Maddeen Posted August 28, 2020 Share Posted August 28, 2020 (edited) Hi there, this guide provides a solution for macOS users, who want to start their VM(s) as quick and efficient as possible with a selfmade app. Thanks to @jonathanm and @testdasi for being my light in the darkness 🤪 Requirements: A Macport of the tool "Putty" (https://www.putty.org) This is only needed because of the following (related) problems: The macOS Terminal don't have the command "sshpass" and there is no way to install it unRAID is not able to handle a passwordless (via ssh-key) ssh-login without getting a master degree in development For me it was not possible to solve the riddle with uploading a pub-key in folders who are not present and - additionally - doing the necessary scripting to make sure, that the ssh-key is still present after reboots. Without this scripting the ssh-key will always be lost when restarting your server. Maybe some of the Limetech guys will provide us a simple/userfriendly WebGUI-SetUp to easily upload an ssh-public-key without all the scripting Install XCODE (AppStore-Link) Install the "Command Line Tools" via Terminal with the following command xcode-select –install Install Macports Exit Terminal and start it again This must be done, otherwise the following command will not work. Fire up the following command sudo port -v selfupdate This will update Macports and all of its contest to the latest stable version After updating is done, fire up the next command to install putty sudo port install putty Open "Script Editor.app" (Preinstalled macOS App - found at /Applications/Utilities/Script Editor.app - or simply use Spotlight ) Change the following command to your need do shell script "/opt/local/bin/plink -pw 'replace_this_with_your_passwort' root@your_unraid_ip_adress virsh start Name_of_your_VM" Example: If your password is Start123! - the IP-Adress of your unRAID server is 192.168.1.1 and the name of the VM is Windows_10_VM the correct command will be: do shell script "/opt/local/bin/plink -pw 'Start123!' [email protected] virsh start Windows_10_VM" Copy this command to the script editor.app. Select "Save as" and save it as an "App". Place the App wherever you want. Now a simple double click will start your VM without the need to open a browser, logging in or starting a (visual) terminal session. FYI -- you can customize the command to reboot/shutdown or destroy your VM just by replacing the command virsh start with one of the following: virsh reboot virsh shutdown virsh destroy --graceful Shutdown / reboot may or may not work depending on client; hence, virsh destroy to kill the VM (--graceful to at least attempt to clear cache) If you - like me - use "Quick Links" it's even better. Just set up a quick link to the builded app. In my case I just hit CMD+SHIFT+V to fire up my VM, now Edited August 28, 2020 by Maddeen Quote Link to comment
ken-ji Posted August 29, 2020 Share Posted August 29, 2020 (edited) 11 hours ago, Maddeen said: unRAID is not able to handle a passwordless (via ssh-key) ssh-login without getting a master degree in development For me it was not possible to solve the riddle with uploading a pub-key in folders who are not present and - additionally - doing the necessary scripting to make sure, that the ssh-key is still present after reboots. Without this scripting the ssh-key will always be lost when restarting your server. Maybe some of the Limetech guys will provide us a simple/userfriendly WebGUI-SetUp to easily upload an ssh-public-key without all the scripting No need to script anything. And you only need to do this once. on your mac, scp ~/.ssh/id_rsa.pub tower.local:/boot/config/ssh/root.pubkeys then ssh in Unraid sed -i~ -e 's#^AuthorizedKeysFile.*#AuthorizedKeysFile /etc/ssh/%u.pubkeys#' /etc/ssh/sshd_config cp /etc/ssh/sshd_config /boot/config/ssh/ /etc/rc.d/rc.sshd restart What this does is copy your public key into the USB, then it makes a config change to sshd to make it look for the authorized key file in /etc/ssh/root.pubkeys (the %u is expanded to the user trying to login). When the sshd server is started up, all the files from the /boot/config/ssh location is copied to /etc/ssh and permissions are set to 600 (RW by user only). So no need to add putty (unless you really want to use putty) and no need to keep the root password in plaintext inside your scripts. Edited August 29, 2020 by ken-ji 1 1 Quote Link to comment
Maddeen Posted August 29, 2020 Author Share Posted August 29, 2020 (edited) @ken-ji - Many hanks for that. I already studied your post - and the ones from the other members - HERE That's not simple for guys like me, never using Linux or ssh-commands - too much and unstructured information and outdated as well. Sadly there is no WIKI or other documentation either. That started me to think about another solution. The solution with the ssh-key was my preferred one because I'm no friend of sending passwords in plaintext and I already use ssh-key authentification with my Raspberry PI. But with a Raspberry this is quite simple and no need for special setups regarding reboots. But with unRAID I failed to understand how to make my key persistent in unRAID. So the putty solution was the only one I could handle. As a Apple user - normally - there is no need to use putty because ssh is build in macOS. Now - with your information - I'll definitely change it to the preferred ssh-key-authentification to get rid of the putty port and the 8GB XCode software as well. 😜 But to make sure, that I understand everything right - please verify my following thoughts. In all your commands there is only one parameter which's user specific, right? Quote scp ~/.ssh/id_rsa.pub tower.local:/boot/config/ssh/root.pubkeys So tower.local must be changed to the user specific IP address of the unRAID Server - e.g. 192.168.1.1 All other commands don't need any specific (regarding my personal setup) changes, right? Note: I still think, an easy WebGUI set up for persistent ssh-access via key is worth to implement it. Click Button - Browse key - upload it and all the ssh stuff you told me is done in background without any hassle for the user. Edited August 29, 2020 by Maddeen Quote Link to comment
ken-ji Posted August 29, 2020 Share Posted August 29, 2020 tower.local is the default name of an Unraid server from the Mac OS point of view. but yes. this can be replaced with the IP id_rsa.pub is the default public key file after generating with ssh-keygen This could be made into a plugin, but I'm just just a regular Unix guy, so it never occurred to me to need a UI for this. That said, an argument could be made for the User scripts plugin, which allow you to make some scripts that will run natively in Unraid, either on schedule, or on special events like startup, or on demand from the web UI and you wouldn't need to mess with SSH key authentication at all. Quote Link to comment
Maddeen Posted August 29, 2020 Author Share Posted August 29, 2020 @ken-ji mmhh there seems to be a difference between the nativ unix command and the one macOS is expecting. After using your command (changed with my specific IP) I get the following information. That also appears even if I change your "~" with the full path to the file "/Users/Maddeen/.ssh/id_rsa.pub" (not sure if it's necessary but I tried it anyway ) Quote usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file] [-J destination] [-l limit] [-o ssh_option] [-P port] [-S program] source ... target So I'm stuck again 🙂 BTW - the key was generated correctly. Your identification has been saved in /Users/Maddeen/.ssh/id_rsa. Your public key has been saved in /Users/Maddeen/.ssh/id_rsa.pub. Quote Link to comment
ken-ji Posted August 29, 2020 Share Posted August 29, 2020 Sorry I missed something, should have been scp ~/.ssh/id_rsa.pub [email protected]:/boot/config/ssh/root.pubkeys I've got my side Mac and Windows configure with ssh config that always logs into my Unraid boxes as root user so I don't need to specify them. However, the fact you are getting the usage output means there might been an unexpected argument on your command line. as the scp expects at least two options, the source and destination. And if its not working for yoou yu can always do this on your mac to copy the public key into the clipboard pbcopy < ~/.ssh/id_rsa.pub the ssh into Unraid and use vi or nano to create /boot/config/ssh/root.pubkeys and paste in the clipboard with Cmd+V Quote Link to comment
Maddeen Posted August 29, 2020 Author Share Posted August 29, 2020 @ken-ji - ok - I'm definitely to stupid to manage this with the command line. 🙈 So I connect via FileZilla (see screenshot) - left side shows the generated pub/private keys on my mac. Right side shows the remote path on my unRAID server. Can I just copy the file id_rsa.pub to the folder on the right ( /boot/config/ssh) and rename it to "root.pubkeys"? After that - if I my thoughts a correct - I just need to fire up the commands (see below) you gave me at the unraid terminal and everythings fine? sed -i~ -e 's#^AuthorizedKeysFile.*#AuthorizedKeysFile /etc/ssh/%u.pubkeys#' /etc/ssh/sshd_config cp /etc/ssh/sshd_config /boot/config/ssh/ /etc/rc.d/rc.sshd restart Quote Link to comment
ken-ji Posted August 29, 2020 Share Posted August 29, 2020 That's correct. You mentioned knowing how to do ssh with a Pi, so I assumed you were good enough with the CLI. Quote Link to comment
Maddeen Posted August 30, 2020 Author Share Posted August 30, 2020 (edited) 😂 yes - I've done it with a Pi - but with a guide as well 🙈 Anyway - it works!!! Now I'll just need to change my "App" to work and everythings fine. But I'm very optimistic that I can do it without further assistance. Thank you so much @ken-ji for providing me this even more efficient solution without sending my password in plaintext. Have a nice sunday! Edited August 30, 2020 by Maddeen Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.