• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

What is SSH used for on FOG server?

Scheduled Pinned Locked Moved Solved
FOG Problems
4
6
267
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fogcloud
    last edited by Aug 8, 2024, 7:45 PM

    I noticed that FOG is installing openssh-server. I might be wrong, but from what I tested this is also allowing remote SSH connections to the server. I was able to successfully log in as root/super user via SSH. Since I don’t really plan to remotely administer the server, I was wondering if it’s ok to block this port? I don’t know what FOG uses it for though.

    Looking at https://wiki.fogproject.org/wiki/index.php/FOG_security, SSH and port 22 are not shown as needing to be open.

    G T 3 Replies Last reply Aug 8, 2024, 8:46 PM Reply Quote 0
    • T
      Tom Elliott @fogcloud
      last edited by Aug 9, 2024, 12:44 AM

      @fogcloud ssh in 1.5.10 and earlier isn’t required for anything but it will be required for 1.6.

      After such a long time of using ftp I made a switch to prefer using ssh instead as it is generally more secure and can eventually (hopefully) be extended to allow Pki authentication which we cannot do for ftp based things. Plus it gives us much more utility than ftp provides.

      I know you weren’t looking for a book on this all.

      TLDR, no it’s not “required” but is effectively a default standard in dang near all operating systems now. It shouldn’t hurt anything, for now. In the future it absolutely will.

      PS If you are worried of subnets gaining access to your fog server, use a firewall to block those subnets. I would highly recommend not blocking the specific port for ssh.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      F 1 Reply Last reply Aug 9, 2024, 12:44 PM Reply Quote 0
      • G
        george1421 Moderator @fogcloud
        last edited by Aug 8, 2024, 8:46 PM

        @fogcloud FWIW fog shouldn’t use ssh for imaging. It uses ftp, nfs, http/https for imaging. I think there is another protocol but I can’t remember off the top of my head, but its not ssh.

        If you are concerned about ssh being open you can either enable a firewall on the fog server or move the ssh port to some other random place so the fog server is still accessible if needed via ssh.

        If you are concerend about security you could also install fail2ban to block repeated attempts to remotely log into your fog server.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        1 Reply Last reply Reply Quote 0
        • G
          george1421 Moderator @fogcloud
          last edited by Aug 8, 2024, 8:50 PM

          @fogcloud Do you have a specific concern about having ssh enabled on the fog server? Are you trying to meet some kind of compliance certification?

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          1 Reply Last reply Reply Quote 0
          • W
            Wayne Workman
            last edited by Aug 8, 2024, 10:58 PM

            How would you update FOG without ssh? Are you using the terminal via a hypervisor? Are you plugging a monitor, keyboard, and mouse into a physical server?

            Also if you needed to fix something, very likely all the help you would find in the forums will involve some kind of shell commands.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
            Daily Clean Installation Results:
            https://fogtesting.fogproject.us/
            FOG Reporting:
            https://fog-external-reporting-results.fogproject.us/

            1 Reply Last reply Reply Quote 0
            • T
              Tom Elliott @fogcloud
              last edited by Aug 9, 2024, 12:44 AM

              @fogcloud ssh in 1.5.10 and earlier isn’t required for anything but it will be required for 1.6.

              After such a long time of using ftp I made a switch to prefer using ssh instead as it is generally more secure and can eventually (hopefully) be extended to allow Pki authentication which we cannot do for ftp based things. Plus it gives us much more utility than ftp provides.

              I know you weren’t looking for a book on this all.

              TLDR, no it’s not “required” but is effectively a default standard in dang near all operating systems now. It shouldn’t hurt anything, for now. In the future it absolutely will.

              PS If you are worried of subnets gaining access to your fog server, use a firewall to block those subnets. I would highly recommend not blocking the specific port for ssh.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              F 1 Reply Last reply Aug 9, 2024, 12:44 PM Reply Quote 0
              • F
                fogcloud @Tom Elliott
                last edited by Aug 9, 2024, 12:44 PM

                Thank you! My question has been answered. The server is connected to a KVM and is only a few steps away from where I work. I’m just following the general rule of only allowing what is necessary and since SSH isn’t necessary (yet), I’ll keep it blocked.

                1 Reply Last reply Reply Quote 0
                • [[undefined-on, F fogcloud, Aug 9, 2024, 12:51 PM]]
                • 1 / 1
                1 / 1
                • First post
                  4/6
                  Last post

                199

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project