[Announce] SMScon (control your device with SMS) - Page 129 - maemo.org

Active Topics

Nokia Booklet 3G (RX-75) Drivers (59)
to Alternatives by teroyk - 7 hrs, 26 mins ago
Is there a section to talk about Java ME? Apps, etc. (7)
to General by teroyk - 2 days, 9 hrs ago
more...

Page 129 of 130

129

Thread Tools

chill	2014-01-31 , 21:11
Posts: 252 \| Thanked: 221 times \| Joined on Jul 2010	#1281

And while I'm on the subject of reverse SSH:

sshd has to be running on the N900 for reverse SSH to work. Otherwise the N900 will not accept an incoming connection from the trusted server. Correct?

So if the phone is lost and sshd is not running yet, reverse SSH cannot be done via SMSCON. I guess one solution would be to put sshd in a script to be executed from SMSCON.

__________________
21.2011.38-1Smaemo7 (CSSU Stable)
2.6.28.10power53 (not overclocked)
Yes, I search before posting.

Quote & Reply |

	Estel	2014-01-31 , 23:49
	Posts: 5,028 \| Thanked: 8,613 times \| Joined on Mar 2011	#1282

Generally correct, but why sshd would be not running, if installed and *not* killed manually? Last tine I checked, developer of SSH status menu applet gave up on *trying* to make sshd *not* start at boot - due to upstart and sshd hickups, it was ignoring any attempts to stop it from starting.

Of course, one can (manually) stop sshd after it's started. But it isn't problem for smscon, is it?

/Estel

__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!

Quote & Reply |

The Following User Says Thank You to Estel For This Useful Post:
chill

chill	2014-02-01 , 00:44
Posts: 252 \| Thanked: 221 times \| Joined on Jul 2010	#1283

Well, my sshd does not run when the N900 boots up. I have the SSH menu applet installed and sshd is not up after the N900 finishes booting. However, I have an older version of the applet (0.1.9). So I guess the old version was successful in making ssh not start at boot on my N900. I was fine with it not starting until I began using SMSCON.

I don't see a way of having sshd start on my N900 with the v0.1.9 of the applet installed, so I guess I will upgrade to the latest version now (I was holding back after seeing some issues posted in the applet's thread).

__________________
21.2011.38-1Smaemo7 (CSSU Stable)
2.6.28.10power53 (not overclocked)
Yes, I search before posting.

Quote & Reply |

The Following 2 Users Say Thank You to chill For This Useful Post:
Estel, sixwheeledbeast

	Saturn	2014-02-01 , 17:57
	Posts: 1,648 \| Thanked: 2,122 times \| Joined on Mar 2007 @ UNKLE's Never Never Land	#1284

Originally Posted by chill

If I may go back to the subject again...In Reverse SSH, changing a field other than the server password will cause all the settings, including the password in plain text, to be written to the log file.

So deleting the log file will not help if you subsequently change e.g. the port number; the username and password will be recorded in the (fresh) log file.

Just thought I'd warn the users.

If you look again my comment, which you quote, I propose to specifically delete the log after you complete with edits or close the editor application.

I think it is obvious that the log will have again the settings if you update them..

__________________
Packages: elGR Locale, SMSCON Editor, Swappolube, CSSU Features Configuration, Snuggle, YAMAS, Cleven
Garage: SMSCON, Swappolube, CSSU Features Configuration, Snuggle
Wiki: SMSCON, SMSCON Editor, Swappolube, CSSU Features Configuration, Cleven

Quote & Reply |

The Following User Says Thank You to Saturn For This Useful Post:
Estel

	Saturn	2014-02-01 , 18:14
	Posts: 1,648 \| Thanked: 2,122 times \| Joined on Mar 2007 @ UNKLE's Never Never Land	#1285

Originally Posted by chill

Well, my sshd does not run when the N900 boots up. I have the SSH menu applet installed and sshd is not up after the N900 finishes booting. However, I have an older version of the applet (0.1.9). So I guess the old version was successful in making ssh not start at boot on my N900. I was fine with it not starting until I began using SMSCON.

I don't see a way of having sshd start on my N900 with the v0.1.9 of the applet installed, so I guess I will upgrade to the latest version now (I was holding back after seeing some issues posted in the applet's thread).

Do you mean you are using this applet? http://talk.maemo.org/showthread.php?t=91472

Quote & Reply |

chill	2014-02-02 , 21:44
Posts: 252 \| Thanked: 221 times \| Joined on Jul 2010	#1286

Yes, sir, that applet.

I understand that the log can/should be deleted after updating the settings. I just wanted to say that the "update granularity" is per screen: if you update just one field on the screen, all of the settings from that screen get written to the log. At least that's true for the Reverse SSH settings. One might assume otherwise, ie. that updating the port number only does not cause the username/password to be written to the log, but that's not the case. This then implies that the log should be deleted after any change to any of the fields (in Reverse SSHat least).

__________________
21.2011.38-1Smaemo7 (CSSU Stable)
2.6.28.10power53 (not overclocked)
Yes, I search before posting.

Quote & Reply |

	Saturn	2014-02-03 , 15:00
	Posts: 1,648 \| Thanked: 2,122 times \| Joined on Mar 2007 @ UNKLE's Never Never Land	#1287

Originally Posted by chill

Yes, sir, that applet.

I understand that the log can/should be deleted after updating the settings. I just wanted to say that the "update granularity" is per screen: if you update just one field on the screen, all of the settings from that screen get written to the log. At least that's true for the Reverse SSH settings. One might assume otherwise, ie. that updating the port number only does not cause the username/password to be written to the log, but that's not the case. This then implies that the log should be deleted after any change to any of the fields (in Reverse SSHat least).

Maybe you didn't realize this but the applet's main purpose is to augment security by keeping switched off the ssh daemon and only enable it when the user demands it. So, two solutions come to my mind. Either to remove the applet and choose a good password or create an sms command to start the sshd when you need to initiate the reverse-ssh connection.

On your second point, i can confirm that any change triggers update of all the settings and they are written in the log. I remind again, the log is only accessible by root. If anyone cares about their passwords etc. becoming root should be only possible with a password.

Hope it is clear.

Quote & Reply |

The Following 3 Users Say Thank You to Saturn For This Useful Post:
chill, handaxe, sixwheeledbeast

chill	2014-02-06 , 20:39
Posts: 252 \| Thanked: 221 times \| Joined on Jul 2010	#1288

Originally Posted by Saturn

Maybe you didn't realize this but the applet's main purpose is to augment security by keeping switched off the ssh daemon and only enable it when the user demands it. So, two solutions come to my mind. Either to remove the applet and choose a good password or create an sms command to start the sshd when you need to initiate the reverse-ssh connection.

On your second point, i can confirm that any change triggers update of all the settings and they are written in the log. I remind again, the log is only accessible by root. If anyone cares about their passwords etc. becoming root should be only possible with a password.

Hope it is clear.

Thanks for your reply. The two solutions seem like a good idea.

Actually, the new version of the SSH status applet no longer stops sshd at boot time (I was using an old version when I first posted in this thread; it did stop sshd at boot time).

With rootsh, the preferred method of gaining root, one does not need a password by default. So an N900 thief could read the log file. If it happened to me now, I'd use SMSCON to start reverse SSH and delete the log (and other things as well). There may be methods to have the N900 ask for user password when gaining root, but I haven't looked into that enough, and it might be inconvenient to be asked for a password every time root access is needed.

__________________
21.2011.38-1Smaemo7 (CSSU Stable)
2.6.28.10power53 (not overclocked)
Yes, I search before posting.

Quote & Reply |

sixwheeledbeast	2014-02-06 , 21:15
Posts: 2,290 \| Thanked: 4,133 times \| Joined on Apr 2010 @ UK	#1289

Originally Posted by chill

There may be methods to have the N900 ask for user password when gaining root, but I haven't looked into that enough, and it might be inconvenient to be asked for a password every time root access is needed.

As long as applications are designed correctly (creating there own sudoers file) asking for password to gain root will cause no issues. You will only need to input the password to root in terminal.

__________________

Wiki Admin
sixwheeledbeast's wiki
Testing Squad Subscriber
- mcallerx - tenminutecore - FlopSwap - Qnotted - zzztop - Bander - Fight2048 -

Before posting or starting a thread please try this.

Quote & Reply |

chill	2014-02-07 , 02:41
Posts: 252 \| Thanked: 221 times \| Joined on Jul 2010	#1290

Originally Posted by sixwheeledbeast

As long as applications are designed correctly (creating there own sudoers file) asking for password to gain root will cause no issues. You will only need to input the password to root in terminal.

Right, that's what I meant by "every time", in the terminal.

Supposing that's not inconvenient, root password as protection against unauthorized reading of SMSCON is limited. An N900 with rootsh installed must be made to ask for a password (correct me if I'm wrong, but rootsh by default does not ask for a password). If there is no rootsh on the N900, the thief can install it and thus gain root access and read the log. This of course is not the fault of SMSCON.

__________________
21.2011.38-1Smaemo7 (CSSU Stable)
2.6.28.10power53 (not overclocked)
Yes, I search before posting.