Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Trouble configuring sshd and users for rsync using ssh keys

Featured Replies

I'm currently using rsync on a LAN to backup files from a Windows box to the UNRAID 4.5.6 server. With my current plain setup, only the root user can sync and requires a password typed in.

 

What I want to do is setup a non-root user and use rsync with ssh keys to allow the user to remotely start an instance of ssh and rsync files over the internet to the UNRAID with an automated batch file without typing in a password or passphrase.

 

I guess I don't understand how unraid users and ssh users work. It looks like I need to modify /boot/config/etc/ssh/sshd_config. Does anyone have a great unraid-friendly config example they recommend that I can look at?

 

Thanks in advance!

  • 2 weeks later...
  • Author

Wow, I didn't think I was doing something no one else has ever done...so I went and solved it myself.

Here is my solution for anyone else who wants to do it.(there's probably a more graceful way to do it)

 

UnRaid users you make in the UnRaid web GUI can't ssh or telnet into UnRaid. This is because when UnRaid makes the user they have the default shell set to "

/bin/false

"

You can change this by telneting in as root and typing "

usermod -s/bin/bash <username>

"

To save your changes, copy "

/etc/passwd

" to "

/flash/config/passwd

"

 

But I looked in the default passwd file and saw "

operator::11:0:operator:/root:/bin/bash

"  (that's a colon-separated list of username, password, userID, groupID, description, home dir, default shell)

so I just decided to use operator since it was not the root user, but was still a member of group root.

 

Telnetted in as operator and made the backup folders so I wouldn't have permission trouble later.

 

EDIT: I skipped an important step. Since unRAID defaults the mounted disk shares to "700" permissions, you need to allow Group RWX permissions on whatever disk you use (e.g. disk7)

"

chmod 770 /mnt/disk7

"

 

"

mkdir /mnt/disk7/My_Backups/<each folder for my Windows machines>

"

 

Installed cwrsync client on all my Windows machines.

 

Generated ssh key without passphrase "

ssh-keygen -t rsa -b 2048" naming the keyfile "ssh_operator_key

". (the name required ssh* and *key* for the other scripts)

This made ssh_operator_key and ssh_operator_key.pub. Put the .pub one in "

/flash/custom/etc/ssh/

" and put the other one in "

c:\program files\cwrsync\

"

 

I thought this would be the last step of the keys, but it seems linux also wants all pub key file contents in another file named authorized_keys per frigging user!

Ran "

cat ssh_operator_key.pub >> $HOME/.ssh/authorized_keys

" and copied it to "

/flash/custom/etc/ssh/authorized_keys

" so it's available every boot-time.

 

Then I needed to add this authorized_keys file to the auto_install copying:

Edited file "

/flash/packages/openssh-5.1p1-i486-1.tgz.auto_install

"

Changed the 2nd THEN to be:

"# public key for root

mkdir /root/.ssh

cp /boot/custom/etc/ssh/authorized_keys /root/.ssh

mkdir /etc/ssh 2>/dev/null

cp --preserve=timestamps /boot/custom/etc/ssh/ssh*key* /etc/ssh 2>/dev/null

cp --preserve=timestamps /boot/custom/etc/ssh/sshd_config /etc/ssh 2>/dev/null

chmod 600 /etc/ssh/ssh*key*"

 

Copied sshd_config file to "

/flash/custom/etc/ssh/

" too.

Here are the changes I made to sshd_config :

LoginGraceTime 30

PermitRootLogin no

MaxAuthTries 2

MaxSessions 2

PasswordAuthentication no

PermitEmptyPasswords yes

 

 

Example of my backup.cmd file for backing desktop's d: drive to my unraid server (named UNRAID)

"

rsync -aP --stats -e "ssh -i ssh_operator_key" --delete --exclude "pagefile.sys" /cygdrive/d/ operator@UNRAID:/mnt/disk7/My_Backups/Windows_d_drive/

"

 

For over the Internet, use your router to forward internal port 22 to another port (like 2222). Exposing port22 will get too much attention from hacker bots.(trust me)

"

rsync -zaP --stats -e "ssh -p 2222 -i ssh_operator_key" --delete --exclude "pagefile.sys" /cygdrive/d/ [email protected]:/mnt/disk7/My_Backups/Windows_d_drive/

"

 

PS I did have to give operator a password for this to work smoothly, but when using the key, it'll never ask for it.

  • 5 months later...

Thank you for this.  Wanted to login in with non-root user, without a password, and this is exactly that.

 

However, in this part:

 

Then I needed to add this authorized_keys file to the auto_install copying:

Edited file "/flash/packages/openssh-5.1p1-i486-1.tgz.auto_install"

Changed the 2nd THEN to be:

"# public key for root

mkdir /root/.ssh

cp /boot/custom/etc/ssh/authorized_keys /root/.ssh

mkdir /etc/ssh 2>/dev/null

cp --preserve=timestamps /boot/custom/etc/ssh/ssh*key* /etc/ssh 2>/dev/null

cp --preserve=timestamps /boot/custom/etc/ssh/sshd_config /etc/ssh 2>/dev/null

chmod 600 /etc/ssh/ssh*key*"

 

Wouldn't you make a directory in your $HOME directory (/home/operator/.ssh), and put the authroized_keys file there, and not /root/.ssh)?

 

I'll try it with a /home/user directory and see how it goes.

I created a user, defected07, for my shares, and modified the passwd file to change /bin/false to /bin/bash.  Also, I added commands in the sshd_config file to create that home directory and .ssh folder within it, when sshd is started.  So it's very close to your sshd_config file, but I created a home directory for the user logging in and to put the authorized_keys file--not in the /root folder.

 

 

  • 11 months later...

defected07, how you added the config to creat home directory to ur user every reboot?

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.