For those of you testing the 4.2.20 beta, could you please have a look a the following points:
NETATALK: is the version used still "2.2.1dev" or has it gone to a production (stable) version?
SSH: is the version used still "OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8o 01 Jun 2010"? Both OpenSSH 4.3p2 and OpenSSL 0.9.8o have security vulnerabilities so it would be nice to have secure versions has this is an entry point to the datas stored on the device. It would also be nice to have some indicator (or better a toggle switch) to enable/disable ssh in frontview as installing the ssh package does not make it appear in the list of installed packages in frontview (at least, this is what happens for me in 4.2.19).
Netatalk 2.2.2 appears to have only just been released so it's understandable that the latest beta is using the previous stable version.
EnableRootSH is an Enable add-on not a Toggle Add-on. If installed SSH is automatically started on each boot. There is no need for a ui for the add-on. If you try to SSH in as 'root' and get in then you know it's installed successfully. You can remove it by backing up your data and doing a factory default (wipes all data, settings, everything). Why would you want to disable it? One of the uses for the add-on is to regain access to Frontview if it's broken. If Frontview is broken you can't enable SSH.
Regarding the response from "mdgm" on SSH, I take the point. However, having a toggle button would only bring you back to the default configuration where you can not "ssh" to the device. My view was that some of us have their NAS visible from internet and having ssh active means that you have plenty of brute force login attempts. To reduce that, you either have to disable ssh on the NAS, have some kind of firewall (iptables on the NAS or elsewhere) or play with the internet box (via the NAT rules). I was just thinking that having a toggle button would be easiest way of doing that.
Regarding the response from "mdgm" on SSH, I take the point. However, having a toggle button would only bring you back to the default configuration where you can not "ssh" to the device.
Still you could be denied support if your use of SSH since the last factory default (wipes all data, settings, everything) caused problems. I don't think a toggle button is needed and I believe it would be a bad idea. How do you think you're supposed to re-enable it if Frontview is broken?
mkutilek wrote:
My view was that some of us have their NAS visible from internet and having ssh active means that you have plenty of brute force login attempts. To reduce that, you either have to disable ssh on the NAS, have some kind of firewall (iptables on the NAS or elsewhere) or play with the internet box (via the NAT rules). I was just thinking that having a toggle button would be easiest way of doing that.
Blocking port 22 is the way to go. Leaves you still able to SSH in your LAN but protects you from attacks from the web. It's crazy to not have some kind of firewall protecting your devices. A good router should have some kind of firewall.
