August 25, 20178 yr Hello How can I add another user than root to be able to use ssh and be able to log in? I added another user to the ssh config, but this user is not able to log in, get disconnected by server right after successfull login. Unraid 6.3.5
August 25, 20178 yr Best option I've seen to date is this: Not run it myself, but thought I'd point it out.
January 25, 20224 yr On 8/25/2017 at 9:57 AM, Tybio said: Best option I've seen to date is this: Not run it myself, but thought I'd point it out. Thanks. This is still applicable 4 years later 🙂
February 2, 20224 yr For those not wanting to use a plugin, you can add the user via the root user. Give it a home dir and shell, and then update the saved /boot/config/passwd with the one in /etc/passwd It seems that when booting, unriad turns off all shells for non root accounts, so you need to add a line in the init script to enable them again... /boot/config/go No idea how updates/upgrades will work with this... probably will blow it away.
August 9, 20232 yr I've no idea why they have made it so hard to do this. I'm the single and only user of my unraid setup and my main mode of transferring data is via rsync & SCP. I *must* be able to have a working user that is not root to have SSH access for this even when the system unexpectedly reboots. So after a bunch of trial and error I've come up with the expanded version of the /boot/config/go script below. Shared here in case it helps somebody else who's been struggling with this omission. The user 'USERNAME' was created and password set using the web GUI. All you'd need to do is change the word USERNAME to your actual, well... username, and double check the 1000:100 user:group numbers are the same for your situation. If this messes up your unraid config somehow, it's non-destructive. Reverting to default settings, because you just want to or because you messed up, is a matter of opening a terminal via the web gui or on the physical console and removing everything but the first & last line of the /boot/config/go file again. #!/bin/bash # Make homedir mkdir /USERNAME chown USERNAME:users /USERNAME # Set homedir and assign shell cat /etc/passwd | sed -e s/USERNAME.*false/"USERNAME:x:1000:100:User description:\/USERNAME:\/bin\/bash"/ > /etc/passwd.1 mv /etc/passwd.1 /etc/passwd # Ensure user profile doesn't try to send you to the root homedir upon login cat /etc/profile | sed -e s/"export HOME=\/root"/"export HOME=\/\`whoami\`"/ > /etc/profile.1 mv /etc/profile.1 /etc/profile # Allow all users to SSH in. # (Alternatively append your specific desired username after 'root', separated with a space: # i.e. "AllowUsers root USERNAME") cat /etc/ssh/sshd_config | sed -e s/"AllowUsers root"/"# AllowUsers root"/ > /etc/ssh/sshd_config.1 mv /etc/ssh/sshd_config.1 /etc/ssh/sshd_config /etc/rc.d/rc.sshd reload # Start the Management Utility /usr/local/sbin/emhttp &
August 9, 20232 yr 11 hours ago, whiter said: I've no idea why they have made it so hard to do this. I'm the single and only user of my unraid setup and my main mode of transferring data is via rsync & SCP. I *must* be able to have a working user that is not root to have SSH access for this even when the system unexpectedly reboots. This is unRAID, it does not use linux users for permissions. The ONLY user in the convention linux sense is root. Ideally you should not have other systems SSH directly into unRAID. The better way to handle it would be with a docker container or VM running an SSH server and having access to the specific array folders required. Personally I use an LXC container for this, but that requires the LXC plugin rather than built in functionality.
August 9, 20232 yr 3 minutes ago, primeval_god said: Personally I use an LXC container for this, but that requires the LXC plugin rather than built in functionality. Maybe someday it will be included in the base OS.
August 9, 20232 yr Not that there is anything wrong with using a plugin like LXC. But the tone of this discussion made me think that built-in options might be preferred. Edited August 9, 20232 yr by primeval_god
August 12, 20232 yr On 8/10/2023 at 1:26 AM, primeval_god said: This is unRAID, it does not use linux users for permissions. The ONLY user in the convention linux sense is root. Users created in the Unraid user interface are added to /etc/passwd. Files uploaded via an 'official' sharing mechanism like SMB honour the Linux file permissions and create new files using the user ID and group ID as assigned to the logged in user in the /etc/passwd file. Linux users for accounts other than root are very much used. Running docker, and a loading a container, is WAY overkill for a built-in core capability of the OS. I've no intention to overcomplicate things, and beef up the CPU and memory of the system hosting nothing but my backup drives, for the sake of running a basic capability that it already has but is just made extra difficult to enable. Keep It Stupid Simple.
August 12, 20232 yr 4 hours ago, whiter said: Running docker, and a loading a container, is WAY overkill for a built-in core capability of the OS. I've no intention to overcomplicate things, and beef up the CPU and memory of the system hosting nothing but my backup drives, for the sake of running a basic capability that it already has but is just made extra difficult to enable. I don't share this opinion but of course that's my opinion. I think it's more overkill what you did above but don't get me wrong that's my opinion. It always depends on what you are trying to do and to accomplish. For me it's way enough to log in as root and do stuff as root and I never want to access this from outside and even if I want to do that I can create a tunnel and do that.
August 12, 20232 yr I've recently started using tailscale and the unraid plugin for it with SSH enabled. It seems to pretty much solve both the multi-user and the open SSH port issues at once for me anyway. Specifically the multi-user aspect just means letting multiple different users login to SSH as root without giving out a password or managing keys. That might not be what everyone is looking for, but it might solve the needs for some. I also do still use the unraid connect plugin, and I wish it didn't require an open port, but it doesn't bother me enough to not use it.
August 14, 20232 yr On 8/12/2023 at 5:20 AM, whiter said: Users created in the Unraid user interface are added to /etc/passwd. Files uploaded via an 'official' sharing mechanism like SMB honour the Linux file permissions and create new files using the user ID and group ID as assigned to the logged in user in the /etc/passwd file. Linux users for accounts other than root are very much used. See https://docs.unraid.net/unraid-os/manual/users On 8/12/2023 at 5:20 AM, whiter said: Running docker, and a loading a container, is WAY overkill for a built-in core capability of the OS. ...and beef up the CPU and memory of the system... Its really not overkill, its the way the system is meant to be used (in unRAID that is). Containerization really doesnt have that much overhead in terms of cpu and memory usage. Its just tooling over cgroups and namespaces after all. In fact systems exist where every normal linux process is containerized (see Rancher OS) and they manage to stay performant. Admittedly the there is a bit more overhead in terms of disk usage especially with docker. And there is something to be said for the increase in complexity for those less familiar with docker and LXC, however the unRAID webui experience (and LXC plugin experience) help a lot in this area.
August 20, 20232 yr Based on Whiter's contribution I have the following manual steps to set up a second user to use SSH from a Mac. I did try the edit for unRaid /boot/config/go but I ended up bricking root access so had to create a new unRaid USB (using the existing USB stick - a good exercise in itself). I to am a one user unRaid (3 day old) user with a Mac. Reason is I have numerous hundreds of Gbs Final Cut Pro projects (which contain zillions of small and large files) to move/copy to (3 day old) MacPro Unraid system. SMB is not useable, to slow, unfortunately (for the many threads on the subject here). FTP cannot get to work using the default FTP server (read_only!?!) and not able to find/setup a FTP from the app store. Here are my manual steps: Delete the unRaid user Sid if exists already root@Tower:~# useradd sid root@Tower:~# passwd sid root@Tower:~# mkdir /home/sid root@Tower:~# chown sid:users /home/sid root@Tower:~# ls -al /home. <== checking root@Tower:~# cat /etc/passwd. <== checking root@Tower:~# groupadd -r sshusers root@Tower:~# usermod -a -G sshusers root root@Tower:~# usermod -a -G sshusers sid root@Tower:~# vi /etc/ssh/sshd_config ==> add AllowUsers root sid ==> add AllowGroups schusses root@Tower:~# /usr/sbin/sshd -t. <== check the config is valid root@Tower:~# echo $? 0 <== A 0 equal all ok, non zero means fix it root@Tower:~# /etc/rc.d/rc.sshd reload Re-add unRaid Sid user Try rsync using user sid ==> rsync -avhP ssh ~/Downloads/teleport/ [email protected]:/mnt/user/unraid/teleport/ And try root user rsync -avhP ssh ~/Downloads/teleport/ [email protected]:/mnt/user/unraid/teleport/ Edited August 21, 20232 yr by ChannelD upper to lower case correction
September 7, 2025Sep 7 @ChannelD thanks for sharing. Just one comment:==> add AllowGroups schusses^ I think that line has a typo - should it not look like this? -==> add AllowGroups sshusersI'm attempting to put together an automated script to enable passwordless normal user SCP with public key authentication for use with WinSCP.I've not fully tested it yet but I have had it working manually and is based on the scripts above but enabled using the user scripts plugin rather than main /boot/config/go oneOne thing I learned was that you must ensure that the directory and file ownership and permissions are correct i.e. on the user home and subdirectories and key files using chown and chmod commands ( as I think the SSH daemon needs that when reading the users ~/.ssh/authorized_keys file containing the public keys based on its logs )For SFTP (rather than just scp) transfers via Tailscale I'm already using the excellent TailVault container from @SpaceInvaderOnebut I prefer to have a manual backup option for that with pubkey based auth and have disabled SSH for root.Here is my draft script: #!/bin/bash # EDIT NEXT TWO LINES and change CHANGEME to your SSH username and paste in your SSH public key _username=CHANGEME _sshpublickey='ssh-ed25519 PASTE-YOUR-RANDOM-LONG-SSH-PUBLIC-KEY-STRING-OVER-THIS' # Rereate user home directory - I tested and this is deleted on a reboot mkdir /$_username # Set home directory and assign shell cat /etc/passwd | sed -e s/$_username.*false/"$_username:x:1000:100:User description:\/$_username:\/bin\/bash"/ > /etc/passwd.1 mv /etc/passwd.1 /etc/passwd # Ensure user profile doesn't try to send you to the root homedir upon login cat /etc/profile | sed -e s/"export HOME=\/root"/"export HOME=\/\`whoami\`"/ > /etc/profile.1 mv /etc/profile.1 /etc/profile # Comment out AllowUsers line in the SSH daemon config file to allow all users to SSH in cat /etc/ssh/sshd_config | sed -e s/"AllowUsers root"/"# AllowUsers root"/ > /etc/ssh/sshd_config.1 mv /etc/ssh/sshd_config.1 /etc/ssh/sshd_config # then restart the SSH daemon /etc/rc.d/rc.sshd reload # Setup public key based auth for user - note you may need to uncomment PubkeyAuthentication line in /etc/ssh/sshd_config mkdir /$_username/.ssh echo $_sshpublickey > /$_username/.ssh/authorized_keys chmod 600 /$_username/.ssh/authorized_keys chmod 700 /$_username/.ssh chmod 750 /$_username chown -R $_username:users /$_username/You can generate a new key pair using the free PuTTYgen tool on Windows and also test logging in using WinSCP but must use SCP mode not SFTP unless you've otherwise enabled that already. PLEASE NOTE: This is only meant to be used as an emergency backup if root SSH is disabled and not intended for any other purpose but I thought I would share in case anyone else finds it useful. Edited September 7, 2025Sep 7 by manfat Added draft user script for enabling passwordless SSH using public key authentication.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.