Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
4.2.20 [T19] Questions for Beta testers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2011-12-27
01:00 AM
2011-12-27
01:00 AM
4.2.20 [T19] Questions for Beta testers
Hi everyone,
For those of you testing the 4.2.20 beta, could you please have a look a the following points:
NETATALK: is the version used still "2.2.1dev" or has it gone to a production (stable) version?
SSH: is the version used still "OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8o 01 Jun 2010"?
Both OpenSSH 4.3p2 and OpenSSL 0.9.8o have security vulnerabilities so it would be nice to have secure versions has this is an entry point to the datas stored on the device.
It would also be nice to have some indicator (or better a toggle switch) to enable/disable ssh in frontview as installing the ssh package does not make it appear in the list of installed packages in frontview (at least, this is what happens for me in 4.2.19).
Thanks
For those of you testing the 4.2.20 beta, could you please have a look a the following points:
NETATALK: is the version used still "2.2.1dev" or has it gone to a production (stable) version?
SSH: is the version used still "OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8o 01 Jun 2010"?
Both OpenSSH 4.3p2 and OpenSSL 0.9.8o have security vulnerabilities so it would be nice to have secure versions has this is an entry point to the datas stored on the device.
It would also be nice to have some indicator (or better a toggle switch) to enable/disable ssh in frontview as installing the ssh package does not make it appear in the list of installed packages in frontview (at least, this is what happens for me in 4.2.19).
Thanks
Message 1 of 6
Labels:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2012-01-16
11:34 AM
2012-01-16
11:34 AM
Re: 4.2.20 [T19] Questions for Beta testers
OpenSSH/SSL may show older versions, but patches are backported, so there shouldn't be any active security vulnerabilities in them.
afpd as of 4.2.20-T25 is 2.2.1p7. Which could also have some patches in it without the version number changing.
afpd as of 4.2.20-T25 is 2.2.1p7. Which could also have some patches in it without the version number changing.
Message 2 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2012-01-16
02:17 PM
2012-01-16
02:17 PM
Re: 4.2.20 [T19] Questions for Beta testers
You can see the Netatalk changelog here: http://www.netafp.com/downloads/changelog/
Netatalk 2.2.2 appears to have only just been released so it's understandable that the latest beta is using the previous stable version.
EnableRootSH is an Enable add-on not a Toggle Add-on. If installed SSH is automatically started on each boot. There is no need for a ui for the add-on. If you try to SSH in as 'root' and get in then you know it's installed successfully. You can remove it by backing up your data and doing a factory default (wipes all data, settings, everything). Why would you want to disable it? One of the uses for the add-on is to regain access to Frontview if it's broken. If Frontview is broken you can't enable SSH.
Netatalk 2.2.2 appears to have only just been released so it's understandable that the latest beta is using the previous stable version.
EnableRootSH is an Enable add-on not a Toggle Add-on. If installed SSH is automatically started on each boot. There is no need for a ui for the add-on. If you try to SSH in as 'root' and get in then you know it's installed successfully. You can remove it by backing up your data and doing a factory default (wipes all data, settings, everything). Why would you want to disable it? One of the uses for the add-on is to regain access to Frontview if it's broken. If Frontview is broken you can't enable SSH.
Message 3 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2012-01-16
03:06 PM
2012-01-16
03:06 PM
Re: 4.2.20 [T19] Questions for Beta testers
T28+ will have 2.2.2 in it. We are already testing it on internal betas.
Message 4 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2012-01-18
12:24 AM
2012-01-18
12:24 AM
Re: 4.2.20 [T19] Questions for Beta testers
Thanks to all of you for your replies.
Regarding the response from "mdgm" on SSH, I take the point. However, having a toggle button would only bring you back to the default configuration where you can not "ssh" to the device.
My view was that some of us have their NAS visible from internet and having ssh active means that you have plenty of brute force login attempts. To reduce that, you either have to disable ssh on the NAS, have some kind of firewall (iptables on the NAS or elsewhere) or play with the internet box (via the NAT rules). I was just thinking that having a toggle button would be easiest way of doing that.
Regarding the response from "mdgm" on SSH, I take the point. However, having a toggle button would only bring you back to the default configuration where you can not "ssh" to the device.
My view was that some of us have their NAS visible from internet and having ssh active means that you have plenty of brute force login attempts. To reduce that, you either have to disable ssh on the NAS, have some kind of firewall (iptables on the NAS or elsewhere) or play with the internet box (via the NAT rules). I was just thinking that having a toggle button would be easiest way of doing that.
Message 5 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2012-01-18
02:17 AM
2012-01-18
02:17 AM
Re: 4.2.20 [T19] Questions for Beta testers
mkutilek wrote:
Regarding the response from "mdgm" on SSH, I take the point. However, having a toggle button would only bring you back to the default configuration where you can not "ssh" to the device.
Still you could be denied support if your use of SSH since the last factory default (wipes all data, settings, everything) caused problems. I don't think a toggle button is needed and I believe it would be a bad idea. How do you think you're supposed to re-enable it if Frontview is broken?
mkutilek wrote:
My view was that some of us have their NAS visible from internet and having ssh active means that you have plenty of brute force login attempts. To reduce that, you either have to disable ssh on the NAS, have some kind of firewall (iptables on the NAS or elsewhere) or play with the internet box (via the NAT rules). I was just thinking that having a toggle button would be easiest way of doing that.
Blocking port 22 is the way to go. Leaves you still able to SSH in your LAN but protects you from attacks from the web. It's crazy to not have some kind of firewall protecting your devices. A good router should have some kind of firewall.
Message 6 of 6