Phablet Tools

Merge lp:~robru/phablet-tools/more-secure-shell into lp:phablet-tools

more-secure-shell
Merge into trunk

Proposed by Robert Bruce Park on 2014-07-03

Status:

Rejected

Rejected by:

Robert Bruce Park on 2014-09-29

Proposed branch:

lp:~robru/phablet-tools/more-secure-shell

Merge into:

lp:phablet-tools

Diff against target:

34 lines (+10/-2)

1 file modified

phablet-shell (+10/-2)

To merge this branch:

bzr merge lp:~robru/phablet-tools/more-secure-shell

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
PS Jenkins bot	continuous-integration		Needs Fixing on 2014-07-03
Oliver Grawert		2014-07-03	Pending
Ubuntu Phablet Team		2014-07-03	Pending
Review via email: mp+225515@code.launchpad.net

Commit message

Make sshd only listen locally for increased security.

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2014-07-03:

FAILED: Continuous integration, rev:286
http://jenkins.qa.ubuntu.com/job/phablet-tools-ci/345/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/phablet-tools-utopic-amd64-ci/26/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/phablet-tools-utopic-armhf-ci/26/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/phablet-tools-utopic-i386-ci/26/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/phablet-tools-ci/345/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Oliver Grawert (ogra) wrote on 2014-07-03:

the pkill would kill any sshd running ... better use something like (untested):

SSH_COMMAND="/usr/sbin/sshd -4 -p 2222 -o 'ListenAddress 127.0.0.1' -D"

...
adb shell pkill -f "$SSH_COMMAND"

...

adb shell "$SSH_COMMAND"

that way you will only call this explicit command ...

Unmerged revisions

286. By Robert Bruce Park on 2014-07-03: Make sshd only listen locally for increased security.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Jason

Joe Talbott

Robert Bruce Park

Ubuntu Phablet Team

Zygmunt Krynicki

1	=== modified file 'phablet-shell'
2	--- phablet-shell 2014-05-28 11:59:44 +0000
3	+++ phablet-shell 2014-07-03 16:07:31 +0000
4	@@ -38,6 +38,12 @@
5	exit 1
6	}
7
8	+quit_sshd () {
9	+ adb shell pkill -INT sshd
10	+}
11	+
12	+trap quit_sshd 2 15 #SIGINT SIGTERM
13	+
14	if [ -f "$(dirname $0)/shell-adb-common.sh" ]; then
15	. "$(dirname $0)/shell-adb-common.sh"
16	else
17	@@ -65,9 +71,9 @@
18	# Start ssh on the device and use port forwarding to connect to it.
19	# This means that we'll connect to the device through the USB cable
20	# and won't depend on if the device has it's wifi configured or not.
21	-adb shell start ssh
22	+adb shell /usr/sbin/sshd -4 -p 2222 -o 'ListenAddress 127.0.0.1' -D &
23	for PORT in `seq 2222 2299`; do
24	- adb forward tcp:$PORT tcp:22 && break
25	+ adb forward tcp:$PORT tcp:2222 && break
26	done
27
28	SSH_OPTS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p $PORT"
29	@@ -92,3 +98,5 @@
30
31	# Now connect to the device and provide the user with a shell.
32	ssh $SSH_OPTS phablet@localhost
33	+
34	+quit_sshd