Login to SSH without using root

[smdion]

Is there a way I can login to my unRAID box not using root (preferably using my AD credentials?)

[smdion]

Even a "this is not supported" or a point down a path where I can change something would be great... 

[limetech]

Is there a way I can login to my unRAID box not using root

Might sound strange: there are no "user accounts" in unRaid.  That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server.  The only reason there is a Users page is to support non-Active Directory security modes.  For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC.  If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection.  It is not intended that you would ever log into unRaid as user "larry".

 

In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS.

 

(preferably using my AD credentials?)

Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that.

[smdion]

Is there a way I can login to my unRAID box not using root

Might sound strange: there are no "user accounts" in unRaid.  That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server.  The only reason there is a Users page is to support non-Active Directory security modes.  For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC.  If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection.  It is not intended that you would ever log into unRaid as user "larry".

 

In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS.

 

(preferably using my AD credentials?)

Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that.

 

Thanks Tom.  Would WebGUI access for AD Admins also give SSH access?  Maybe we could add WebGUI/SSH access by the AD group specified on the unRAID WebGUI.

 

I have no other "users" in the WebGUI.. all access is done by AD.

 

 

THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/

[Schar]

Dead keen for this too. The more integrated / federated security is, the better these days!

 

 

I've tried a few things to SSH to UNRAID as a domain user, but haven't quite got it working

 

getent passwd Administrator works a treat.

 

When I try to ssh administrator@localhost, I get permission denied (on correct or incorrect password) a few times, and finally Permission denied (publickey,password,keyboard-interactive).

 

This works too:

root@TOWER:/boot# wbinfo -a administrator
Enter administrator's password:
plaintext password authentication succeeded
Enter administrator's password:
challenge/response password authentication succeeded

Although I'd love to remove the plaintext option. Never liked that. Not sure how to get kerberos auth, the k* commands don't seem to be available.

 

 

I've found a bunch of information about how to make this work, but most of it relates to change sudoers or modifying sshd_config or configuring /etc/pam.d -- all of which I'd have no idea about how to do in the UNRAID environment in a persistent manner.

[limetech]

Is there a way I can login to my unRAID box not using root

Might sound strange: there are no "user accounts" in unRaid.  That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server.  The only reason there is a Users page is to support non-Active Directory security modes.  For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC.  If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection.  It is not intended that you would ever log into unRaid as user "larry".

 

In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS.

 

(preferably using my AD credentials?)

Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that.

 

Thanks Tom.  Would WebGUI access for AD Admins also give SSH access?  Maybe we could add WebGUI/SSH access by the AD group specified on the unRAID WebGUI.

 

I have no other "users" in the WebGUI.. all access is done by AD.

 

 

THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/

 

Hey man, is that your site?  It's pretty cool! 

[smdion]

Is there a way I can login to my unRAID box not using root

Might sound strange: there are no "user accounts" in unRaid.  That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server.  The only reason there is a Users page is to support non-Active Directory security modes.  For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC.  If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection.  It is not intended that you would ever log into unRaid as user "larry".

 

In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS.

 

(preferably using my AD credentials?)

Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that.

 

Thanks Tom.  Would WebGUI access for AD Admins also give SSH access?  Maybe we could add WebGUI/SSH access by the AD group specified on the unRAID WebGUI.

 

I have no other "users" in the WebGUI.. all access is done by AD.

 

 

THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/

 

Hey man, is that your site?  It's pretty cool! 

 

Not mine, but I do contribute there.  Thanks!  Run by a few other unRAID users.

[Schar]

THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/

 

Great to see that I wasn't smoking something - that is exactly the method I used. Gave up trying to get inheritance working from the UNRAID shell. I like your share based AD groups and that is something I will be doing going forwards, then put them inside other groups for user allocation.

 

Would be good to script this up using setfacl or an equivalent. I think I see what I need to do but never got it working that way!