[BUG?] Enable/disable SSH checkbox in webGUI has no effect?



  • Sequence of events:

    1. After a clean install of pfSense, I enabled SSH by choosing option 14 from the main menu.
    2. After verifying that I could access the webGUI with no problems, I unchecked the box under [System:Advanced:Admin Access] "Enable Secure Shell". Saved settings, etc.
    3. After 12 hours, including a full system reboot, I perused the system logs and noticed a bunch of failed login attempts via [sshd], all coming from outside the WAN.
    4. I checked the setting on the webGUI and the SSH checkbox was still unchecked.
    5. I went into a terminal window and saw option 14 said "Disable Secure Shell (sshd)". 
    6. I typed "14", and it prompted me (note the discrepancies in bold) "SSHD is currently disabled, would you like to enable?"
    7. I enabled then disabled option 14, then verified in the webGUI that the checkbox was still unchecked.  System log showed three events: diable, enable, disable sshd!

    There appears to be a problem with toggling SSH status between the terminal and the GUI.



  • The enable/disable definitely works (assuming you're on at least a semi-recent stable release, though I don't recall any release version ever where it didn't).

    The console menu can be a bit misleading because what it shows next to option 14, whether it's enable or disable, is only a check as to whether there is a sshd process running. Once you hit option 14, it shows enable/disable based on what's actually in the config. The checkbox under System>Advanced is always whether it's enabled/disabled in the config.

    If the checkbox under System>Advanced is disabled, and sshd is actually running, something other than the normal service code is starting it. Maybe a custom-added shell script or shellcmd tag in the config.



  • @cmb:

    The console menu can be a bit misleading because what it shows next to option 14, whether it's enable or disable, is only a check as to whether there is a sshd process running. Once you hit option 14, it shows enable/disable based on what's actually in the config. The checkbox under System>Advanced is always whether it's enabled/disabled in the config.

    If the checkbox under System>Advanced is disabled, and sshd is actually running, something other than the normal service code is starting it. Maybe a custom-added shell script or shellcmd tag in the config.

    The menu text for option 14 definitely changes every time you toggle sshd on/off using option 14.  It seems to be unaffected by toggling the checkbox in the GUI.  This seems unnecessarily sloppy state-sharing.

    How would I check for a script in the "config"?  Are we talking config of pfSense or config of the underlying FreeBSD system?  Since this is a brand new install, how would a script have been generated if I didn't do it myself (which I don't know how even if I wanted to)?



  • If the menu text is changing then sshd is starting/stopping. There wouldn't be any script or anything if you didn't add one. Guessing it's not really running and the logs you were seeing are old. Run 'ps ax | sshd' to see whether it's running.


Log in to reply