nayr

Very much appreciate I can secure my unRaid now w/traditional passwords. I request that if the boot-flash contains an authorized_keys file preloaded with SSH public keys, that this file is used for SSH based login and SSHD config is appended with: PasswordAuthentication no This would further harden root SSH access and effectively secure this entry point from any brute force attacks, likely internally from another compromised machine.. If desired web access can already be hardened w/client based tokens via firewalls and a reverse proxy, but that would be pretty cool it supported like a 2FA app for web auth since you can gain a root shell via web-ui.

Moved most of my NFS needs to a Ganesha-NFS via Docker and much grief in my system is now gone.. Emby loads quicker w/out randomly spinning forever, no stale file handlers, services can recover from nas restart, and Kubernetes is generally happier dealing w/NFSv4 Why this is not a priority I've no idea, it needs to be.. I'm only using SMB for TimeMachine backups, vast majority of traffic is NFS and now I've nearly abandoned unRaid's native sharing.. thank god for docker or I'd be looking at unraid alternatives at this point.

ah I did not find that option, everything I found was trying to use PCI ID's and that was not gonna work since they were both the same. # lspci -nn |grep SAS 09:00.0 Serial Attached SCSI controller [0107]: LSI Logic / Symbios Logic SAS2308 PCI-Express Fusion-MPT SAS-2 [1000:0087] (rev 05) 42:00.0 Serial Attached SCSI controller [0107]: LSI Logic / Symbios Logic SAS2308 PCI-Express Fusion-MPT SAS-2 [1000:0087] (rev 05) Thank you, I dont like this script solution im using now.. felt like a big hack waiting to break on update.. I still feel it would be a useful UI feature, I'm happy editing boot options to get devices to passthrough, but I get a feeling a large part of the unraid audience are more windows users (or at least SMB gets more love than NFS)

see: https://github.com/andre-richter/vfio-pci-bind/blob/master/vfio-pci-bind.sh I'm using above script on boot to rebind a mpt3sas controller to vfio-pci so it can be passed through to a VM, works great.. would be nice if UI had similar functionality, where you could select devices to rebind to vfio-pci based upon address so they can be reclaimed from kernel modules that might grab em and prevent em from being passed through.. In my case I have 2 identical cards, one for UnRaid, one for a VM (FreeNAS) so blacklisting mpt3sas would not be desired. I'd expect it to work for PCIe SSD's too since I didnt see any of them available to be passed through.. tho im not needing em, yet. Cheers, -nayr