Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ssh configuration

Featured Replies

how do you configure ssh, so that you can authenticate with a public/private key ?

 

openssh is now built in, just not sure how to configure /etc/ssh/sshd_config and make it persist across boots.

 

thanks in advance !

all the kety files for ssh are in /boot/config/ssh .  you should be able to grab the key files from there. 

  • 3 weeks later...

So, do we not generate our own key pair?  are we supposed to copy the private key from unRAID?  seems odd.

 

 

Is there an unraid 6 ssh key setup how-to?  Maybe I'm dense but its not working for me currently.

you normally generate your public/private key pair on your client and then copy the public key to the ~/.ssh directory on your server.( The .ssh directory in your home directory )  You will probably have to put your public key somewhere in the /boot/config directory and have the go script copy the key into the users home directory so it will persist after a reboot.

Thanks,

 

This was where I was confused... I wasn't sure if unRAID was special or if I just needed to created a .ssh and put my stuff there.  I went ahead and generated a key pair and installed it normally and it worked.

 

 

I created a small script to create the .ssh, chmod the dir, copy the authorized_keys (stored in /boot/config/ssh) to the .ssh dir and also chmod 700 it.

 

This lived through a reboot.  I'll go ahead and put my script here in case others want to see it.

 

 

gossh.txt

Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date.

cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys'

 

 

I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that.

Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date.

cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys'

 

 

I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that.

 

 

I think with any other directory that would work, but .ssh is a special directory with special permissions.  The link would be to a file on flash that has 777 permissions (rwxrwxrwx) on the flash drive

 

 

I can play with it and see unless someone already knows.

 

 

But the link creation would be just to "ln -s /boot/config/ssh /root/.ssh"  (.ssh can't already exist)  Just not sure how all the permissions would work off the top of my head.

 

 

 

 

 

Dmtalon: Thanks for that gossh. It works nicely. But can anyone figure out how to get it to work as a symlink? I'd like to be able to be able to do this and it just write to the file in /boot/config/ssh so it stays up to date.

cat .ssh/id_rsa.pub | ssh root@unraid 'cat >> /boot/config/ssh/authorized_keys'

 

 

I'd also love it if there was a way to persist the home directory but besides copying stuff around at shutdown and startup I don't know how to do that.

 

 

I think with any other directory that would work, but .ssh is a special directory with special permissions.  The link would be to a file on flash that has 777 permissions (rwxrwxrwx)

 

 

I can play with it and see unless someone already knows.

 

 

But the link creation would be just to "ln -s /boot/config/ssh /root/.ssh"  (.ssh can't already exist)  Just not sure how all the permissions would work off the top of my head.

 

I definitely didn't have a problem with the link creation. I even changed it in the script. But as you said, I think there is a permissions issue there.

  • 2 months later...

Thanks for the tiny script. I also added a line to the script to copy my custom sshd_config to /etc/ssh/ since I usually disable any kind of password access over SSH.

  • 2 years later...

1) generate SSH keys on your client machine:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

 

2) add generated key to your client:

eval "$(ssh-agent -s)"

ssh-add ~/.ssh/id_rsa

 

3) copy generated public key to your UNRAID server using:

ssh-copy-id -i ~/.ssh/id_rsa.pub root@tower

 

Then login to your UNRAID over SSH and:

4) Copy authorized_keys from root user home to flash using:

cp /root/.ssh/authorized_keys /boot/config/ssh/

 

5) edit /boot/config/go on flash and add this line:

mkdir /root/.ssh/
cp /boot/config/ssh/authorized_keys /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys

 

By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts.

 

Hope this helped  :)

  • 1 year later...
On 18/12/2016 at 11:50 PM, tokra said:

By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts.

 

Hope this helped  :)

 

It did, very much so.  Thanks!

  • 2 months later...

Works perfectly !

On 12/18/2016 at 2:50 PM, tokra said:

By this method you will have accessible SSH connection to your UNRAID over keys you generated even after UNRAID restarts.

 

Hope this helped  :)

 

but I would like to say it will be safer to not using root or any well-known user name such as rescue, admin, adm, ...

because who known when they will find another way to brute force ssh

https://blog.sucuri.net/2013/07/ssh-brute-force-the-10-year-old-attack-that-still-persists.html

Well, unRAID is not meant to be facing a hostile network. So don't place it in a DMZ, or the internet, where it would be subject to brute force attacks.

The root password cannot be super strong because some symbols cannot be used by the web ui properly 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.