November 17, 201213 yr Hi, I noticed today that i can easily log-in into unRaid with just user 'nobody'. No need for root password, nothing.... How can i fix this?? Just leave it like this and do not let anyone from outside to log in? Ok, i can do that, but i need ssh for secure outside login? I can install that one too, but in the unmenu it says: "Note: unRAID in many releases has multiple logins with no assigned password. If you have not assigned a strong password to ALL the defined logins, you will be hacked if you open up ports to the internet when using "ssh". It is just a matter of time. You have been warned." Ok...so how do I assigne password to ALL logins? Thanks
November 17, 201213 yr This kind of depends on what you want... You can set access to whatever form you want, you can just give access to everyone who can physically reach the shares, or you can set userid/password combinations, you can even use an external authentican server.. Since unraid is in most cases used as a home storage server the "give everyone access" option can be quite usefull, it makes the whole thing really easy to use. You need to spend some time on the manual to find learn how to set this up, it is quite easy and well documented.
November 17, 201213 yr Author Yes, i get the idea of simply letting everyone on local lan to easily access unraid. This is all good and i want that. But at the same time i want to access it from outside too. So one of the ways is using ssh? But then i see that note about securing all logins...so how do i do that? Manual says: "Only root can access the System Management Utility, and log in to the system console or telnet session." Well NO, i can log into system console with 'nobody' too....and i don't need any password! Are there any other 'hidden' users that can easily log into system console??
November 17, 201213 yr If you want to access your server from the outside I would recommend setting up a VPN.. I did it as described in this post: http://lime-technology.com/forum/index.php?topic=22128.msg196203#msg196203
November 17, 201213 yr Have not done so myself but it is possible and there even is a plugin for openssh (search the forum)
November 17, 201213 yr Author Regarding VPN: Does setting up VPN solve the problem with the user 'nobody', i.e. access to local files without any password? I understand that data transfered through VPN is secure, but what about gates? i.e. user access restrictions (login users/passwords,etc). ?
November 17, 201213 yr Setting up a vpn concentratoe will make it possible to access your intranet from the interner. Your internet device (phone/ other pc) will effectively become part of your intranet. Since you can access your unraid system from your intranet you can so also thru vpn from an external location. It does nothimg with respect to the access setup on your unraid box. The webconsole should only be readable by using the root login. I imagine you might be able to telnet using nobody, however you would only be able to touch files that user is entitled to see/change.
November 17, 201213 yr Author So if i set up VPN, will other unknown person from outside be able to log into console with the 'nobody' account? You can test it on your system if it is possible or not.
November 17, 201213 yr So if i set up VPN, will other unknown person from outside be able to log into console with the 'nobody' account? You can test it on your system if it is possible or not. No, not unless you give that person the VPN key..
November 17, 201213 yr So if i set up VPN, will other unknown person from outside be able to log into console with the 'nobody' account? You can test it on your system if it is possible or not. No, not unless you give that person the VPN key.. or open up some port to bypass the VPN. How do you have the security set? Or are you using the free version of unRAID where there is no user-security at all?
November 18, 201213 yr Author So if i set up VPN, will other unknown person from outside be able to log into console with the 'nobody' account? You can test it on your system if it is possible or not. No, not unless you give that person the VPN key.. or open up some port to bypass the VPN. How do you have the security set? Or are you using the free version of unRAID where there is no user-security at all? At the moment I am using free version but I am going to buy full license if I will manage to make unRaid work the way I need it to. So with user-security enabled, what will change for me? Will I be able to have secured access from outside or this won't change much (i.e. I will still have to use VPN) ? Thanks
November 18, 201213 yr Core unraid, and that is the license you would be beiing, is not meant to be used in the way you want it to. There are several plugins available that enhance its functionality, like I stated before, there is an SSH plugin that you could investigate to see if it does what you need. Plain vanilla unraid does not do what you want.
November 20, 201213 yr Author The reason for this security hole is here: http://lime-technology.com/forum/index.php?topic=8736.msg210136#msg210136
November 20, 201213 yr It is not a hole... However even without this "hole" it would be plain stupid to expose unraid by itself to the internet. the system is not built to do that en the root password is absolutely no problem for someone wanting to access it. Actually: having a unix machine that has the possibility to log on with root is considered bad practice... For a home media server however it is no issue whatsoever. If you need to access stuff from the internet then setup vpn or use some kind of steppingstone (like logmein).
November 20, 201213 yr Author Well it's all in the configuration and set-up. However normal users should know about potential dangers. The solution i used to have more secure access from outside was this: http://lime-technology.com/forum/index.php?topic=20848.0 Probably the simpliest one.
Archived
This topic is now archived and is closed to further replies.