Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [BUG?] Enable/disable SSH checkbox in webGUI has no effect?

    Scheduled Pinned Locked Moved webGUI
    4 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BillBraskey
      last edited by

      Sequence of events:

      1. After a clean install of pfSense, I enabled SSH by choosing option 14 from the main menu.
      2. After verifying that I could access the webGUI with no problems, I unchecked the box under [System:Advanced:Admin Access] "Enable Secure Shell". Saved settings, etc.
      3. After 12 hours, including a full system reboot, I perused the system logs and noticed a bunch of failed login attempts via [sshd], all coming from outside the WAN.
      4. I checked the setting on the webGUI and the SSH checkbox was still unchecked.
      5. I went into a terminal window and saw option 14 said "Disable Secure Shell (sshd)". 
      6. I typed "14", and it prompted me (note the discrepancies in bold) "SSHD is currently disabled, would you like to enable?"
      7. I enabled then disabled option 14, then verified in the webGUI that the checkbox was still unchecked.  System log showed three events: diable, enable, disable sshd!

      There appears to be a problem with toggling SSH status between the terminal and the GUI.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        The enable/disable definitely works (assuming you're on at least a semi-recent stable release, though I don't recall any release version ever where it didn't).

        The console menu can be a bit misleading because what it shows next to option 14, whether it's enable or disable, is only a check as to whether there is a sshd process running. Once you hit option 14, it shows enable/disable based on what's actually in the config. The checkbox under System>Advanced is always whether it's enabled/disabled in the config.

        If the checkbox under System>Advanced is disabled, and sshd is actually running, something other than the normal service code is starting it. Maybe a custom-added shell script or shellcmd tag in the config.

        1 Reply Last reply Reply Quote 0
        • B
          BillBraskey
          last edited by

          @cmb:

          The console menu can be a bit misleading because what it shows next to option 14, whether it's enable or disable, is only a check as to whether there is a sshd process running. Once you hit option 14, it shows enable/disable based on what's actually in the config. The checkbox under System>Advanced is always whether it's enabled/disabled in the config.

          If the checkbox under System>Advanced is disabled, and sshd is actually running, something other than the normal service code is starting it. Maybe a custom-added shell script or shellcmd tag in the config.

          The menu text for option 14 definitely changes every time you toggle sshd on/off using option 14.  It seems to be unaffected by toggling the checkbox in the GUI.  This seems unnecessarily sloppy state-sharing.

          How would I check for a script in the "config"?  Are we talking config of pfSense or config of the underlying FreeBSD system?  Since this is a brand new install, how would a script have been generated if I didn't do it myself (which I don't know how even if I wanted to)?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            If the menu text is changing then sshd is starting/stopping. There wouldn't be any script or anything if you didn't add one. Guessing it's not really running and the logs you were seeing are old. Run 'ps ax | sshd' to see whether it's running.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.