If you have to login to your NAS frequently, you might want to automate this process a little. One of the functions of openssh is the authentication via Private/Public-Key, which will be described for the user ”root” in the following tutorial. Of course you can adapt this tutorial to other users.
Changing the home of the user
By default, the home directory of the user ”root” is set to
/home, which is located in the internal flash-memory. This memory is deleted every time the device is rebooted. Thus the home-directory of the root-user should be used to the directory of ffp.
mkdir -p /ffp/home/root/ usermod -d /ffp/home/root/ root store-passwd.sh
You need to repeat the last two steps every time your firmware gets upgraded.
Generating the keypair
mkdir /ffp/home/root/.ssh cd /ffp/home/root/.ssh
There are now two choices for the key. You can either have a password (which can automatically be entered by
PuttY Pageant) or no password. Both ways are described below and will generate two files named
keypair.pub which contain the private and public key needed for the authentication:
- Without Password
ssh-keygen -f keypair -C 'Generated by nas-tweaks.net' -t rsa -q
- With Password
ssh-keygen -f keypair -C 'Generated by nas-tweaks.net' -N '' -t rsa -q
Activating authorized_keys in SSH
/ffp/etc/ssh/sshd_config and search for the following line:
And remove the comment:
Moving the generated keys to
touch authorized_keys chmod 600 authorized_keys cat keypair.pub >> authorized_keys
Adding the private Key to the client
To copy the private keyfile to the client, you can choose between different ways depending on the available OS and programs.
Download and install WinSCP and connect to your NAS-Device. Copy the File
~/.ssh/keypairto the client into a secure location.
On the NAS-Device enter the following command with your credentials to copy the key to the client ”remote-system”:
cat ~/.ssh/keypair | ssh user@remote-system 'umask 077; cat >>~/.ssh/authorized_keys'