerm, desktop fluxbox in my antiX 19, 64-bit testing.

When I mouse click using left-button (or the middle one) in the panel ‘Name/Size/Modify time’ selection to affect sorting of the items, it has no effect except for ‘#’ appearing after a double click in the command-line at the bottom of the MC’s screen.
Expected behavior is that a single click will modify the sort immediately.

I have F10 keyboard shortcut disabled and that’s probably all I have modified in the profile.
Surprisingly, lxterminal (0.3.2-1+b1) is NOT affected.

I have tried to reinstall (and then purge) both MC and ROXTerm but it was of no help, the issue persists.

I know I can explicitly modify the sort order in left/right panel but that is much more clicks and that I find annoying.

Any ideas?

Comment: If I open ROXTerm, ssh into another PC and open MC in there, it behaves as expected.

——————————————————————
system: antiX 19, 64-bit, testing
desktop: fluxbox
program affected: midnight commander (mc 3:4.8.24-2)
issue: left-button mouse click not working
(local) console affected:
roxterm-gtk2: 2.9.5-1
comments:
roxterm-gtk3: not installable due to dependencies
gpm: 1.20.7-5+b1 installed and running (verified via ‘ps -ax | grep gpm’)

• This topic was modified 3 years, 1 month ago by sybok. Reason: SSH mention

[Member armando]

(my post was deleted, again. but now i know why. is because I edited to many times too fast, past 3 times in a row)
This not answer your question but, I’m going to tell you what I do.

I use windscribe VPN (15GB FREE), I use his extension in the browser.

Windscribe has a linux client for debian 10, ubuntu, fedora, centos, but I don’t use it, I don’t know if depends on systemd. Never tried.

Mainly because I deny outgoing , incoming and foward traffic by default for all programs with ufw.

I create a group named internet that I use for trusted programs like.. qbittorrent, uget, chrome or [insert your browser here].

—– if you are interested or curious here are the easy steps.
As sudo:

I think this is mandatory first:

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

then:

apt install ufw
ufw default deny incoming
ufw default deny outgoing
ufw logging off   #optional, i dont like logs, if something's not working google is the solution lol
ufw enable

groupadd internet
usermod -a -G internet $USER

#add to /etc/rc.local this:
iptables -I OUTPUT 1 -m owner --gid-owner internet -j ACCEPT

chmod +x /etc/rc.local

And thats it. you run your Internet programs as normal user like:

sg internet -c "chrome"
sg internet -c "ping google"
sg internet -c "qbittorrent"

—
Oh one last thing, for some reason apt doesn’t work with:

sg internet -c "apt install x"
sg internet -c "apt update"

I believe its because create a child process or something, if someone know why that would be awsome.

The workarround that i always use is:

sudo ufw disable
sudo apt mybusinesshere
sudo ufw enable

In a function in .bashrc. You can doit manual.

• This reply was modified 3 years, 2 months ago by armando.
• This reply was modified 3 years, 2 months ago by armando.

[Anonymous]

pointless detail, mentioning it mainly as a note-to-self:
Per the screenshot from today’s retest, yes the “sshfs” package remained status:upgradeable even after I had performed the dist-upgrade operation.

re: “update recommends of libgtk2-perl to libgtk3-perl”

Yes, I monitor the changelog, that’s why I had its bookmarked URL onhand when I drafted post #30681
(Anticipating future need, I forked synaptic 0.84.2 and changed its name to ‘wildbob’.
As a rainy days project, I’ve been occasionally hacking at customizing its UI and its featureset.)

[Anonymous]

First of all…
apt search is, demonstrably, not “a joke” ~~ it is just often usually not the best tool for an end-user to choose when attempting to perform the immediate task at hand. It is a tiny, feature-lean, utility which is frequently utilized (called) from within scripted operations.
apropos apt
apropos dpkg
^— following your extended periods of immersion in obarun et al, each time you revisit debianland it will be helpful for you to review the available tools.

Second, FYI, wondering “What new breakage has the Debian Guh-nome Team wrought THIS week?“, I tested what you have described… but I found no breakage.

pristine antiX19Full iso, in virtualbox:
apt update && apt dist-upgrade
then edited the source.list.d/*.list files, removing all references to repos other than: antix “for use with sid” and debian “unstable”

then apt update && apt upgrade
After fussing with some “btrfs file is owned by blahblah” error, I purged the btrfs-whatever package
then apt dist-upgrade apt upgrade
and steppy-stepped through a few minor wrinkles (but none related to synaptic).
Above, I scratched out “dist-upgrade” b/c I apparently hadn’t done that yet ~~ at the time I grabbed the screenshot, sshfs package still hadn’t been upgraded.

[Member DaveW]

Skidoo,
Here is what came up, following attempted install of Calibre, via packageinstaller.
(NOTE: This was attempted twice: first, on Antix-17 LiveUSB, with no persistence setup… second, on installed Antix-17 system. Results were the same, either way.)

$ packageinstaller
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to ‘/tmp/runtime-root’
running cmd: “arch”
running cmd: “cat /etc/debian_version | cut -f1 -d’.'”
running cmd: “dpkg -l packageinstaller| awk ‘NR==6 {print $3}'”
running cmd: “dpkg –get-selections | grep -v deinstall | cut -f1”
running cmd: “apt-get update”
running cmd: “x-terminal-emulator -T ‘Installing packages…’ -e apt-get install –reinstall calibre ”
running cmd: “\n”
running cmd: “dpkg –get-selections | grep -v deinstall | cut -f1”
could not remove listapps file
tree cleared
cleanup code
terminate cmd called
terminating parent process: 6402
kill cmd called
killing parent process: 6402
sh: 1: r: not found
removing lock
QProcess: Destroyed while process (“/bin/bash”) is still running.

Regarding what components of systemd might have been active…
Here is what came up (running a different Antix-17 LiveUSB, with backup of system on which I could not install apparmor). I don’t know the significance of most of these lines. But there are quite a few more than on your system.
[However, in my Antix17 system, where I did install apparmor, there are even more lines (mostly related to apparmor).]

$ locate systemd
/etc/systemd
/etc/apt/preferences.d/00systemd
/etc/systemd/system
/etc/systemd/system/bluetooth.target.wants
/etc/systemd/system/dbus-fi.w1.wpa_supplicant1.service
/etc/systemd/system/dbus-org.bluez.service
/etc/systemd/system/dbus-org.freedesktop.Avahi.service
/etc/systemd/system/default.target.wants
/etc/systemd/system/multi-user.target.wants
/etc/systemd/system/sleep.target.wants
/etc/systemd/system/sockets.target.wants
/etc/systemd/system/sysinit.target.wants
/etc/systemd/system/timers.target.wants
/etc/systemd/system/bluetooth.target.wants/bluetooth.service
/etc/systemd/system/default.target.wants/e2scrub_reap.service
/etc/systemd/system/multi-user.target.wants/avahi-daemon.service
/etc/systemd/system/multi-user.target.wants/console-setup.service
/etc/systemd/system/multi-user.target.wants/lm-sensors.service
/etc/systemd/system/multi-user.target.wants/openvpn.service
/etc/systemd/system/multi-user.target.wants/rsync.service
/etc/systemd/system/multi-user.target.wants/tlp.service
/etc/systemd/system/multi-user.target.wants/ufw.service
/etc/systemd/system/multi-user.target.wants/virtualbox-guest-utils.service
/etc/systemd/system/multi-user.target.wants/wpa_supplicant.service
/etc/systemd/system/sleep.target.wants/tlp-sleep.service
/etc/systemd/system/sockets.target.wants/avahi-daemon.socket
/etc/systemd/system/sysinit.target.wants/keyboard-setup.service
/etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer
/etc/systemd/system/timers.target.wants/apt-daily.timer
/etc/systemd/system/timers.target.wants/e2scrub_all.timer
/lib/systemd
/lib/i386-linux-gnu/libsystemd.so.0
/lib/i386-linux-gnu/libsystemd.so.0.26.0
/lib/systemd/system
/lib/systemd/system-generators
/lib/systemd/system-sleep
/lib/systemd/system/apt-daily-upgrade.service
/lib/systemd/system/apt-daily-upgrade.timer
/lib/systemd/system/apt-daily.service
/lib/systemd/system/apt-daily.timer
/lib/systemd/system/avahi-daemon.service
/lib/systemd/system/avahi-daemon.socket
/lib/systemd/system/bluetooth.service
/lib/systemd/system/configure-printer@.service
/lib/systemd/system/console-setup.service
/lib/systemd/system/dbus.service
/lib/systemd/system/dbus.socket
/lib/systemd/system/e2scrub@.service
/lib/systemd/system/e2scrub_all.service
/lib/systemd/system/e2scrub_all.timer
/lib/systemd/system/e2scrub_fail@.service
/lib/systemd/system/e2scrub_reap.service
/lib/systemd/system/fstrim.service
/lib/systemd/system/fstrim.timer
/lib/systemd/system/keyboard-setup.service
/lib/systemd/system/lm-sensors.service
/lib/systemd/system/multi-user.target.wants
/lib/systemd/system/openvpn-client@.service
/lib/systemd/system/openvpn-server@.service
/lib/systemd/system/openvpn.service
/lib/systemd/system/openvpn@.service
/lib/systemd/system/polkit.service
/lib/systemd/system/rsync.service
/lib/systemd/system/sockets.target.wants
/lib/systemd/system/sudo.service
/lib/systemd/system/tlp-sleep.service
/lib/systemd/system/tlp.service
/lib/systemd/system/ufw.service
/lib/systemd/system/virtualbox-guest-utils.service
/lib/systemd/system/wpa_supplicant-nl80211@.service
/lib/systemd/system/wpa_supplicant-wired@.service
/lib/systemd/system/wpa_supplicant.service
/lib/systemd/system/wpa_supplicant@.service
/lib/systemd/system/xpra.service
/lib/systemd/system/xpra.socket
/lib/systemd/system/multi-user.target.wants/dbus.service
/lib/systemd/system/sockets.target.wants/dbus.socket
/lib/systemd/system-generators/openvpn-generator
/lib/systemd/system-sleep/hdparm
/usr/bin/deb-systemd-helper
/usr/bin/deb-systemd-invoke
/usr/lib/systemd
/usr/lib/apt/apt.systemd.daily
/usr/lib/systemd/user
/usr/lib/systemd/user/dirmngr.service
/usr/lib/systemd/user/dirmngr.socket
/usr/lib/systemd/user/gpg-agent-browser.socket
/usr/lib/systemd/user/gpg-agent-extra.socket
/usr/lib/systemd/user/gpg-agent-ssh.socket
/usr/lib/systemd/user/gpg-agent.service
/usr/lib/systemd/user/gpg-agent.socket
/usr/lib/systemd/user/obex.service
/usr/lib/systemd/user/sockets.target.wants
/usr/lib/systemd/user/sockets.target.wants/dirmngr.socket
/usr/lib/systemd/user/sockets.target.wants/gpg-agent-browser.socket
/usr/lib/systemd/user/sockets.target.wants/gpg-agent-extra.socket
/usr/lib/systemd/user/sockets.target.wants/gpg-agent-ssh.socket
/usr/lib/systemd/user/sockets.target.wants/gpg-agent.socket
/usr/share/doc/libsystemd0
/usr/share/doc/libsystemd0/changelog.Debian.gz
/usr/share/doc/libsystemd0/copyright
/usr/share/man/man1/deb-systemd-helper.1p.gz
/usr/share/man/man1/deb-systemd-invoke.1p.gz
/var/lib/systemd
/var/lib/dpkg/info/libsystemd0:i386.list
/var/lib/dpkg/info/libsystemd0:i386.md5sums
/var/lib/dpkg/info/libsystemd0:i386.shlibs
/var/lib/dpkg/info/libsystemd0:i386.symbols
/var/lib/dpkg/info/libsystemd0:i386.triggers
/var/lib/systemd/deb-systemd-helper-enabled
/var/lib/systemd/deb-systemd-helper-enabled/apt-daily-upgrade.timer.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/apt-daily.timer.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/avahi-daemon.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/avahi-daemon.socket.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/bluetooth.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/bluetooth.target.wants
/var/lib/systemd/deb-systemd-helper-enabled/console-setup.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/dbus-fi.w1.wpa_supplicant1.service
/var/lib/systemd/deb-systemd-helper-enabled/dbus-org.bluez.service
/var/lib/systemd/deb-systemd-helper-enabled/dbus-org.freedesktop.Avahi.service
/var/lib/systemd/deb-systemd-helper-enabled/default.target.wants
/var/lib/systemd/deb-systemd-helper-enabled/e2scrub_all.timer.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/e2scrub_reap.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/fstrim.timer.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/keyboard-setup.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/lm-sensors.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants
/var/lib/systemd/deb-systemd-helper-enabled/openvpn.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/rsync.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/sleep.target.wants
/var/lib/systemd/deb-systemd-helper-enabled/sockets.target.wants
/var/lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants
/var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants
/var/lib/systemd/deb-systemd-helper-enabled/tlp-sleep.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/tlp.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/ufw.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/virtualbox-guest-utils.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/wpa_supplicant.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/xpra.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/xpra.socket.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/bluetooth.target.wants/bluetooth.service
/var/lib/systemd/deb-systemd-helper-enabled/default.target.wants/e2scrub_reap.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/avahi-daemon.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/console-setup.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/lm-sensors.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/openvpn.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/rsync.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tlp.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ufw.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/virtualbox-guest-utils.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/wpa_supplicant.service
/var/lib/systemd/deb-systemd-helper-enabled/sleep.target.wants/tlp-sleep.service
/var/lib/systemd/deb-systemd-helper-enabled/sockets.target.wants/avahi-daemon.socket
/var/lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants/keyboard-setup.service
/var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/apt-daily-upgrade.timer
/var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/apt-daily.timer
/var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/e2scrub_all.timer

• This reply was modified 3 years, 5 months ago by DaveW.
• This reply was modified 3 years, 5 months ago by DaveW.
• This reply was modified 3 years, 5 months ago by DaveW.