Passwordless SSH login


Recommended Posts

Sorry guys, but I haven't had problems with this on any other of my server. I don't know what I'm doing wrong. Would someone be so nice and could please write a step by step guide for setting up Unraid with ssh keys so login is possible without a simple password.

 

Thanks in advance. Much appreciated.

Link to comment
  • 6 months later...
On 1/20/2022 at 5:23 PM, monarc said:

Sorry guys, but I haven't had problems with this on any other of my server. I don't know what I'm doing wrong. Would someone be so nice and could please write a step by step guide for setting up Unraid with ssh keys so login is possible without a simple password.

 

Thanks in advance. Much appreciated.

 

I know there are better solutions than mine, but since you ask, I'd like to share my own solution, step by step. If you want a very simple solution (with minor issue), you may skip to the end and read the P.S. section.

 

The key point of using SSH client without a password is the file '~root/.ssh/authorized_keys', my solution is to create a folder to save it and restore it in the next boot.

 

1. Create a folder on the UnRAID flash, I use /boot/config/misc/ssh

 

mkdir -p /boot/config/misc/ssh

 

    I'll put the setup scripts and SSH keys in this folder.
    
2. Copy the current client keys into the above folder:

 

cp /root/.ssh/authorized_keys /boot/config/misc/ssh/

    
3. Also copy the UnRAID's SSH client keys (so I can ssh from UnRAID to other servers without password), my key files have the names id_rsa, id_rsa.pub:

 

cp /root/.ssh/id* /boot/config/misc/ssh/

    
4. Create a script to copy these files back into root's .ssh folder in the next boot, I create a file /boot/config/misc/ssh/setup_ssh_client.sh, contents shown below:

 

#!/bin/bash

SSH_DIR=/root/.ssh
mkdir -p ${SSH_DIR}
chmod 750 ${SSH_DIR}

cp /boot/config/misc/ssh/authorized_keys ${SSH_DIR}/
cp /boot/config/misc/ssh/id_rsa ${SSH_DIR}/
cp /boot/config/misc/ssh/id_rsa.pub ${SSH_DIR}/

chmod 600 ${SSH_DIR}/authorized_keys
chmod 600 ${SSH_DIR}/id_rsa

    
    The script simply creates the /root/.ssh (if it doesn't exist), and then copies all the keys I saved earlier into it.
    
5. Now I need to find a way to let my script run during the next boot, the script '/boot/config/go' is executed at the very end of the bootstrap, so it's an ideal place to start my script, I modified it and added the following lines at the end:

 

cp /boot/config/misc/ssh/setup_ssh_client.sh /tmp/
chmod a+x /tmp/setup_ssh_client.sh
/tmp/setup_ssh_client.sh

 

    Note: since the scripts on /boot can't be executed, I have to copy it to /tmp to run.

 

5. Done.

 

To test if the above settings work, erase current /root/.ssh folder (backup it first if you want), and then manually enter the commands in step 5 one by one, your .ssh folder should be restored, otherwise something's wrong in the above procedures.

From now on, each time /root/.ssh/authorized_keys is changed, I need to redo step 2 to copy it back to the flash, fortunately I don't have to this often becuase the clients don't change frequently.

 

P.S. AFAIK, there's a very simple way to accomplish 'ssh to UnRAID without password', create a folder on flash, say /boot/config/ssh_keys, then make /root/.ssh a symbolic link to the folder, that's as easy as adding a line in /boot/config/go:

 

ln -s /boot/config/ssh_keys /root/.ssh

 

and it's done. But it has a minor issue, when you issue rsync commands from UnRAID, you may get some errors as shown below:

 

hostfile_replace_entries: link /root/.ssh/known_hosts to /root/.ssh/known_hosts.old: Operation not permitted
update_known_hosts: hostfile_replace_entries failed for /root/.ssh/known_hosts: Operation not permitted

 

the rsync will still run though. I just don't like these error messages, so I prefer my way.

Edited by georgez
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.