tuxbass Posted September 22, 2020 Posted September 22, 2020 What's the _unraid way_ of turning on key-only login access to unraid host? Can see there are some set of keys in /boot/config/ssh but there's no sshd_config found under /boot to enforce their usage. Why are there keys under boot/config/ssh to begin with if they're not used? Just to be clear, the goal is to secure ssh access so no bad actor on LAN can wreak havoc. Quote
Darksurf Posted September 29, 2020 Posted September 29, 2020 Unraid needs a method to configure SSH without needing the old SSH plugin. I also want to see 2FA in SSH. Quote
tuxbass Posted October 2, 2020 Author Posted October 2, 2020 On 9/29/2020 at 7:28 PM, Darksurf said: Unraid needs a method to configure SSH without needing the old SSH plugin. I also want to see 2FA in SSH. Have you configured unraid SSH with key-only? If so, could you walk me through? Quote
Darksurf Posted October 21, 2020 Posted October 21, 2020 On 10/2/2020 at 2:58 AM, tuxbass said: Have you configured unraid SSH with key-only? If so, could you walk me through? It should be just like any other SSH config setup. /root/.ssh is a soft link to /boot/config/ssh/root/ . So inside /boot/config/ssh/root/ , create authorized_keys file via "touch authorized_keys". Then you can copy and paste your info from you local machine's .ssh/id_rsa.pub key file. Remember to use the PUBLIC key file, not the private. Quote
Fafson Posted March 23 Posted March 23 On 9/22/2020 at 10:16 AM, tuxbass said: What's the _unraid way_ of turning on key-only login access to unraid host? Can see there are some set of keys in /boot/config/ssh but there's no sshd_config found under /boot to enforce their usage. Why are there keys under boot/config/ssh to begin with if they're not used? Just to be clear, the goal is to secure ssh access so no bad actor on LAN can wreak havoc. There were two main things that I had to do to make this work across reboots: The path "/root/.ssh" is a symlink to "/boot/config/ssh/root/" -- so, any keys added to /root/.ssh/authorized_keys should persist across reboots. Copying "/etc/ssh/sshd_config" to "/boot/config/ssh/sshd_config" and only editing the copy in "/boot/config/ssh/sshd_config". This way, changes to the sshd_config file should be persistent across reboots as well. In my particular case, the actual changes I made to "/boot/config/ssh/sshd_config" were the 3 lines below (which already exist in the file; I just uncommented/changed where needed): PermitRootLogin prohibit-password PubkeyAuthentication yes PasswordAuthentication no Once the changes to "/boot/config/ssh/sshd_config" have been made, you should be able to just restart the SSH daemon via "/etc/rc.d/rc.sshd restart". There's a section in that script that copies the contents over from /boot/config/ssh/* over to /etc/ssh/* (minus directories). Search for "sshd_start" in the script to see the actual section that does this. This has worked for me & I've been using this setup for quite some time. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.