ionred Posted April 28, 2021 Share Posted April 28, 2021 (edited) fc-ps-urd1-diagnostics-20210427-2146.zip Here you go. In the meantime, I added it back to my go file. Hopefully it doesn't just start working and then fill up my authorized keys file Edited April 28, 2021 by ionred Quote Link to comment
ljm42 Posted April 28, 2021 Share Posted April 28, 2021 13 hours ago, ionred said: fc-ps-urd1-diagnostics-20210427-2146.zip 111.34 kB · 0 downloads Here you go. In the meantime, I added it back to my go file. Hopefully it doesn't just start working and then fill up my authorized keys file Remove the "SSH Config Tool" plugin, it is likely what is overwriting your files. It hasn't been updated since 2019 so it doesn't know about the changes in 6.9. TBH your system has more plugins than I have ever seen installed at once I'd highly recommend removing as many as you can, the fewer plugins you have the better. Less potential conflicts like this one, less that can go wrong. Also, you should run touch /boot/config/modprobe.d/i915.conf and remove these lines from your go script: modprobe i915 chmod -R 777 /dev/dri per https://wiki.unraid.net/Manual/Release_Notes/Unraid_OS_6.9.0#GPU_Driver_Integration 2 Quote Link to comment
ionred Posted April 28, 2021 Share Posted April 28, 2021 8 minutes ago, ljm42 said: Remove the "SSH Config Tool" plugin, it is likely what is overwriting your files. It hasn't been updated since 2019 so it doesn't know about the changes in 6.9. TBH your system has more plugins than I have ever seen installed at once I'd highly recommend removing as many as you can, the fewer plugins you have the better. Less potential conflicts like this one, less that can go wrong. Both good points. I've removed the plugin along with 7 or 8 others that I know for sure I don't use. Unfortunately, I'm currently running a preclear on a new disk so I won't be able to check until tomorrow, but crossing my fingers this is it! 1 Quote Link to comment
ionred Posted April 28, 2021 Share Posted April 28, 2021 (edited) 25 minutes ago, ljm42 said: Also, you should remove these lines from your go script: modprobe i915 chmod -R 777 /dev/dri per https://wiki.unraid.net/Manual/Release_Notes/Unraid_OS_6.9.0#GPU_Driver_Integration That's fantastic (if it works!). Getting Intel QuickSync to pass through to the dockers in the past has always been a huge issue. @Hoopster I know you also had similar problems with modprobe i915 for quicksync/QSV. Did this work out for you on 6.9.1+? Edited April 28, 2021 by ionred Quote Link to comment
Hoopster Posted April 28, 2021 Share Posted April 28, 2021 3 minutes ago, ionred said: I know you also had similar problems with modprobe i915 for quicksync/QSV. Did this work out for you on 6.9.1+? Yes, I no longer have anything in the 'go' file related to i915 drivers. I used the 'touch' method to create a blank i915.conf file as explained in the link and have no problem with QSV working for Plex and HandBrake. 1 Quote Link to comment
ljm42 Posted April 28, 2021 Share Posted April 28, 2021 11 hours ago, Hoopster said: I used the 'touch' method to create a blank i915.conf file as explained in the link Oh right, I left that important step out Just updated my post in case someone reads this in the future. Quote Link to comment
Jessie Posted July 18, 2021 Share Posted July 18, 2021 I'm trying to create a simple method to switch between 2 operating systems which share a common GPU. I created 2 scripts in script editor to shut down the working operating system and boot the other. However I don't want the user to access the unraid GUI. Is it possible to run these scripts from the operating system vm interface by clicking an icon? Quote Link to comment
JonathanM Posted July 18, 2021 Share Posted July 18, 2021 35 minutes ago, Jessie said: Is it possible to run these scripts from the operating system vm interface by clicking an icon? Quote Link to comment
yahsh Posted October 11, 2021 Share Posted October 11, 2021 On 10/19/2016 at 11:12 AM, ken-ji said: A slightly better way to maintain the keys across reboots is to * copy the authorized_keys file to /boot/config/ssh/root.pubkeys * copy /etc/ssh/sshd_config to /boot/config/ssh * modify /boot/config/sshd_config to set the following line AuthorizedKeysFile /etc/ssh/%u.pubkeys This will allow you to keep the keys on the flash always and let the ssh startup scripts do all the copying. Hi @ken-ji what does the %u do? Could you enlighten me? Thanks. Quote Link to comment
ken-ji Posted October 11, 2021 Share Posted October 11, 2021 %u is expanded to the username so this tells sshd to look for the private keys in /etc/ssh/root.pubkeys (for the root user) Quote Link to comment
dhstsw Posted November 2, 2021 Share Posted November 2, 2021 Hi all, Updated to 6.10.0-rc2 and i can't anymore ssh into my unraid as root. a tail /var/log/syslog gives: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] but ssh-rsa is enabled in sshd_config: #ssh -Q PubkeyAcceptedAlgorithms ssh-ed25519 [email protected] [email protected] [email protected] ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] And: # ssh -Q PubkeyAcceptedKeyTypes ssh-ed25519 [email protected] [email protected] [email protected] ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] I double checked the autorized_keys and it's correct. I'm literally getting mad. Any idea? Thanks. Quote Link to comment
trurl Posted November 2, 2021 Share Posted November 2, 2021 1 hour ago, dhstsw said: Updated to 6.10.0-rc2 and i can't anymore ssh into my unraid as root. You should always read the release thread before updating. 1 Quote Link to comment
dhstsw Posted November 3, 2021 Share Posted November 3, 2021 11 hours ago, trurl said: You should always read the release thread before updating. Wich of course i did. It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, telnet, ssh, and ftp are disabled by default. My configuration isn't "new". SSH is enable. root password is defined since day 1. My SSH key is where it's supposed to be and shows in my users/root configuration in the webui. My clients (Putty, WinSCP) are up to date. Quote Link to comment
ken-ji Posted November 3, 2021 Share Posted November 3, 2021 12 hours ago, dhstsw said: Hi all, Updated to 6.10.0-rc2 and i can't anymore ssh into my unraid as root. a tail /var/log/syslog gives: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] but ssh-rsa is enabled in sshd_config: #ssh -Q PubkeyAcceptedAlgorithms ssh-ed25519 [email protected] [email protected] [email protected] ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] And: # ssh -Q PubkeyAcceptedKeyTypes ssh-ed25519 [email protected] [email protected] [email protected] ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] I double checked the autorized_keys and it's correct. I'm literally getting mad. Any idea? Thanks. that's the wrong command. Not sure on what's the values in 6.10rc2 but in 6.9.2 its [email protected]:~# sshd -T | grep pubkeyaccepted pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh-rsa is at the very end Quote Link to comment
dhstsw Posted November 3, 2021 Share Posted November 3, 2021 Never mind. I had enough and changed the key to ECDSA and now everything is working. (well, not really: the user/root filed to paste the key refuses any format for the key. I had to directly edit the authorized_keys file. C. Quote Link to comment
monarc Posted January 17, 2022 Share Posted January 17, 2022 (edited) Hi all, I'm running Unraid 6.9.2 and trying to setup passwordless ssh access to my Unraid server. For me this thread became quite messy over the years and I am unsure at which point we are now. I am trying to setup up @ken-ji's way and have put the authorized_keys file in /boot/config/ssh/root. Do I need to copy the sshd_config to the same location as well and change "AuthorizedKeysFile" to /etc/ssh/root? Am i totally wrong or on the right way? It would be very helpful if someone could write down the necessary steps again. Many thanks in advance. Edited January 17, 2022 by monarc Quote Link to comment
ken-ji Posted January 18, 2022 Share Posted January 18, 2022 As of 6.9.2 the only thing you really need to do is generate your ssh keys and stick them in the correct place either /root/.ssh or /boot/config/ssh/root (/root/.ssh is a symlink to this) [email protected]:~# ls -al /root/ total 32 drwx--x--- 6 root root 260 Jan 18 11:20 ./ drwxr-xr-x 20 root root 440 Jan 17 06:58 ../ -rw------- 1 root root 13686 Jan 17 11:29 .bash_history -rwxr-xr-x 1 root root 316 Apr 8 2021 .bash_profile* drwxr-xr-x 4 root root 80 Oct 29 10:21 .cache/ drwx------ 5 root root 100 Nov 30 06:02 .config/ lrwxrwxrwx 1 root root 30 Apr 8 2021 .docker -> /boot/config/plugins/dockerMan/ -rw------- 1 root root 149 Jan 18 11:20 .lesshst drwx------ 3 root root 60 Oct 29 10:21 .local/ -rw------- 1 root root 1024 Nov 13 00:36 .rnd lrwxrwxrwx 1 root root 21 Apr 8 2021 .ssh -> /boot/config/ssh/root/ drwxr-xr-x 5 root root 280 Jan 16 10:23 .vscode-server/ -rw-r--r-- 1 root root 351 Jan 18 00:00 .wget-hsts [email protected]:~# ls -l /root/.ssh/ total 32 -rw------- 1 root root 418 Mar 9 2021 authorized_keys -rw------- 1 root root 883 Mar 9 2021 id_rsa -rw------- 1 root root 209 Apr 19 2021 id_rsa.pub -rw------- 1 root root 3869 Jul 24 08:59 known_hosts [email protected]:~# ls -l /boot/config/ssh/root/ total 32 -rw------- 1 root root 418 Mar 9 2021 authorized_keys -rw------- 1 root root 883 Mar 9 2021 id_rsa -rw------- 1 root root 209 Apr 19 2021 id_rsa.pub -rw------- 1 root root 3869 Jul 24 08:59 known_hosts Quote Link to comment
monarc Posted January 18, 2022 Share Posted January 18, 2022 Thanks for your quick reply @ken-ji! Looks good I guess, but even after "/etc/rc.d/rc.sshd restart" I am asked to enter my "normal" root password to login. [email protected]:~# ls -al /root/ total 12 drwx--x--- 6 root root 220 Jan 2 22:14 ./ drwxr-xr-x 20 root root 460 Jan 15 21:39 ../ -rw------- 1 root root 494 Jan 17 18:41 .bash_history -rwxr-xr-x 1 root root 316 Apr 7 2021 .bash_profile* drwx------ 3 root root 60 Jan 2 22:14 .cache/ drwx------ 4 root root 80 Jan 2 22:14 .config/ lrwxrwxrwx 1 root root 30 Apr 7 2021 .docker -> /boot/config/plugins/dockerMan/ drwx------ 3 root root 60 Nov 4 13:25 .freeipmi/ drwx------ 3 root root 60 Jan 2 22:14 .local/ lrwxrwxrwx 1 root root 21 Apr 7 2021 .ssh -> /boot/config/ssh/root/ -rw-r--r-- 1 root root 281 Jan 18 00:10 .wget-hsts [email protected]:~# ls -l /root/.ssh/ total 20 -rw------- 1 root root 393 Jan 17 18:13 authorized_keys -rw------- 1 root root 86 May 4 2021 config -rw------- 1 root root 192 May 4 2021 known_hosts -rw------- 1 root root 387 May 4 2021 unraidbackup_id_ed25519 -rw------- 1 root root 82 May 4 2021 unraidbackup_id_ed25519.pub [email protected]:~# ls -l /boot/config/ssh/root/ total 20 -rw------- 1 root root 393 Jan 17 18:13 authorized_keys -rw------- 1 root root 86 May 4 2021 config -rw------- 1 root root 192 May 4 2021 known_hosts -rw------- 1 root root 387 May 4 2021 unraidbackup_id_ed25519 -rw------- 1 root root 82 May 4 2021 unraidbackup_id_ed25519.pub [email protected]:~# Is there anything else I forgot? Do I have to edit /etc/ssh/sshd_conf or is .ssh/authorized_keys for AuthorizedKeysFile okay? Is "/etc/rc.d/rc.sshd restart" enough or do I have to reboot my Unraid so passwordless login will start to work? Quote Link to comment
ken-ji Posted January 18, 2022 Share Posted January 18, 2022 hmm is your config file referring to the unraidbackup_id_ed25519 as the private key? by default ssh will try to use id_rsa, id_dsa, id_ecdsa, id_ed25519 and maybe a few others as the private key file running `ssh -v` will let you have an idea on what's happening. Quote Link to comment
monarc Posted January 18, 2022 Share Posted January 18, 2022 hmm, I am not sure if I understand you right, but my private key I have generated along with the pub key is on my PC and I am using it in mobaxterm to login into Unraid. The pub key I have copy&pasted in the authorized_keys file. I used MobaKeyGen to generate Piblic and Private Key. I haven't had these issues with our servers so far?! Quote Link to comment
ken-ji Posted January 18, 2022 Share Posted January 18, 2022 ah. you need to rename the public key unraidbackup_id_ed25519.pub to authorized_keys then you can delete the private key from Unraid I thought you were trying to ssh to other servers from Unraid. My case uses both hence the authorized_keys and id_rsa files In a nutshell * Generate private and public keys * on the server you are going to access, append the public key to authorized_keys file, creating it if it doesn't exist. The typical location is /root/.ssh/authorized_keys * make sure the ownership is -rw------- (600) Quote Link to comment
monarc Posted January 18, 2022 Share Posted January 18, 2022 (edited) why do I have to rename unraidbackup_id_ed25519.pub if I already have created authorized_keys with my public key in it. According to /root/.ssh/config the key pair unraidbackup_id_ed25519 belongs to backup.unraid.net. Sounds for me like the something the MyServer plugin created?! Sorry, all still a bit unclear to me.... 🙈 Edited January 18, 2022 by monarc Quote Link to comment
ken-ji Posted January 18, 2022 Share Posted January 18, 2022 My mistake, I'm not using any of the unraid.net services and I missed the authorized_keys files Are you able to generate logs or diagnostics from your client? I simply use the builtin ssh client in Windows, Mac and Linux all the time so I usually just run it with ssh -v to see why ssh client is being made to do password authentication. Quote Link to comment
monarc Posted January 18, 2022 Share Posted January 18, 2022 Looks like Unraid is unhappy with the format of the key files. Can you please share the command to generate a pair of keys from Unraid shell. Thanks in advance. Quote Link to comment
ken-ji Posted January 19, 2022 Share Posted January 19, 2022 the keytype and bits depends on your needs but the simplest command is ssh-keygen -C "comment so you know which key this is" -f path/to/private_key -m pem -N "" This creates the keypair /tmp/mykey and /tmp/mykey.pub using the rsa format (with 1024bits I think) `-C "comment"` adds a comment at the end of the public key so you can tell which public key it is later on. `-N ""` specifies an empty passphrase which is used to encrypt/decrypt the private key (This could be use to "safely" store the private key in certain places) `-m pem` is a function for interoperability of the private key with older ssh implementations (if it works without for you then you can skip specifying it) You can specify `-t ecdsa` or `-t ed25519` to use those key formats if needed. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.