January 14, 20206 yr Hello, So i've setup my Remote Desktop Manager (which is a wonderful windows program by the way to keep all my remote stuff in one place) to run a cmd plink script that ssh's into my unraid installation and starts the Krusader docker container. Then after 5 seconds has passed it initiates the actual vnc connection to the now started docked container. When i exit the vnc connection it sends another cmd plink command to stop the Krusader container. This all works fine, but i have to pass the password in clear text using plink and i use the root login which feels bad. My question to you is: How do i setup a user that i can ssh in to unraid with that ONLY has permission to stop/start manage the docker containers and not the rest of the unraid installation? I would rather use a limited user that only has these privileges than using the root account. Any ideas? Thank you.
January 14, 20206 yr I do not believe that is possible to do this in any easy way at the moment as Unraid does not have users in the traditional Linux sense. As a result ‘root’ is the only one who can ssh in as standard. Making parts of the Unraid GUI accessible to non-privileged users is I believe a roadmap item, but as to any ETA I have no idea.
January 14, 20206 yr Author 4 minutes ago, itimpi said: I do not believe that is possible to do this in any easy way at the moment as Unraid does not have users in the traditional Linux sense. As a result ‘root’ is the only one who can ssh in as standard. Making parts of the Unraid GUI accessible to non-privileged users is I believe a roadmap item, but as to any ETA I have no idea. alright thanks for the information, would be cool to have that on the roadmap for future features... i am not fully exposed as the rdm encrypts all the data it stores and i only initiate any traffic to the unraid installation on the LAN so i should be fine for now.
January 14, 20206 yr While in no way addressing your actual request, I have a suggestion to further secure your remote file management procedure. Set up a second instance of krusader, this one set with NO mappings, so the only access is inside the krusader container. Set it to auto start, and change your script to shut down the no mapping version and start your mapped version, reversing on exit. That way if someone is poking around they can find the file manager with no real way to damage anything, and your real container won't start because of the port clash. Kind of a modified port knocking type of approach to security.
January 14, 20206 yr Author 1 hour ago, jonathanm said: While in no way addressing your actual request, I have a suggestion to further secure your remote file management procedure. Set up a second instance of krusader, this one set with NO mappings, so the only access is inside the krusader container. Set it to auto start, and change your script to shut down the no mapping version and start your mapped version, reversing on exit. That way if someone is poking around they can find the file manager with no real way to damage anything, and your real container won't start because of the port clash. Kind of a modified port knocking type of approach to security. that's not a terrible idea, thanks for the tip!
Archived
This topic is now archived and is closed to further replies.