A quick “out of the box” nmap scan on a ROCK server will reveal the following open ports:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
9100/tcp open jetdirect
9101/tcp open jetdirect
Why is SSH running on ROCK, if you’re not supposed to mess with the underlying OS? Why is SSH running at all on what is supposed to be an appliance?
Anyone have info on the other services running? There appears to be an HTTP service running on 9100, as well as the one on port 80 which services the ROCK admin console.
… should be the Samba server.
What they need the NetBIOS session service for I’ve no idea. But then I barely know how to start wireshark and that’s it. No idea what I’m reading in the log window …
BTW if ssh is not needed as stated in the other reply I wonder when it will go away. I somehow believe that a always on / always connected appliance is not safe when it has some service on it “left over”. But maybe one day we get another roon whitepaper, this time about the appliance’s security so one must no longer rely on the forum guesswork à la “with linux everything’s nice anyway” …
Although the SSH server is active it only works if the correct keys are installed which is not the case with ROCK. So while the service is indeed running you cannot access it at all. I also guess that this will most likely be removed in a new version of ROCK OS.
+1 on a whitepaper or some sort of post with details on the ROCK OS security posture.
I feel a bit better about the SSH server running if it only accepts keys on login, and not a user/password. That said, it seems like this should just be shut down if it’s not fundamental to the Roon Core. Especially given the clear direction provided by Roon that this is not a tinkerer OS, but is intended to be a hands-off, always on appliance - for this footing it should be as locked down as possible, eliminating all unnecessary services.
Many routers and other devices leave this on as well, for support purposes. We’ve used it on more than one case in a support context related to local DNS issues.
If ROCK does not meet your expectations, you can always just run a desktop or server Linux distribution an trim it down as you wish.