Skip to main content

Hacking on ThinPro: Enabling SSH

Welcome to my life hacking on ThinPro in an enterprise environment. Today's goal is to enable SSHD on a thin client without disturbing the user and without using HP Device Manager's (HPDM) baked in SSH client. For the record, HPDM does have an _Enable and Connect with SSH task template, but you have to connect in from the HPDM server which I don't like because-well-because I'm picky. So, let's look at what we can do about that.

ThinPro uses a Windows-like registry for a lot of its configurations, so let's check there first. I went to root/sshd/enabled and set that from 0 to 1.

image.png

Then I tested whether the SSHD service was started with systemctl status sshd.service

image.png

Huh. What's this condition failed business? Let's take a look at the service unit file with systemctl cat sshd.service

image.png

So, we have a condition that checks for /etc/ssh/sshd_not_to_be_run and SSHD will refuse to start if that file exists. If I enable SSHD in the ThinPro GUI control panel, sshd_not_to_be_run is replaced with sshd_okay_to_run. I'll note this filename down as well as the file permissions which are -rw-rw-rw- (or 666 in octal).

image.png

Okay! I can write a short script from what I've gathered and deploy that script from HPDM.

# ThinPro Registry Edits
mclient set root/sshd/enabled 1
mclient commit root/sshd/enabled

# File changes
rm /etc/ssh/sshd_not_to_be_run
touch /etc/ssh/sshd_okay_to_run
chmod 666 /etc/ssh/sshd_okay_to_run

# Start service
systemctl start sshd.service

And we're done! Now I can use my own SSH client instead of having to remote in to my HPDM server first.

Here's a quick recap of what happened (in case you missed it):

  • SSHD could not be started by simply modifying the ThinPro registry
  • The systemd service unit file for SSHD had a condition to fail in the presence of the sshd_not_to_be_run file
  • I was able to see that sshd_not_to_be_run was replaced by sshd_okay_to_run after enabling SSHD from the ThinPro GUI
  • I put all necessary changes into a short script that was able to enable SSHD remotely from HPDM

Thanks for reading!

No comments to display

Back to top