jbrodriguez Posted September 8, 2014 Share Posted September 8, 2014 how do you configure ssh, so that you can authenticate with a public/private key ? openssh is now built in, just not sure how to configure /etc/ssh/sshd_config and make it persist across boots. thanks in advance ! Quote Link to comment
ntrlsur Posted September 8, 2014 Share Posted September 8, 2014 all the kety files for ssh are in /boot/config/ssh . you should be able to grab the key files from there. Quote Link to comment
Dmtalon Posted September 25, 2014 Share Posted September 25, 2014 So, do we not generate our own key pair? are we supposed to copy the private key from unRAID? seems odd. Is there an unraid 6 ssh key setup how-to? Maybe I'm dense but its not working for me currently. Quote Link to comment
jphipps Posted September 25, 2014 Share Posted September 25, 2014 you normally generate your public/private key pair on your client and then copy the public key to the ~/.ssh directory on your server.( The .ssh directory in your home directory ) You will probably have to put your public key somewhere in the /boot/config directory and have the go script copy the key into the users home directory so it will persist after a reboot. Quote Link to comment
Dmtalon Posted September 25, 2014 Share Posted September 25, 2014 Thanks, This was where I was confused... I wasn't sure if unRAID was special or if I just needed to created a .ssh and put my stuff there. I went ahead and generated a key pair and installed it normally and it worked. I created a small script to create the .ssh, chmod the dir, copy the authorized_keys (stored in /boot/config/ssh) to the .ssh dir and also chmod 700 it. This lived through a reboot. I'll go ahead and put my script here in case others want to see it. gossh.txt Quote Link to comment
jbrodriguez Posted September 25, 2014 Author Share Posted September 25, 2014 yeah, i ended up doing pretty much the same Quote Link to comment
pinion Posted September 29, 2014 Share Posted September 29, 2014 Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date. cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys' I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that. Quote Link to comment
Dmtalon Posted September 29, 2014 Share Posted September 29, 2014 Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date. cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys' I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that. I think with any other directory that would work, but .ssh is a special directory with special permissions. The link would be to a file on flash that has 777 permissions (rwxrwxrwx) on the flash drive I can play with it and see unless someone already knows. But the link creation would be just to "ln -s /boot/config/ssh /root/.ssh" (.ssh can't already exist) Just not sure how all the permissions would work off the top of my head. Quote Link to comment
pinion Posted September 29, 2014 Share Posted September 29, 2014 Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date. cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys' I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that. I think with any other directory that would work, but .ssh is a special directory with special permissions. The link would be to a file on flash that has 777 permissions (rwxrwxrwx) I can play with it and see unless someone already knows. But the link creation would be just to "ln -s /boot/config/ssh /root/.ssh" (.ssh can't already exist) Just not sure how all the permissions would work off the top of my head. I definitely didn't have a problem with the link creation. I even changed it in the script. But as you said, I think there is a permissions issue there. Quote Link to comment
alphazo Posted December 2, 2014 Share Posted December 2, 2014 Thanks for the tiny script. I also added a line to the script to copy my custom sshd_config to /etc/ssh/ since I usually disable any kind of password access over SSH. Quote Link to comment
tokra Posted December 18, 2016 Share Posted December 18, 2016 1) generate SSH keys on your client machine: ssh-keygen -t rsa -b 4096 -C "[email protected]" 2) add generated key to your client: eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_rsa 3) copy generated public key to your UNRAID server using: ssh-copy-id -i ~/.ssh/id_rsa.pub root@tower Then login to your UNRAID over SSH and: 4) Copy authorized_keys from root user home to flash using: cp /root/.ssh/authorized_keys /boot/config/ssh/ 5) edit /boot/config/go on flash and add this line: mkdir /root/.ssh/ cp /boot/config/ssh/authorized_keys /root/.ssh/authorized_keys chmod 700 /root/.ssh chmod 600 /root/.ssh/authorized_keys By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts. Hope this helped 4 Quote Link to comment
willbg Posted January 7, 2018 Share Posted January 7, 2018 On 18/12/2016 at 11:50 PM, tokra said: By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts. Hope this helped It did, very much so. Thanks! Quote Link to comment
JOduMonT Posted March 26, 2018 Share Posted March 26, 2018 Works perfectly ! On 12/18/2016 at 2:50 PM, tokra said: By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts. Hope this helped but I would like to say it will be safer to not using root or any well-known user name such as rescue, admin, adm, ... because who known when they will find another way to brute force ssh https://blog.sucuri.net/2013/07/ssh-brute-force-the-10-year-old-attack-that-still-persists.html Quote Link to comment
ken-ji Posted March 29, 2018 Share Posted March 29, 2018 Well, unRAID is not meant to be facing a hostile network. So don't place it in a DMZ, or the internet, where it would be subject to brute force attacks. The root password cannot be super strong because some symbols cannot be used by the web ui properly Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.