Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Passwordless SSH login

Featured Replies

fc-ps-urd1-diagnostics-20210427-2146.zip

 

Here you go. In the meantime, I added it back to my go file. Hopefully it doesn't just start working and then fill up my authorized keys file :)

Edited by ionred

  • Replies 143
  • Views 81k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • 1) If necessary, generate an SSH key on your Mac or Linux machines, using ssh-keygen.   2) Create an authorized_keys file for the unRAID server, using the id_rsa.pub files on all the machines which

  • 1. On Linux or Mac, use ssh-keygen to generate a key pair, there'll be 2 files generated, a private key file (e.g. id_rsa) and a public key file (e.g. id_rsa.pub);   2. On your unRAID server, enter

  • A slightly better way to maintain the keys across reboots is to * copy the authorized_keys file to /boot/config/ssh/root.pubkeys * copy /etc/ssh/sshd_config to /boot/config/ssh * modify

Posted Images

13 hours ago, ionred said:

fc-ps-urd1-diagnostics-20210427-2146.zip 111.34 kB · 0 downloads

 

Here you go. In the meantime, I added it back to my go file. Hopefully it doesn't just start working and then fill up my authorized keys file :)

 

Remove the "SSH Config Tool" plugin, it is likely what is overwriting your files. It hasn't been updated since 2019 so it doesn't know about the changes in 6.9. 

 

TBH your system has more plugins than I have ever seen installed at once :) I'd highly recommend removing as many as you can, the fewer plugins you have the better. Less potential conflicts like this one, less that can go wrong.

 

 

Also, you should run

touch /boot/config/modprobe.d/i915.conf

and remove these lines from your go script:

modprobe i915
chmod -R 777 /dev/dri

per https://wiki.unraid.net/Manual/Release_Notes/Unraid_OS_6.9.0#GPU_Driver_Integration

 

8 minutes ago, ljm42 said:

 

Remove the "SSH Config Tool" plugin, it is likely what is overwriting your files. It hasn't been updated since 2019 so it doesn't know about the changes in 6.9. 

 

TBH your system has more plugins than I have ever seen installed at once :) I'd highly recommend removing as many as you can, the fewer plugins you have the better. Less potential conflicts like this one, less that can go wrong.

 

Both good points. I've removed the plugin along with 7 or 8 others that I know for sure I don't use. 

 

Unfortunately, I'm currently running a preclear on a new disk so I won't be able to check until tomorrow, but crossing my fingers this is it!

25 minutes ago, ljm42 said:

Also, you should remove these lines from your go script:




modprobe i915
chmod -R 777 /dev/dri

per https://wiki.unraid.net/Manual/Release_Notes/Unraid_OS_6.9.0#GPU_Driver_Integration

 

 

 

That's fantastic (if it works!). Getting Intel QuickSync to pass through to the dockers in the past has always been a huge issue. 

 

@Hoopster I know you also had similar problems with modprobe i915 for quicksync/QSV. Did this work out for you on 6.9.1+?

Edited by ionred

3 minutes ago, ionred said:

I know you also had similar problems with modprobe i915 for quicksync/QSV. Did this work out for you on 6.9.1+?

Yes, I no longer have anything in the 'go' file related to i915 drivers. I used the 'touch' method to create a blank i915.conf file as explained in the link and have no problem with QSV working for Plex and HandBrake.

11 hours ago, Hoopster said:

I used the 'touch' method to create a blank i915.conf file as explained in the link

Oh right, I left that important step out :) Just updated my post in case someone reads this in the future.

  • 2 months later...

I'm trying to create a simple method to switch between 2 operating systems which share a common GPU.  I created 2 scripts in script editor to shut down the working operating system and boot the other.  However I don't want the user to access the unraid GUI.  Is it possible to run these scripts from the operating system vm interface by clicking an icon?

35 minutes ago, Jessie said:

Is it possible to run these scripts from the operating system vm interface by clicking an icon?

 

  • 2 months later...
On 10/19/2016 at 11:12 AM, ken-ji said:

A slightly better way to maintain the keys across reboots is to

* copy the authorized_keys file to /boot/config/ssh/root.pubkeys

* copy /etc/ssh/sshd_config to /boot/config/ssh

* modify /boot/config/sshd_config to set the following line

AuthorizedKeysFile      /etc/ssh/%u.pubkeys
 

 

This will allow you to keep the keys on the flash always and let the ssh startup scripts do all the copying.

Hi @ken-ji what does the %u do? Could you enlighten me? Thanks.

%u is expanded to the username

so this tells sshd to look for the private keys in /etc/ssh/root.pubkeys (for the root user)

  • 4 weeks later...

Hi all,

Updated to 6.10.0-rc2 and i can't anymore ssh into my unraid as root.

a tail /var/log/syslog gives:

 

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]


but ssh-rsa is enabled in sshd_config:
 

#ssh -Q PubkeyAcceptedAlgorithms

ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

 

And:
 

# ssh -Q PubkeyAcceptedKeyTypes

ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]


I double checked the autorized_keys and it's correct.

I'm literally getting mad.

Any idea?

Thanks.
 

  • Community Expert
1 hour ago, dhstsw said:

Updated to 6.10.0-rc2 and i can't anymore ssh into my unraid as root.

You should always read the release thread before updating.

11 hours ago, trurl said:

You should always read the release thread before updating.

 

Wich of course i did.

 

It is now mandatory to define a root password.  We also created a division in the Users page to distinguish root from other user names.  The root UserEdit page includes a text box for pasting SSH authorized keys.

For new configurations, telnet, ssh, and ftp are disabled by default.

 

My configuration isn't "new".
SSH is enable.

root password is defined since day 1.

My SSH key is where it's supposed to be and shows in my users/root configuration in the webui.

My clients (Putty, WinSCP) are up to date.
 

12 hours ago, dhstsw said:

Hi all,

Updated to 6.10.0-rc2 and i can't anymore ssh into my unraid as root.

a tail /var/log/syslog gives:

 

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]


but ssh-rsa is enabled in sshd_config:
 

#ssh -Q PubkeyAcceptedAlgorithms

ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

 

And:
 

# ssh -Q PubkeyAcceptedKeyTypes

ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]


I double checked the autorized_keys and it's correct.

I'm literally getting mad.

Any idea?

Thanks.
 

that's the wrong command. Not sure on what's the values in 6.10rc2 but in 6.9.2 its

root@MediaStore:~# sshd -T | grep pubkeyaccepted
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa

ssh-rsa is at the very end

Never mind.

I had enough and changed the key to ECDSA and now everything is working.

(well, not really: the user/root filed to paste the key refuses any format for the key. I had to directly edit the authorized_keys file.

C.

  • 2 months later...

Hi all, I'm running Unraid 6.9.2 and trying to setup passwordless ssh access to my Unraid server. For me this thread became quite messy over the years and I am unsure at which point we are now.

 

I am trying to setup up @ken-ji's way and have put the authorized_keys file in /boot/config/ssh/root. Do I need to copy the sshd_config to the same location as well and change "AuthorizedKeysFile" to /etc/ssh/root?

 

Am i totally wrong or on the right way?

 

It would be very helpful if someone could write down the necessary steps again. Many thanks in advance.

Edited by monarc

As of 6.9.2 the only thing you really need to do is generate your ssh keys and stick them in the correct place

either /root/.ssh or /boot/config/ssh/root (/root/.ssh is a symlink to this)

root@MediaStore:~# ls -al /root/
total 32
drwx--x---  6 root root   260 Jan 18 11:20 ./
drwxr-xr-x 20 root root   440 Jan 17 06:58 ../
-rw-------  1 root root 13686 Jan 17 11:29 .bash_history
-rwxr-xr-x  1 root root   316 Apr  8  2021 .bash_profile*
drwxr-xr-x  4 root root    80 Oct 29 10:21 .cache/
drwx------  5 root root   100 Nov 30 06:02 .config/
lrwxrwxrwx  1 root root    30 Apr  8  2021 .docker -> /boot/config/plugins/dockerMan/
-rw-------  1 root root   149 Jan 18 11:20 .lesshst
drwx------  3 root root    60 Oct 29 10:21 .local/
-rw-------  1 root root  1024 Nov 13 00:36 .rnd
lrwxrwxrwx  1 root root    21 Apr  8  2021 .ssh -> /boot/config/ssh/root/
drwxr-xr-x  5 root root   280 Jan 16 10:23 .vscode-server/
-rw-r--r--  1 root root   351 Jan 18 00:00 .wget-hsts
root@MediaStore:~# ls -l /root/.ssh/
total 32
-rw------- 1 root root  418 Mar  9  2021 authorized_keys
-rw------- 1 root root  883 Mar  9  2021 id_rsa
-rw------- 1 root root  209 Apr 19  2021 id_rsa.pub
-rw------- 1 root root 3869 Jul 24 08:59 known_hosts
root@MediaStore:~# ls -l /boot/config/ssh/root/
total 32
-rw------- 1 root root  418 Mar  9  2021 authorized_keys
-rw------- 1 root root  883 Mar  9  2021 id_rsa
-rw------- 1 root root  209 Apr 19  2021 id_rsa.pub
-rw------- 1 root root 3869 Jul 24 08:59 known_hosts

 

Thanks for your quick reply @ken-ji!

 

Looks good I guess, but even after "/etc/rc.d/rc.sshd restart" I am asked to enter my "normal" root password to login.

 

root@Unraid:~# ls -al /root/
total 12
drwx--x---  6 root root 220 Jan  2 22:14 ./
drwxr-xr-x 20 root root 460 Jan 15 21:39 ../
-rw-------  1 root root 494 Jan 17 18:41 .bash_history
-rwxr-xr-x  1 root root 316 Apr  7  2021 .bash_profile*
drwx------  3 root root  60 Jan  2 22:14 .cache/
drwx------  4 root root  80 Jan  2 22:14 .config/
lrwxrwxrwx  1 root root  30 Apr  7  2021 .docker -> /boot/config/plugins/dockerMan/
drwx------  3 root root  60 Nov  4 13:25 .freeipmi/
drwx------  3 root root  60 Jan  2 22:14 .local/
lrwxrwxrwx  1 root root  21 Apr  7  2021 .ssh -> /boot/config/ssh/root/
-rw-r--r--  1 root root 281 Jan 18 00:10 .wget-hsts
root@Unraid:~# ls -l /root/.ssh/
total 20
-rw------- 1 root root 393 Jan 17 18:13 authorized_keys
-rw------- 1 root root  86 May  4  2021 config
-rw------- 1 root root 192 May  4  2021 known_hosts
-rw------- 1 root root 387 May  4  2021 unraidbackup_id_ed25519
-rw------- 1 root root  82 May  4  2021 unraidbackup_id_ed25519.pub
root@Unraid:~# ls -l /boot/config/ssh/root/
total 20
-rw------- 1 root root 393 Jan 17 18:13 authorized_keys
-rw------- 1 root root  86 May  4  2021 config
-rw------- 1 root root 192 May  4  2021 known_hosts
-rw------- 1 root root 387 May  4  2021 unraidbackup_id_ed25519
-rw------- 1 root root  82 May  4  2021 unraidbackup_id_ed25519.pub
root@Unraid:~#

 

Is there anything else I forgot? Do I have to edit /etc/ssh/sshd_conf or is  .ssh/authorized_keys for AuthorizedKeysFile okay? Is "/etc/rc.d/rc.sshd restart" enough or do I have to reboot my Unraid so passwordless login will start to work?

hmm is your config file referring to the unraidbackup_id_ed25519 as the private key?
by default ssh will try to use id_rsa, id_dsa, id_ecdsa, id_ed25519 and maybe a few others as the private key file

running `ssh -v` will let you have an idea on what's happening.

hmm, I am not sure if I understand you right, but my private key I have generated along with the pub key is on my PC and I am using it in mobaxterm to login into Unraid. The pub key I have copy&pasted in the authorized_keys file.

 

I used MobaKeyGen to generate Piblic and Private Key.

 

I haven't had these issues with our servers so far?!

ah. you need to rename the public key unraidbackup_id_ed25519.pub to authorized_keys

then you can delete the private key from Unraid

I thought you were trying to ssh to other servers from Unraid. My case uses both hence the authorized_keys and id_rsa files

 

In a nutshell
 

* Generate private and public keys
* on the server you are going to access, append the public key to authorized_keys file, creating it if it doesn't exist.
The typical location is /root/.ssh/authorized_keys
* make sure the ownership is -rw------- (600)

 

why do I have to rename unraidbackup_id_ed25519.pub if I already have created authorized_keys with my public key in it.

 

According to /root/.ssh/config the key pair unraidbackup_id_ed25519 belongs to backup.unraid.net. Sounds for me like the something the MyServer plugin created?!

 

Sorry, all still a bit unclear to me.... 🙈

Edited by monarc

My mistake, I'm not using any of the unraid.net services and I missed the authorized_keys files

Are you able to generate logs or diagnostics from your client?

I simply use the builtin ssh client in Windows, Mac and Linux all the time so I usually just run it with ssh -v to see why ssh client is being made to do password authentication.

Looks like Unraid is unhappy with the format of the key files. Can you please share the command to generate a pair of keys from Unraid shell.

 

Thanks in advance.

the keytype and bits depends on your needs but the simplest command is
 

ssh-keygen -C "comment so you know which key this is" -f path/to/private_key -m pem -N ""

 

This creates the keypair /tmp/mykey and /tmp/mykey.pub using the rsa format (with 1024bits I think)

`-C "comment"` adds a comment at the end of the public key so you can tell which public key it is later on.
`-N ""` specifies an empty passphrase which is used to encrypt/decrypt the private key (This could be use to "safely" store the private key in certain places)
`-m pem` is a function for interoperability of the private key with older ssh implementations (if it works without for you then you can skip specifying it)

You can specify `-t ecdsa` or `-t ed25519` to use those key formats if needed.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.