August 7, 201411 yr I've been beating my head against the wall trying to allow a non-root user ("leech") to access my server. I could get the login to happen, but it immediately disconnected; other linux advice sites proved useless. Finally I found this old thread that others might find useful. This user was addressing a different problem so I hope my title makes it easier to find for others. Essentally, when unRAID makes a new user, it constructs a phony shell for that user, that you can see and edit in /etc/passwd and also in /boot/config/passwd . Without a valid shell the server sends a shutdown signal. The change required is from '/bin/false' to '/bin/bash' for each user you want to have SSH access. Conveniently, I can also set the default directory for "leech", as well as implement groups. I suppose these users are closed by default for security. Needless to say, set up RSA keys or at least a great password for any you open. I'm leaving the quoted post alone since it is very clear. Note however that his commands for setting the re-start values below have changed for my version of unRAID: /boot/config instead of /flash/config. Also copying the /ssh directory is done in the /boot/config/go script in my install (6b6), not in an openSSH package script. Thank you, Tarataqa, for your instructions even 4 years later. Dennis Wow, I didn't think I was doing something no one else has ever done...so I went and solved it myself. Here is my solution for anyone else who wants to do it.(there's probably a more graceful way to do it) UnRaid users you make in the UnRaid web GUI can't ssh or telnet into UnRaid. This is because when UnRaid makes the user they have the default shell set to " /bin/false " You can change this by telneting in as root and typing " usermod -s/bin/bash <username> " To save your changes, copy " /etc/passwd " to " /flash/config/passwd " But I looked in the default passwd file and saw " operator::11:0:operator:/root:/bin/bash " (that's a colon-separated list of username, password, userID, groupID, description, home dir, default shell) so I just decided to use operator since it was not the root user, but was still a member of group root. Telnetted in as operator and made the backup folders so I wouldn't have permission trouble later. EDIT: I skipped an important step. Since unRAID defaults the mounted disk shares to "700" permissions, you need to allow Group RWX permissions on whatever disk you use (e.g. disk7) " chmod 770 /mnt/disk7 " " mkdir /mnt/disk7/My_Backups/<each folder for my Windows machines> " Installed cwrsync client on all my Windows machines. Generated ssh key without passphrase " ssh-keygen -t rsa -b 2048" naming the keyfile "ssh_operator_key ". (the name required ssh* and *key* for the other scripts) This made ssh_operator_key and ssh_operator_key.pub. Put the .pub one in " /flash/custom/etc/ssh/ " and put the other one in " c:\program files\cwrsync\ " I thought this would be the last step of the keys, but it seems linux also wants all pub key file contents in another file named authorized_keys per frigging user! Ran " cat ssh_operator_key.pub >> $HOME/.ssh/authorized_keys " and copied it to " /flash/custom/etc/ssh/authorized_keys " so it's available every boot-time. Then I needed to add this authorized_keys file to the auto_install copying: Edited file " /flash/packages/openssh-5.1p1-i486-1.tgz.auto_install " Changed the 2nd THEN to be: "# public key for root mkdir /root/.ssh cp /boot/custom/etc/ssh/authorized_keys /root/.ssh mkdir /etc/ssh 2>/dev/null cp --preserve=timestamps /boot/custom/etc/ssh/ssh*key* /etc/ssh 2>/dev/null cp --preserve=timestamps /boot/custom/etc/ssh/sshd_config /etc/ssh 2>/dev/null chmod 600 /etc/ssh/ssh*key*" Copied sshd_config file to " /flash/custom/etc/ssh/ " too. Here are the changes I made to sshd_config : LoginGraceTime 30 PermitRootLogin no MaxAuthTries 2 MaxSessions 2 PasswordAuthentication no PermitEmptyPasswords yes Example of my backup.cmd file for backing desktop's d: drive to my unraid server (named UNRAID) " rsync -aP --stats -e "ssh -i ssh_operator_key" --delete --exclude "pagefile.sys" /cygdrive/d/ operator@UNRAID:/mnt/disk7/My_Backups/Windows_d_drive/ " For over the Internet, use your router to forward internal port 22 to another port (like 2222). Exposing port22 will get too much attention from hacker bots.(trust me) " rsync -zaP --stats -e "ssh -p 2222 -i ssh_operator_key" --delete --exclude "pagefile.sys" /cygdrive/d/ [email protected]:/mnt/disk7/My_Backups/Windows_d_drive/ " PS I did have to give operator a password for this to work smoothly, but when using the key, it'll never ask for it.
August 7, 201411 yr Note however that his commands for setting the re-start values below have changed for more recent versions of unRAID: /boot/config instead of /flash/configProbably when he says "flash" instead of "boot" he is just referring to boot by its share name; i.e., when accessing from Windows boot is flash. In the actual bash command lines he does in fact call it boot.
Archived
This topic is now archived and is closed to further replies.