[BUG?] Enable/disable SSH checkbox in webGUI has no effect?
-
Sequence of events:
1. After a clean install of pfSense, I enabled SSH by choosing option 14 from the main menu.
2. After verifying that I could access the webGUI with no problems, I unchecked the box under [System:Advanced:Admin Access] "Enable Secure Shell". Saved settings, etc.
3. After 12 hours, including a full system reboot, I perused the system logs and noticed a bunch of failed login attempts via [sshd], all coming from outside the WAN.
4. I checked the setting on the webGUI and the SSH checkbox was still unchecked.
5. I went into a terminal window and saw option 14 said "Disable Secure Shell (sshd)".
6. I typed "14", and it prompted me (note the discrepancies in bold) "SSHD is currently disabled, would you like to enable?"
7. I enabled then disabled option 14, then verified in the webGUI that the checkbox was still unchecked. System log showed three events: diable, enable, disable sshd!There appears to be a problem with toggling SSH status between the terminal and the GUI.
-
The enable/disable definitely works (assuming you're on at least a semi-recent stable release, though I don't recall any release version ever where it didn't).
The console menu can be a bit misleading because what it shows next to option 14, whether it's enable or disable, is only a check as to whether there is a sshd process running. Once you hit option 14, it shows enable/disable based on what's actually in the config. The checkbox under System>Advanced is always whether it's enabled/disabled in the config.
If the checkbox under System>Advanced is disabled, and sshd is actually running, something other than the normal service code is starting it. Maybe a custom-added shell script or shellcmd tag in the config.
-
@cmb:
The console menu can be a bit misleading because what it shows next to option 14, whether it's enable or disable, is only a check as to whether there is a sshd process running. Once you hit option 14, it shows enable/disable based on what's actually in the config. The checkbox under System>Advanced is always whether it's enabled/disabled in the config.
If the checkbox under System>Advanced is disabled, and sshd is actually running, something other than the normal service code is starting it. Maybe a custom-added shell script or shellcmd tag in the config.
The menu text for option 14 definitely changes every time you toggle sshd on/off using option 14. It seems to be unaffected by toggling the checkbox in the GUI. This seems unnecessarily sloppy state-sharing.
How would I check for a script in the "config"? Are we talking config of pfSense or config of the underlying FreeBSD system? Since this is a brand new install, how would a script have been generated if I didn't do it myself (which I don't know how even if I wanted to)?
-
If the menu text is changing then sshd is starting/stopping. There wouldn't be any script or anything if you didn't add one. Guessing it's not really running and the logs you were seeing are old. Run 'ps ax | sshd' to see whether it's running.