tarataqa Posted November 18, 2010 Share Posted November 18, 2010 I'm currently using rsync on a LAN to backup files from a Windows box to the UNRAID 4.5.6 server. With my current plain setup, only the root user can sync and requires a password typed in. What I want to do is setup a non-root user and use rsync with ssh keys to allow the user to remotely start an instance of ssh and rsync files over the internet to the UNRAID with an automated batch file without typing in a password or passphrase. I guess I don't understand how unraid users and ssh users work. It looks like I need to modify /boot/config/etc/ssh/sshd_config. Does anyone have a great unraid-friendly config example they recommend that I can look at? Thanks in advance! Quote Link to comment
tarataqa Posted November 27, 2010 Author Share Posted November 27, 2010 Wow, I didn't think I was doing something no one else has ever done...so I went and solved it myself. Here is my solution for anyone else who wants to do it.(there's probably a more graceful way to do it) UnRaid users you make in the UnRaid web GUI can't ssh or telnet into UnRaid. This is because when UnRaid makes the user they have the default shell set to " /bin/false " You can change this by telneting in as root and typing " usermod -s/bin/bash <username> " To save your changes, copy " /etc/passwd " to " /flash/config/passwd " But I looked in the default passwd file and saw " operator::11:0:operator:/root:/bin/bash " (that's a colon-separated list of username, password, userID, groupID, description, home dir, default shell) so I just decided to use operator since it was not the root user, but was still a member of group root. Telnetted in as operator and made the backup folders so I wouldn't have permission trouble later. EDIT: I skipped an important step. Since unRAID defaults the mounted disk shares to "700" permissions, you need to allow Group RWX permissions on whatever disk you use (e.g. disk7) " chmod 770 /mnt/disk7 " " mkdir /mnt/disk7/My_Backups/<each folder for my Windows machines> " Installed cwrsync client on all my Windows machines. Generated ssh key without passphrase " ssh-keygen -t rsa -b 2048" naming the keyfile "ssh_operator_key ". (the name required ssh* and *key* for the other scripts) This made ssh_operator_key and ssh_operator_key.pub. Put the .pub one in " /flash/custom/etc/ssh/ " and put the other one in " c:\program files\cwrsync\ " I thought this would be the last step of the keys, but it seems linux also wants all pub key file contents in another file named authorized_keys per frigging user! Ran " cat ssh_operator_key.pub >> $HOME/.ssh/authorized_keys " and copied it to " /flash/custom/etc/ssh/authorized_keys " so it's available every boot-time. Then I needed to add this authorized_keys file to the auto_install copying: Edited file " /flash/packages/openssh-5.1p1-i486-1.tgz.auto_install " Changed the 2nd THEN to be: "# public key for root mkdir /root/.ssh cp /boot/custom/etc/ssh/authorized_keys /root/.ssh mkdir /etc/ssh 2>/dev/null cp --preserve=timestamps /boot/custom/etc/ssh/ssh*key* /etc/ssh 2>/dev/null cp --preserve=timestamps /boot/custom/etc/ssh/sshd_config /etc/ssh 2>/dev/null chmod 600 /etc/ssh/ssh*key*" Copied sshd_config file to " /flash/custom/etc/ssh/ " too. Here are the changes I made to sshd_config : LoginGraceTime 30 PermitRootLogin no MaxAuthTries 2 MaxSessions 2 PasswordAuthentication no PermitEmptyPasswords yes Example of my backup.cmd file for backing desktop's d: drive to my unraid server (named UNRAID) " rsync -aP --stats -e "ssh -i ssh_operator_key" --delete --exclude "pagefile.sys" /cygdrive/d/ operator@UNRAID:/mnt/disk7/My_Backups/Windows_d_drive/ " For over the Internet, use your router to forward internal port 22 to another port (like 2222). Exposing port22 will get too much attention from hacker bots.(trust me) " rsync -zaP --stats -e "ssh -p 2222 -i ssh_operator_key" --delete --exclude "pagefile.sys" /cygdrive/d/ [email protected]:/mnt/disk7/My_Backups/Windows_d_drive/ " PS I did have to give operator a password for this to work smoothly, but when using the key, it'll never ask for it. Quote Link to comment
defected07 Posted May 1, 2011 Share Posted May 1, 2011 Thank you for this. Wanted to login in with non-root user, without a password, and this is exactly that. However, in this part: Then I needed to add this authorized_keys file to the auto_install copying: Edited file "/flash/packages/openssh-5.1p1-i486-1.tgz.auto_install" Changed the 2nd THEN to be: "# public key for root mkdir /root/.ssh cp /boot/custom/etc/ssh/authorized_keys /root/.ssh mkdir /etc/ssh 2>/dev/null cp --preserve=timestamps /boot/custom/etc/ssh/ssh*key* /etc/ssh 2>/dev/null cp --preserve=timestamps /boot/custom/etc/ssh/sshd_config /etc/ssh 2>/dev/null chmod 600 /etc/ssh/ssh*key*" Wouldn't you make a directory in your $HOME directory (/home/operator/.ssh), and put the authroized_keys file there, and not /root/.ssh)? I'll try it with a /home/user directory and see how it goes. Quote Link to comment
defected07 Posted May 4, 2011 Share Posted May 4, 2011 I created a user, defected07, for my shares, and modified the passwd file to change /bin/false to /bin/bash. Also, I added commands in the sshd_config file to create that home directory and .ssh folder within it, when sshd is started. So it's very close to your sshd_config file, but I created a home directory for the user logging in and to put the authorized_keys file--not in the /root folder. Quote Link to comment
silverfox Posted April 25, 2012 Share Posted April 25, 2012 defected07, how you added the config to creat home directory to ur user every reboot? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.