isvein Posted August 25, 2017 Share Posted August 25, 2017 Hello How can I add another user than root to be able to use ssh and be able to log in? I added another user to the ssh config, but this user is not able to log in, get disconnected by server right after successfull login. Unraid 6.3.5 Quote Link to comment
Tybio Posted August 25, 2017 Share Posted August 25, 2017 Best option I've seen to date is this: Not run it myself, but thought I'd point it out. 1 Quote Link to comment
saneguy Posted January 25, 2022 Share Posted January 25, 2022 On 8/25/2017 at 9:57 AM, Tybio said: Best option I've seen to date is this: Not run it myself, but thought I'd point it out. Thanks. This is still applicable 4 years later 🙂 Quote Link to comment
ddumont Posted February 2, 2022 Share Posted February 2, 2022 For those not wanting to use a plugin, you can add the user via the root user. Give it a home dir and shell, and then update the saved /boot/config/passwd with the one in /etc/passwd It seems that when booting, unriad turns off all shells for non root accounts, so you need to add a line in the init script to enable them again... /boot/config/go No idea how updates/upgrades will work with this... probably will blow it away. Quote Link to comment
NICONICONI Posted March 9, 2022 Share Posted March 9, 2022 /etc/passwd User Terminal update to /bin/bash Quote Link to comment
whiter Posted August 9, 2023 Share Posted August 9, 2023 I've no idea why they have made it so hard to do this. I'm the single and only user of my unraid setup and my main mode of transferring data is via rsync & SCP. I *must* be able to have a working user that is not root to have SSH access for this even when the system unexpectedly reboots. So after a bunch of trial and error I've come up with the expanded version of the /boot/config/go script below. Shared here in case it helps somebody else who's been struggling with this omission. The user 'USERNAME' was created and password set using the web GUI. All you'd need to do is change the word USERNAME to your actual, well... username, and double check the 1000:100 user:group numbers are the same for your situation. If this messes up your unraid config somehow, it's non-destructive. Reverting to default settings, because you just want to or because you messed up, is a matter of opening a terminal via the web gui or on the physical console and removing everything but the first & last line of the /boot/config/go file again. #!/bin/bash # Make homedir mkdir /USERNAME chown USERNAME:users /USERNAME # Set homedir and assign shell cat /etc/passwd | sed -e s/USERNAME.*false/"USERNAME:x:1000:100:User description:\/USERNAME:\/bin\/bash"/ > /etc/passwd.1 mv /etc/passwd.1 /etc/passwd # Ensure user profile doesn't try to send you to the root homedir upon login cat /etc/profile | sed -e s/"export HOME=\/root"/"export HOME=\/\`whoami\`"/ > /etc/profile.1 mv /etc/profile.1 /etc/profile # Allow all users to SSH in. # (Alternatively append your specific desired username after 'root', separated with a space: # i.e. "AllowUsers root USERNAME") cat /etc/ssh/sshd_config | sed -e s/"AllowUsers root"/"# AllowUsers root"/ > /etc/ssh/sshd_config.1 mv /etc/ssh/sshd_config.1 /etc/ssh/sshd_config /etc/rc.d/rc.sshd reload # Start the Management Utility /usr/local/sbin/emhttp & 1 Quote Link to comment
primeval_god Posted August 9, 2023 Share Posted August 9, 2023 11 hours ago, whiter said: I've no idea why they have made it so hard to do this. I'm the single and only user of my unraid setup and my main mode of transferring data is via rsync & SCP. I *must* be able to have a working user that is not root to have SSH access for this even when the system unexpectedly reboots. This is unRAID, it does not use linux users for permissions. The ONLY user in the convention linux sense is root. Ideally you should not have other systems SSH directly into unRAID. The better way to handle it would be with a docker container or VM running an SSH server and having access to the specific array folders required. Personally I use an LXC container for this, but that requires the LXC plugin rather than built in functionality. Quote Link to comment
ich777 Posted August 9, 2023 Share Posted August 9, 2023 3 minutes ago, primeval_god said: Personally I use an LXC container for this, but that requires the LXC plugin rather than built in functionality. Maybe someday it will be included in the base OS. 2 Quote Link to comment
primeval_god Posted August 9, 2023 Share Posted August 9, 2023 (edited) Not that there is anything wrong with using a plugin like LXC. But the tone of this discussion made me think that built-in options might be preferred. Edited August 9, 2023 by primeval_god 3 Quote Link to comment
whiter Posted August 12, 2023 Share Posted August 12, 2023 On 8/10/2023 at 1:26 AM, primeval_god said: This is unRAID, it does not use linux users for permissions. The ONLY user in the convention linux sense is root. Users created in the Unraid user interface are added to /etc/passwd. Files uploaded via an 'official' sharing mechanism like SMB honour the Linux file permissions and create new files using the user ID and group ID as assigned to the logged in user in the /etc/passwd file. Linux users for accounts other than root are very much used. Running docker, and a loading a container, is WAY overkill for a built-in core capability of the OS. I've no intention to overcomplicate things, and beef up the CPU and memory of the system hosting nothing but my backup drives, for the sake of running a basic capability that it already has but is just made extra difficult to enable. Keep It Stupid Simple. 1 Quote Link to comment
ich777 Posted August 12, 2023 Share Posted August 12, 2023 4 hours ago, whiter said: Running docker, and a loading a container, is WAY overkill for a built-in core capability of the OS. I've no intention to overcomplicate things, and beef up the CPU and memory of the system hosting nothing but my backup drives, for the sake of running a basic capability that it already has but is just made extra difficult to enable. I don't share this opinion but of course that's my opinion. I think it's more overkill what you did above but don't get me wrong that's my opinion. It always depends on what you are trying to do and to accomplish. For me it's way enough to log in as root and do stuff as root and I never want to access this from outside and even if I want to do that I can create a tunnel and do that. Quote Link to comment
iXNyNe Posted August 12, 2023 Share Posted August 12, 2023 I've recently started using tailscale and the unraid plugin for it with SSH enabled. It seems to pretty much solve both the multi-user and the open SSH port issues at once for me anyway. Specifically the multi-user aspect just means letting multiple different users login to SSH as root without giving out a password or managing keys. That might not be what everyone is looking for, but it might solve the needs for some. I also do still use the unraid connect plugin, and I wish it didn't require an open port, but it doesn't bother me enough to not use it. 1 Quote Link to comment
primeval_god Posted August 14, 2023 Share Posted August 14, 2023 On 8/12/2023 at 5:20 AM, whiter said: Users created in the Unraid user interface are added to /etc/passwd. Files uploaded via an 'official' sharing mechanism like SMB honour the Linux file permissions and create new files using the user ID and group ID as assigned to the logged in user in the /etc/passwd file. Linux users for accounts other than root are very much used. See https://docs.unraid.net/unraid-os/manual/users On 8/12/2023 at 5:20 AM, whiter said: Running docker, and a loading a container, is WAY overkill for a built-in core capability of the OS. ...and beef up the CPU and memory of the system... Its really not overkill, its the way the system is meant to be used (in unRAID that is). Containerization really doesnt have that much overhead in terms of cpu and memory usage. Its just tooling over cgroups and namespaces after all. In fact systems exist where every normal linux process is containerized (see Rancher OS) and they manage to stay performant. Admittedly the there is a bit more overhead in terms of disk usage especially with docker. And there is something to be said for the increase in complexity for those less familiar with docker and LXC, however the unRAID webui experience (and LXC plugin experience) help a lot in this area. Quote Link to comment
ChannelD Posted August 20, 2023 Share Posted August 20, 2023 (edited) Based on Whiter's contribution I have the following manual steps to set up a second user to use SSH from a Mac. I did try the edit for unRaid /boot/config/go but I ended up bricking root access so had to create a new unRaid USB (using the existing USB stick - a good exercise in itself). I to am a one user unRaid (3 day old) user with a Mac. Reason is I have numerous hundreds of Gbs Final Cut Pro projects (which contain zillions of small and large files) to move/copy to (3 day old) MacPro Unraid system. SMB is not useable, to slow, unfortunately (for the many threads on the subject here). FTP cannot get to work using the default FTP server (read_only!?!) and not able to find/setup a FTP from the app store. Here are my manual steps: Delete the unRaid user Sid if exists already root@Tower:~# useradd sid root@Tower:~# passwd sid root@Tower:~# mkdir /home/sid root@Tower:~# chown sid:users /home/sid root@Tower:~# ls -al /home. <== checking root@Tower:~# cat /etc/passwd. <== checking root@Tower:~# groupadd -r sshusers root@Tower:~# usermod -a -G sshusers root root@Tower:~# usermod -a -G sshusers sid root@Tower:~# vi /etc/ssh/sshd_config ==> add AllowUsers root sid ==> add AllowGroups schusses root@Tower:~# /usr/sbin/sshd -t. <== check the config is valid root@Tower:~# echo $? 0 <== A 0 equal all ok, non zero means fix it root@Tower:~# /etc/rc.d/rc.sshd reload Re-add unRaid Sid user Try rsync using user sid ==> rsync -avhP ssh ~/Downloads/teleport/ [email protected]:/mnt/user/unraid/teleport/ And try root user rsync -avhP ssh ~/Downloads/teleport/ [email protected]:/mnt/user/unraid/teleport/ Edited August 21, 2023 by ChannelD upper to lower case correction Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.