We have moved to a new Sailfish OS Forum. Please start new discussions there.
3

Where do ssh settings have to be changed?

asked 2015-12-27 23:20:35 +0200

Laura gravatar image

As a Linux newbie, I might have a wrong understanding of the settings concept. It is clear that system-wide settings override settings for single users. On the other side, those system-wide configurations obviously aren't enough to ensure everything works as it should.

That's why I encountered some problems with configuring ssh connections.

  1. Changing the port in the sshd_config file has no effect. One also (or: instead?) has to edit sshd.socket. https://together.jolla.com/question/4363/how-to-configure-sshd-to-listen-on-a-different-port/?answer=4539#post-id-4539

  2. In addition, using ssh keys, logging in via ssh is possible even if SSH connection is switched off in settings -> developer mode. This seems to be a bit strange. Normally, I would expect "off" means "completely off" and not only "off for one log-in method". Is there any possibility to disable it completely? Does it have to be disabled anywhere else for the changes to take effect?

  3. Therefore I wonder whether Sailfish respects the "ListenAddress" entry in the sshd_config file.

  4. Are there any other ssh settings that need to be modified in a different file although they are present in sshd_config?

edit retag flag offensive close delete

Comments

Did you change your system by e.g. installing openssh from openrepos?

lakutalo ( 2015-12-28 15:32:00 +0200 )edit

No, I didn't. I have only installed apps from Jolla Store.

Laura ( 2015-12-28 15:50:26 +0200 )edit
1

Not exactly what you want, but a plausible workaround for increased security: https://openrepos.net/content/coderus/ssh-access-confirmation

objectifnul ( 2015-12-28 15:54:31 +0200 )edit

Thanks for your suggestion. This app has already been recommended to me twice. I'm just not yet convinced of installing apps from anywhere else than Jolla Store, so I hope it'll be available there soon.

Laura ( 2016-01-02 03:08:32 +0200 )edit

I'm linux user for many years and I'm very frustrated with how jolla handles ssh. I changed the port of my ssh and changed settings to require ssh key to connect. (edited /etc/ssh/sshd_config as always). Then proceeded to switch off ssh (systemctl stop sshd) but: 1. ssh is still on no matter what. 2. when enablig ssh via Settings app, I can ssh via port 22 which should not take place since the config specifies different port 3. Regardless of remote connection being swiched off via settings app I can connect to the phone via specified port in config file

WTF?! Why is it like that. Why I cant just setup /etc/ssh the way I've been doing on every machine/server and have it respected by the system?! Any thoughts on that guys?

muppeth ( 2016-01-21 11:46:42 +0200 )edit

1 Answer

Sort by » oldest newest most voted
2

answered 2015-12-28 15:22:52 +0200

juiceme gravatar image

Regarding your concern #2, I just checked it and when ssh access is turned off from settings I could not log in with keys specified in .ssh/authorized_keys file. Therefore it seems to work like it should.

It is possible that you have a bug that has been corrected now. I am running the latest release, 2.0.0.10

edit flag offensive delete publish link more

Comments

My phone arrived three weeks ago, so it came with Sailfish 2.0.0.10.

Turning off ssh access prevents me from using "devel-su", but I can still connect to the phone as nemo. I tested it several times and always rebooted the phone after changing the setting.

As this is different on your phone - thanks for testing it - it is obviously caused by my settings. So I have two possible explanations for that:

  1. The entry "ListenAddress 192.[...]" forces the phone to always listen to that port, regardless of the settings in "developer mode".

  2. I am using PuTTY 0.66 Portable, and the command "ssh-copy-id" didn't work for me. So I used "cat" and copied the private key in a text file that I then imported in PuTTY. That means that both keys, the private and the public one, are saved on my computer and on the phone.

Laura ( 2015-12-28 16:06:36 +0200 )edit

I'd imagine the odd behaviour is caused by option #1, your tweaking the sshd config directly.

As far as I know it should not matter what client and how are you using it, and there should be no difference whether you have just the public key or both keys in the target device.

juiceme ( 2015-12-29 15:54:27 +0200 )edit

Today, I had some time to test it again, so I set "usePAM" back to "yes" and commented out the IP address entries with"#". Then I restarted the phone, first with Sailfish Utilities, then by turning it off and on again. It didn't matter at all. Even if I uncomment one of the IP addresses, I can still log in from my other IP address after rebooting the phone. That's why I now wonder whether the settings in sshd_config do have any effect at all (at least on my own phone).

Laura ( 2016-01-02 02:59:09 +0200 )edit
Login/Signup to Answer

Question tools

Follow
4 followers

subscribe to rss feed

Stats

Asked: 2015-12-27 23:20:35 +0200

Seen: 462 times

Last updated: Dec 28 '15

Related questions

HowTo: Connecting to Jolla via SSH over USB [answered]

SSH Host Key fingerprint & regeneration

[solved] ssh login with public key broken [answered]

SSH fingerprint changes unexpectedly [not relevant]

ssh connection refused [answered]

Development mode require reboot for ssh to work [released]

sshd.socket is started on boot regardless of settings

What is the best maps/navigation application to use on Jolla? [answered]

Keychain linked to TOH

Disable SSH daemon when remote connections are disabled

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49