September 8, 201411 yr how do you configure ssh, so that you can authenticate with a public/private key ? openssh is now built in, just not sure how to configure /etc/ssh/sshd_config and make it persist across boots. thanks in advance !
September 8, 201411 yr all the kety files for ssh are in /boot/config/ssh . you should be able to grab the key files from there.
September 25, 201411 yr So, do we not generate our own key pair? are we supposed to copy the private key from unRAID? seems odd. Is there an unraid 6 ssh key setup how-to? Maybe I'm dense but its not working for me currently.
September 25, 201411 yr you normally generate your public/private key pair on your client and then copy the public key to the ~/.ssh directory on your server.( The .ssh directory in your home directory ) You will probably have to put your public key somewhere in the /boot/config directory and have the go script copy the key into the users home directory so it will persist after a reboot.
September 25, 201411 yr Thanks, This was where I was confused... I wasn't sure if unRAID was special or if I just needed to created a .ssh and put my stuff there. I went ahead and generated a key pair and installed it normally and it worked. I created a small script to create the .ssh, chmod the dir, copy the authorized_keys (stored in /boot/config/ssh) to the .ssh dir and also chmod 700 it. This lived through a reboot. I'll go ahead and put my script here in case others want to see it. gossh.txt
September 29, 201411 yr Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date. cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys' I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that.
September 29, 201411 yr Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date. cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys' I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that. I think with any other directory that would work, but .ssh is a special directory with special permissions. The link would be to a file on flash that has 777 permissions (rwxrwxrwx) on the flash drive I can play with it and see unless someone already knows. But the link creation would be just to "ln -s /boot/config/ssh /root/.ssh" (.ssh can't already exist) Just not sure how all the permissions would work off the top of my head.
September 29, 201411 yr Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date. cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys' I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that. I think with any other directory that would work, but .ssh is a special directory with special permissions. The link would be to a file on flash that has 777 permissions (rwxrwxrwx) I can play with it and see unless someone already knows. But the link creation would be just to "ln -s /boot/config/ssh /root/.ssh" (.ssh can't already exist) Just not sure how all the permissions would work off the top of my head. I definitely didn't have a problem with the link creation. I even changed it in the script. But as you said, I think there is a permissions issue there.
December 2, 201411 yr Thanks for the tiny script. I also added a line to the script to copy my custom sshd_config to /etc/ssh/ since I usually disable any kind of password access over SSH.
December 18, 20169 yr 1) generate SSH keys on your client machine: ssh-keygen -t rsa -b 4096 -C "[email protected]" 2) add generated key to your client: eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_rsa 3) copy generated public key to your UNRAID server using: ssh-copy-id -i ~/.ssh/id_rsa.pub root@tower Then login to your UNRAID over SSH and: 4) Copy authorized_keys from root user home to flash using: cp /root/.ssh/authorized_keys /boot/config/ssh/ 5) edit /boot/config/go on flash and add this line: mkdir /root/.ssh/ cp /boot/config/ssh/authorized_keys /root/.ssh/authorized_keys chmod 700 /root/.ssh chmod 600 /root/.ssh/authorized_keys By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts. Hope this helped
January 7, 20188 yr On 18/12/2016 at 11:50 PM, tokra said: By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts. Hope this helped It did, very much so. Thanks!
March 26, 20188 yr Works perfectly ! On 12/18/2016 at 2:50 PM, tokra said: By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts. Hope this helped but I would like to say it will be safer to not using root or any well-known user name such as rescue, admin, adm, ... because who known when they will find another way to brute force ssh https://blog.sucuri.net/2013/07/ssh-brute-force-the-10-year-old-attack-that-still-persists.html
March 29, 20188 yr Well, unRAID is not meant to be facing a hostile network. So don't place it in a DMZ, or the internet, where it would be subject to brute force attacks. The root password cannot be super strong because some symbols cannot be used by the web ui properly
Archived
This topic is now archived and is closed to further replies.