Jump to content

Making changes to unRAID Linux config on boot

digitalformula
in Lounge

Featured Replies

Posted

Hi all,

 

In follow up to a post the other day, I made a bunch of changes to the sshd configuration that I lost when the system rebooted.  That's OK - I know why.

 

I ended up making the changes I need via the /boot/config/go script and thought they may be useful for anyone else that wants to secure sshd like I have.

 

- no password auth allowed

- public key auth enabled

- root user .ssh directory created

- root user authorized_keys file created

- correct permissions on the root user's authorized_keys file

 

If there's a better/approved way to make startup changes like this, I'm definitely interested in knowing.  :) 

  

#!/bin/bash
#Setup sshd configuration
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
echo "<your_public_key_here>" | tee -a /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
sed -i -- 's/#.*PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i -- 's/#.*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
/etc/rc.d/rc.sshd restart
#Setup drivers for hardware transcoding in Plex
modprobe i915
chmod -R 777 /dev/dri
# Start the Management Utility
/usr/local/sbin/emhttp &

 

 

  • Quote

    You're making it really hard on yourself. :D 

    sed -i -- 's/#.*PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i -- 's/#.*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
/etc/rc.d/rc.sshd restart

    No need for these lines, you can either install the @docgyver ssh plugin (not using it so so not sure about the authorized keys installation)

    or alternatively - just modify config/ssh/sshd_config on the flash drive

  • Quote
    • Author
    5 hours ago, ken-ji said:

    You're making it really hard on yourself. :D 

    
sed -i -- 's/#.*PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i -- 's/#.*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
/etc/rc.d/rc.sshd restart

    No need for these lines, you can either install the @docgyver ssh plugin (not using it so so not sure about the authorized keys installation)

    or alternatively - just modify config/ssh/sshd_config on the flash drive

     

    I actually looked for a default version of sshd_config but couldn't find one.  It's why I ended up doing it this way.

     

    Should there be an sshd_config in /boot/config/ssh?  Mine only has host keys.

     

    Edit: In any case, it's a good learning experience (I'm very familiar with Linux, but very new to unRAID).

     

    Edit: The plugin referenced above essentially does what the script changes above do (but with more options, obviously).

    Edited by digitalformula

  • Quote

    I kinda forgot, but you copy /etc/ssh/sshd_config to /boot/config/ssh and edit that copy. when ssh is re/started the files from /boot/config/ssh are copied to /etc/ssh and permissions are reset. the aforementioned plugin does allow a few other common options to be set and gives you a UI to restart the SSH daemon.

  • Quote

    • Archived

    This topic is now archived and is closed to further replies.

    Go to topic listing