SSH on by default?

D

drhowarddrfine

I just realized that I never enabled SSH in my rc.conf on my new installation but I'm able to ssh to and from this box. Why is that? I seem to recall reading somewhere that SSH is on by default in version 9.1, which is what I have, but I can't find that statement anywhere.
 
I would doubt that FreeBSD would do such a thing, really. But if it was on by default, it would be set in /etc/defaults/rc.conf. I still see
Code: 
sshd_enable="NO"                # Enable sshd
in my freshly checked-out /usr/src/etc/defaults/rc.conf on 9.1-STABLE/amd64.

If it's not set to on in rc.conf, check the usual suspects, /etc/rc.local and root's crontab files (/etc/crontab and crontab -u root -l).
 
Just curious: what does your /etc/defaults/rc.conf say? Mine has sshd_enable set to "NO" (9.1-RELEASE/i386).
 
Mine still says "NO" in the defaults, too. I also looked at the crontab stuff and there's nothing there.

EDIT: Ooh! Wait! I'm using OpenBox. Perhaps that's doing something?
 
Check dmesg -a for any signs of daemons being started. You can usually find where it's started from by looking at the ones surrounding it at boot time.
 
SSH out is always enabled as long as there's an SSH client installed. The sshd_enable is only for the service that accepts incoming connections.
 
I'm assuming that's what OP means: he can ssh in. Out should not be a surprise ;)
 
Well, I must have gotten mixed up between the two because I disabled SSH and now I can't access it. I've been doing this with Cygwin on a Windows notebook which seems to be somewhat unreliable so I guess I got confused.

Thanks for the help.
 
I'm able to ssh to and from this box. Why is that?
Click to expand...

It's completely obvious that the out direction always works to someone who has a deep understanding of how the SSH protocol and the tools work. It may not be that obvious to someone who isn't that tech savvy.
 
But I asked why I could ssh both ways and you seem to be able to answer only one part of the question. I'm glad other more tech savvy people than you were here to help.
 
DutchDaemon said:
Check dmesg -a for any signs of daemons being started. You can usually find where it's started from by looking at the ones surrounding it at boot time.
Click to expand...

In addition you might want to look at the output of # ps -axj. From ps(1)():

Code: 
     [B]-j[/B]      Print information associated with the following keywords: [B]user[/B],
             [B]pid[/B], [B]ppid[/B], [B]pgid[/B], [B]sid[/B], [B]jobc[/B], [B]state[/B], [B]tt[/B], [B]time[/B], and [B]command[/B].

You want to look for PPID, i.e., the parent process identification number. For example at my machine:

Code: 
# ps -axj
USER      PID  PPID  PGID   SID JOBC STAT TT        TIME COMMAND
...
root        1     0     1     1    0 ILs  ??     0:00.02 /sbin/init --
...
root     2049     1  2049  2049    0 Ss   ??     0:00.01 /usr/sbin/sshd
...

So, at my machine /usr/sbin/sshd is started by process number 1, which is /sbin/init.
 
In the past weeks I've installed five FreeBSD environments (9.1-RELEASE) where one of them was strictly experimental (hacking away to get it going in Microsoft's Virtual PC, not an easy thing to do) and I'm positive that FreeBSD does not enable sshd by default.

On two of these servers I didn't enable sshd during installation because I had to be sure that outside access would be virtually impossible. As a result it wasn't added to /etc/rc.conf and also wasn't started.

One server was the experimental one whereas the other was installed two or three weeks ago, so I'm pretty sure it's not FreeBSD doing this.
 
From memory, the FreeBSD installer asks you if you want to enable remote SSH login. Possibly you accidentally hit "yes"?
 
The installer has the SSHD option toggled on by default, you have to make an effort to disable it. But it only adds
Code: 
sshd_enable="YES"
to /etc/rc.conf after you get past that menu in the installer. If you didn't use the installer to install FreeBSD, then SSHD isn't enabled by default.
 
You must log in or register to reply here.
Back
Top