OpenSSH – Nas-Tweaks.net

If you have to login to your NAS frequently, you might want to automate this process a little. One of the functions of openssh is the authentication via Private/Public-Key, which will be described for the user ”root” in the following tutorial. Of course you can adapt this tutorial to other users.

Changing the home of the user
By default, the home directory of the user ”root” is set to /home, which is located in the internal flash-memory. This memory is deleted every time the device is rebooted. Thus the home-directory of the root-user should be used to the directory of ffp.

mkdir -p /ffp/home/root/
usermod -d /ffp/home/root/ root
store-passwd.sh

You need to repeat the last two steps every time your firmware gets upgraded.

Generating the keypair

mkdir /ffp/home/root/.ssh
cd /ffp/home/root/.ssh

There are now two choices for the key. You can either have a password (which can automatically be entered by ssh-agent or PuttY Pageant) or no password. Both ways are described below and will generate two files named keypair and keypair.pub which contain the private and public key needed for the authentication:

Without Password

ssh-keygen -f keypair -C 'Generated by nas-tweaks.net' -t rsa -q

With Password

ssh-keygen -f keypair -C 'Generated by nas-tweaks.net' -N '' -t rsa -q

Activating authorized_keys in SSH
Open /ffp/etc/ssh/sshd_config and search for the following line:

#PubkeyAuthentication yes

And remove the comment:

PubkeyAuthentication yes

Moving the generated keys to authorized_keys

touch authorized_keys
chmod 600 authorized_keys
cat keypair.pub >> authorized_keys

Adding the private Key to the client
To copy the private keyfile to the client, you can choose between different ways depending on the available OS and programs.

Windows
Download and install WinSCP and connect to your NAS-Device. Copy the File ~/.ssh/keypair to the client into a secure location.
Linux
On the NAS-Device enter the following command with your credentials to copy the key to the client ”remote-system”:
cat ~/.ssh/keypair | ssh user@remote-system 'umask 077; cat >>~/.ssh/authorized_keys'

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tag: OpenSSH

Private-Public-Key-Authentication with OpenSSH in ffp