Re: [Announce] SMScon (control your device with SMS)
 

And while I'm on the subject of reverse SSH:

sshd has to be running on the N900 for reverse SSH to work. Otherwise the N900 will not accept an incoming connection from the trusted server. Correct?

So if the phone is lost and sshd is not running yet, reverse SSH cannot be done via SMSCON. I guess one solution would be to put sshd in a script to be executed from SMSCON.

Re: [Announce] SMScon (control your device with SMS)
 

Generally correct, but why sshd would be not running, if installed and *not* killed manually? Last tine I checked, developer of SSH status menu applet gave up on *trying* to make sshd *not* start at boot - due to upstart and sshd hickups, it was ignoring any attempts to stop it from starting.

Of course, one can (manually) stop sshd after it's started. But it isn't problem for smscon, is it?

/Estel

Re: [Announce] SMScon (control your device with SMS)
 

Well, my sshd does not run when the N900 boots up. I have the SSH menu applet installed and sshd is not up after the N900 finishes booting. However, I have an older version of the applet (0.1.9). So I guess the old version was successful in making ssh not start at boot on my N900. I was fine with it not starting until I began using SMSCON.

I don't see a way of having sshd start on my N900 with the v0.1.9 of the applet installed, so I guess I will upgrade to the latest version now (I was holding back after seeing some issues posted in the applet's thread).

Re: [Announce] SMScon (control your device with SMS)
 

If you look again my comment, which you quote, I propose to specifically delete the log after you complete with edits or close the editor application.

I think it is obvious that the log will have again the settings if you update them..

Re: [Announce] SMScon (control your device with SMS)
 

Do you mean you are using this applet? http://talk.maemo.org/showthread.php?t=91472

Re: [Announce] SMScon (control your device with SMS)
 

Yes, sir, that applet.

I understand that the log can/should be deleted after updating the settings. I just wanted to say that the "update granularity" is per screen: if you update just one field on the screen, all of the settings from that screen get written to the log. At least that's true for the Reverse SSH settings. One might assume otherwise, ie. that updating the port number only does not cause the username/password to be written to the log, but that's not the case. This then implies that the log should be deleted after any change to any of the fields (in Reverse SSHat least).

Re: [Announce] SMScon (control your device with SMS)
 

Maybe you didn't realize this but the applet's main purpose is to augment security by keeping switched off the ssh daemon and only enable it when the user demands it. So, two solutions come to my mind. Either to remove the applet and choose a good password or create an sms command to start the sshd when you need to initiate the reverse-ssh connection.

On your second point, i can confirm that any change triggers update of all the settings and they are written in the log. I remind again, the log is only accessible by root. If anyone cares about their passwords etc. becoming root should be only possible with a password.

Hope it is clear.

Re: [Announce] SMScon (control your device with SMS)
 

Thanks for your reply. The two solutions seem like a good idea.

Actually, the new version of the SSH status applet no longer stops sshd at boot time (I was using an old version when I first posted in this thread; it did stop sshd at boot time).

With rootsh, the preferred method of gaining root, one does not need a password by default. So an N900 thief could read the log file. If it happened to me now, I'd use SMSCON to start reverse SSH and delete the log (and other things as well). There may be methods to have the N900 ask for user password when gaining root, but I haven't looked into that enough, and it might be inconvenient to be asked for a password every time root access is needed.

Re: [Announce] SMScon (control your device with SMS)
 

As long as applications are designed correctly (creating there own sudoers file) asking for password to gain root will cause no issues. You will only need to input the password to root in terminal.

Re: [Announce] SMScon (control your device with SMS)
 

Right, that's what I meant by "every time", in the terminal.

Supposing that's not inconvenient, root password as protection against unauthorized reading of SMSCON is limited. An N900 with rootsh installed must be made to ask for a password (correct me if I'm wrong, but rootsh by default does not ask for a password). If there is no rootsh on the N900, the thief can install it and thus gain root access and read the log. This of course is not the fault of SMSCON.

Re: [Announce] SMScon (control your device with SMS)
 

Here is a more relevant thread for this discussion:
http://talk.maemo.org/showthread.php?t=62221

Re: [Announce] SMScon (control your device with SMS)
 

Since it seems we have just discovered that the N900 reports a wrong ICCID (and no one noticed is so far?!?):
http://talk.maemo.org/showthread.php?t=89238&page=8

It would be nice that also SMScon could show the right ICCID, especially in case of sim swap notification.