Jump to content

Does USB backup use ssh and connect to aws port 22?


Recommended Posts

I am seeing scans coming from unraid trying to connect to port 22 on an aws server is this the USB backup? If this is USB backup it might be useful to put a note when you enable USB backup. Because it looks like unraid is trying a lot of different ports to get out. 

 

image.thumb.png.2bb7afb0563c095902d2b1c32bd3af15.png

Edited by xokia
Link to comment
  • xokia changed the title to Does USB backup use ssh and connect to aws port 22?
4 hours ago, ljm42 said:

Yes, Unraid Connect Flash backup makes an outgoing git/ssh connection to backup.unraid.net on port 22 or 443

Is there a way to tell it to just use 443? I have 443 allowed for normal https traffic so that port is not filtered. I like to keep as few ports allowed as possible.

Link to comment
11 hours ago, xokia said:

Is there a way to tell it to just use 443? I have 443 allowed for normal https traffic so that port is not filtered. I like to keep as few ports allowed as possible.

 

Oh cool, so we added this fallback to port 443 for networks that block port 22 but aside from a reduction in "why can't I connect" posts I think you are the first person to confirm they are using it.  We did not want to start on port 443 because it seems a little shady to do SSH over 443 without at least trying on 22.

 

You are seeing the repeated calls in your logs because each time the script runs it tries port 22 and then falls back to 443, it doesn't store the state for the next run. As I said, you are the first person to provide feedback on how this works in their network. I can look at having it "remember" to use port 443 in a future release.

  • Like 1
Link to comment
Posted (edited)
22 hours ago, ljm42 said:

 

You are seeing the repeated calls in your logs because each time the script runs it tries port 22 and then falls back to 443, it doesn't store the state for the next run. As I said, you are the first person to provide feedback on how this works in their network. I can look at having it "remember" to use port 443 in a future release.

Maybe I am just the first running IPS to notice it? It might be a better option to enable the user to choose 443 or 22. Maybe under an advanced button and have a "prefer" port and the fallback is the non preferred port? i.e. try this port first. In your code it just ends up being a list of ports that you can reorder based on the preferred option. Set 22 as default and leave what you folks currently implemented. Then those that don't know any better wont hit you up with why is my USB backup not working. Those that want more control over their network will know what to do hopefully.  

 

If you "remember the port" someone might decide later to use port 22 then they will hit you up with how do I forget 443. Just my $.02

Edited by xokia
Link to comment
×
×
  • Create New...