Making changes to unRAID Linux config on boot


Recommended Posts

Hi all,

 

In follow up to a post the other day, I made a bunch of changes to the sshd configuration that I lost when the system rebooted.  That's OK - I know why.

 

I ended up making the changes I need via the /boot/config/go script and thought they may be useful for anyone else that wants to secure sshd like I have.

 

- no password auth allowed

- public key auth enabled

- root user .ssh directory created

- root user authorized_keys file created

- correct permissions on the root user's authorized_keys file

 

If there's a better/approved way to make startup changes like this, I'm definitely interested in knowing.  :) 

 

#!/bin/bash
#Setup sshd configuration
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
echo "<your_public_key_here>" | tee -a /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
sed -i -- 's/#.*PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i -- 's/#.*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
/etc/rc.d/rc.sshd restart
#Setup drivers for hardware transcoding in Plex
modprobe i915
chmod -R 777 /dev/dri
# Start the Management Utility
/usr/local/sbin/emhttp &

 

 

Link to comment

You're making it really hard on yourself. :D

sed -i -- 's/#.*PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i -- 's/#.*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
/etc/rc.d/rc.sshd restart

No need for these lines, you can either install the @docgyver ssh plugin (not using it so so not sure about the authorized keys installation)

or alternatively - just modify config/ssh/sshd_config on the flash drive

Link to comment
5 hours ago, ken-ji said:

You're making it really hard on yourself. :D


sed -i -- 's/#.*PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i -- 's/#.*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
/etc/rc.d/rc.sshd restart

No need for these lines, you can either install the @docgyver ssh plugin (not using it so so not sure about the authorized keys installation)

or alternatively - just modify config/ssh/sshd_config on the flash drive

 

I actually looked for a default version of sshd_config but couldn't find one.  It's why I ended up doing it this way.

 

Should there be an sshd_config in /boot/config/ssh?  Mine only has host keys.

 

Edit: In any case, it's a good learning experience (I'm very familiar with Linux, but very new to unRAID).

 

Edit: The plugin referenced above essentially does what the script changes above do (but with more options, obviously).

Edited by digitalformula
Link to comment

I kinda forgot, but you copy /etc/ssh/sshd_config to /boot/config/ssh and edit that copy. when ssh is re/started the files from /boot/config/ssh are copied to /etc/ssh and permissions are reset. the aforementioned plugin does allow a few other common options to be set and gives you a UI to restart the SSH daemon.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.