# SSH on by default?



## drhowarddrfine (Jun 11, 2013)

I just realized that I never enabled SSH in my rc.conf on my new installation but I'm able to `ssh` to and from this box. Why is that? I seem to recall reading somewhere that SSH is on by default in version 9.1, which is what I have, but I can't find that statement anywhere.


----------



## DutchDaemon (Jun 11, 2013)

I would doubt that FreeBSD would do such a thing, really. But _if_ it was on by default, it would be set in /etc/defaults/rc.conf. I still see 
	
	



```
sshd_enable="NO"                # Enable sshd
```
 in my freshly checked-out /usr/src/etc/defaults/rc.conf on 9.1-STABLE/amd64.

If it's not set to on in rc.conf, check the usual suspects, /etc/rc.local and root's crontab files (/etc/crontab and `crontab -u root -l`).


----------



## fonz (Jun 11, 2013)

Just curious: what does your /etc/defaults/rc.conf say? Mine has sshd_enable set to "NO" (9.1-RELEASE/i386).


----------



## drhowarddrfine (Jun 11, 2013)

Mine still says "NO" in the defaults, too. I also looked at the crontab stuff and there's nothing there.

EDIT: Ooh! Wait! I'm using OpenBox. Perhaps that's doing something?


----------



## DutchDaemon (Jun 11, 2013)

Check `dmesg -a` for any signs of daemons being started. You can usually find where it's started from by looking at the ones surrounding it at boot time.


----------



## kpa (Jun 11, 2013)

SSH out is always enabled as long as there's an SSH client installed. The sshd_enable is only for the service that accepts incoming connections.


----------



## DutchDaemon (Jun 11, 2013)

I'm assuming that's what OP means: he can `ssh` in. Out should not be a surprise


----------



## drhowarddrfine (Jun 11, 2013)

Well, I must have gotten mixed up between the two _be_cause I disabled SSH and now I can't access it. I've been doing this with Cygwin on a Windows notebook which seems to be somewhat unreliable so I guess I got confused. 

Thanks for the help.


----------



## kpa (Jun 11, 2013)

> I'm able to ssh to and from this box. Why is that?



It's completely obvious that the out direction always works to someone who has a deep understanding of how the SSH protocol and the tools work. It may not be that obvious to someone who isn't that tech savvy.


----------



## drhowarddrfine (Jun 11, 2013)

But I asked why I could ssh *both* ways and you seem to be able to answer only one part of the question. I'm glad other more tech savvy people than you were here to help.


----------



## Anonymous (Jun 11, 2013)

DutchDaemon said:
			
		

> Check `dmesg -a` for any signs of daemons being started. You can usually find where it's started from by looking at the ones surrounding it at boot time.



In addition you might want to look at the output of `# ps -axj`. From ps(1)():


```
[B]-j[/B]      Print information associated with the following keywords: [B]user[/B],
             [B]pid[/B], [B]ppid[/B], [B]pgid[/B], [B]sid[/B], [B]jobc[/B], [B]state[/B], [B]tt[/B], [B]time[/B], and [B]command[/B].
```

You want to look for PPID, i.e., the parent process identification number. For example at my machine:


```
# ps -axj
USER      PID  PPID  PGID   SID JOBC STAT TT        TIME COMMAND
...
root        1     0     1     1    0 ILs  ??     0:00.02 /sbin/init --
...
root     2049     1  2049  2049    0 Ss   ??     0:00.01 /usr/sbin/sshd
...
```

So, at my machine /usr/sbin/sshd is started by process number 1, which is /sbin/init.


----------



## ShelLuser (Jun 11, 2013)

In the past weeks I've installed five FreeBSD environments (9.1-RELEASE) where one of them was strictly experimental (hacking away to get it going in Microsoft's Virtual PC, not an easy thing to do) and I'm positive that FreeBSD does not enable sshd by default.

On two of these servers I didn't enable sshd during installation because I had to be sure that outside access would be virtually impossible. As a result it wasn't added to /etc/rc.conf and also wasn't started.

One server was the experimental one whereas the other was installed two or three weeks ago, so I'm pretty sure it's not FreeBSD doing this.


----------



## throAU (Jun 17, 2013)

From memory, the FreeBSD installer asks you if you want to enable remote SSH login.  Possibly you accidentally hit "yes"?


----------



## ChalkBored (Jun 17, 2013)

The installer has the SSHD option toggled on by default, you have to make an effort to disable it. But it only adds 
	
	



```
sshd_enable="YES"
```
 to /etc/rc.conf after you get past that menu in the installer. If you didn't use the installer to install FreeBSD, then SSHD isn't enabled by default.


----------



## drhowarddrfine (Jun 17, 2013)

I solved this issue with my post #8. Thanks for listening.


----------

