[SOLVED] Sshd is auto-activated without any reasons. Bug or hack?

Linux.tar.gz · 09-29-2004, 11:57 PM

I've been looking at top command today, and i've seen sshd, but i didn't activated it in the installation setup because i don't use it. So i've killed it and went to pkgtool to rerun services config to verify and i was surprised to see sshd selected. I had the same problem at work, but i though it was my boss who did that to spy me, because he had my passwords (i've installed myself this PC too and didn't activated ssh too). Now i'm asking myself (and you) if it's a bug or a hack.

gbonvehi · 09-29-2004, 11:59 PM

Maybe a update overwrote the script and make it executable.
You could also accidentally could typed: chmod +x ./ and press enter without completing the filename.

Edit: I've just checked the first one, and latest openssh package comes with the /etc/rc.d/rc.sshd script executable by default (it's not a bug, but it's not a good thing also).

Linux.tar.gz · 09-30-2004, 12:09 AM

Thx. I've take a look if i can remove the ssh package but there's no one!!!!!!
The fact is i'm behing a firewall that don't let my pc hosts any server. Can ssh pass through?

gbonvehi · 09-30-2004, 12:12 AM

To block ssh connections you should have port 22 blocked.
The package is called openssh but be sure if you want to remove it, because it also contains the client.

Linux.tar.gz · 09-30-2004, 12:55 AM

Well, i'm not going to remove it because i want to learn it, but i'm still anxious... So i'll "top" every 5 minutes

. Bug or hack, that is the linuxquestion...

Shade · 09-30-2004, 01:52 AM

If the /etc/rc.d/rc.sshd script is not marked executable, it will not start on boot.

Someone has to be remotely starting it.. but to do that, you've got to have sshd or telnet enabled, more than likely. So it's kind of a chicken/egg thing.

First, chmod -x /etc/rc.d/rc.sshd
Then, you can also disable inetd which might be configured to start telnet on demand as well.

I'll bet it just gets started every boot and you havent' realized it.

--Shade

Linux.tar.gz · 09-30-2004, 01:30 PM

No i don't think, because i often install slack and i never activate this, and i check often top, so i never see this before. I think it's a bug. I hope it's a bug.

Shade · 09-30-2004, 04:40 PM

It's not a bug. sshd is auto started by default with a fresh install.
You can choose on install to disable it, but it does start by default.

--Shade

Linux.tar.gz · 09-30-2004, 05:53 PM

So this is some kind of bug... I'm curious to verify that on my next install. Thx all 4 your answers.

Shade · 09-30-2004, 10:40 PM

It's not a bug.

I suggest you check these things:

make sure /etc/rc.d/rc.sshd is not set as executable.
You could also comment out the section that starts rc.sshd in /etc/rc.inet2
After a reboot, check to see immediately if sshd is running.

Code:

ps -aux |grep sshd

You could also change the permissions of /sbin/sshd to unexecutable.

Code:

chmod -x /sbin/sshd

Can I say again, this isn't a bug?

--Shade

Linux.tar.gz · 12-22-2004, 07:30 PM

I got the answer!!! Ssh daemon is reactivated after an update (swaret or slackpkg).
Thx all.

ringwraith · 12-22-2004, 10:32 PM

That's one problem with the auto updaters. Things happen on your system and the operator has no clue. Even if you are going to use these, you need to read the changelogs to see what was done.

slackMeUp · 12-22-2004, 11:24 PM

hehe... this reminds me of when ftpd was started by default with slack 9.1. I must have had that running for a good 5 months before catching it on and shutting it off.