ROCK Open Ports

A quick “out of the box” nmap scan on a ROCK server will reveal the following open ports:

22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
9100/tcp open  jetdirect
9101/tcp open  jetdirect

Why is SSH running on ROCK, if you’re not supposed to mess with the underlying OS? Why is SSH running at all on what is supposed to be an appliance?

Anyone have info on the other services running? There appears to be an HTTP service running on 9100, as well as the one on port 80 which services the ROCK admin console.

This was already asked some time ago, see


… should be the Samba server.
What they need the NetBIOS session service for I’ve no idea. But then I barely know how to start wireshark and that’s it. No idea what I’m reading in the log window … :slight_smile:

BTW if ssh is not needed as stated in the other reply I wonder when it will go away. I somehow believe that a always on / always connected appliance is not safe when it has some service on it “left over”. But maybe one day we get another roon whitepaper, this time about the appliance’s security so one must no longer rely on the forum guesswork à la “with linux everything’s nice anyway”:sunglasses:

Although the SSH server is active it only works if the correct keys are installed which is not the case with ROCK. So while the service is indeed running you cannot access it at all. I also guess that this will most likely be removed in a new version of ROCK OS.

139 and 445 are windows/samba/cifs file sharing ports

9000 and 9101 are Roon Core ports

Thanks all for the info!

+1 on a whitepaper or some sort of post with details on the ROCK OS security posture.

I feel a bit better about the SSH server running if it only accepts keys on login, and not a user/password. That said, it seems like this should just be shut down if it’s not fundamental to the Roon Core. Especially given the clear direction provided by Roon that this is not a tinkerer OS, but is intended to be a hands-off, always on appliance - for this footing it should be as locked down as possible, eliminating all unnecessary services.

It only accepts a key – no passwords.

Many routers and other devices leave this on as well, for support purposes. We’ve used it on more than one case in a support context related to local DNS issues.

If ROCK does not meet your expectations, you can always just run a desktop or server Linux distribution an trim it down as you wish.

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.