eagle470 Posted April 12, 2019 Share Posted April 12, 2019 I am attempting to set my system up to be more secure and I would like to enforce non-root ssh. As such as I have three users created and when I try to SSH with any of them, the session connects and immediately closes. After some reading it APPEARS this is because those users don't have more directories, but I can figure out how to assign a home directory in unraid. Maybe I'm going about this the wrong way, but google has not been terribly helpful. Thanks! Quote Link to comment
JonathanM Posted April 12, 2019 Share Posted April 12, 2019 Unraid is not designed to use anything but root for console access. If you wish to force it to work with other users, it will be an uphill battle. Not impossible, but you will need to educate yourself on how unraid is set up so you can apply your modifications at every boot. Unraid is extracted into RAM and runs fresh each boot, so OS mods are not persistent by default. Quote Link to comment
eagle470 Posted April 12, 2019 Author Share Posted April 12, 2019 this is concerning vulnerability to leave that door cracked.... Outside that could this impact FTP/SFTP users as well? Quote Link to comment
JonathanM Posted April 12, 2019 Share Posted April 12, 2019 17 minutes ago, eagle470 said: this is concerning vulnerability to leave that door cracked.... Outside that could this impact FTP/SFTP users as well? Yes. Unraid is not designed to be exposed to the internet directly, all access must come through an external firewall with only the bare needed ports exposed. Do not expose any of the management interfaces or ssh or heaven forbid telnet ports. If you need management access remotely, set up a VPN. Quote Link to comment
eagle470 Posted April 12, 2019 Author Share Posted April 12, 2019 I'd like to expose an FTP over TLS site to the internet with the deny SSH and SSH plugins configured. Additionally, VPN isn't always an option and I'd like to set it up to expose a VNC server to the internet, thats a bit bigger of a dream, but still there. Quote Link to comment
eagle470 Posted April 12, 2019 Author Share Posted April 12, 2019 (edited) this was actually pretty easy to figure out once I found the adduser/moduser commands. I ran the following commands AFTER creating a user through the GUI: #Create the home directory first (this needs to be somewhere other than "/home" for persistance, I will use Disk 1 (this is only available if the array is started #Technically this is not required, but you don't really want to be dropped right into "/" upon logon, though this is what will happen if the array is not started. mkdir /mnt/disk1/%USERNAME% #Here we bind the user account to the home directory by specifying the location created in the last command and then the account name, this binding will persist across reboots, but the directory may not always be available. usermod -d /mnt/disk1/%USERNAME% %USERNAME% #Lastly we need to set a shell usermod -s /bin/bash %USERNAME% *To make the shell persistent you need to go to /boot/config and edit the user account under the passwd file to reflect the correct shell Edited April 12, 2019 by eagle470 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.