If you have to login to your NAS frequently, you might want to automate this process a little. One of the functions of openssh is the authentication via Private/Public-Key, which will be described for the user ”root” in the following tutorial. Of course you can adapt this tutorial to other users.
Changing the home of the user
By default, the home directory of the user ”root” is set to /home
, which is located in the internal flash-memory. This memory is deleted every time the device is rebooted. Thus the home-directory of the root-user should be used to the directory of ffp.
mkdir -p /ffp/home/root/ usermod -d /ffp/home/root/ root store-passwd.sh
You need to repeat the last two steps every time your firmware gets upgraded.
Generating the keypair
mkdir /ffp/home/root/.ssh cd /ffp/home/root/.ssh
There are now two choices for the key. You can either have a password (which can automatically be entered by ssh-agent
or PuttY Pageant
) or no password. Both ways are described below and will generate two files named keypair
and keypair.pub
which contain the private and public key needed for the authentication:
- Without Password
ssh-keygen -f keypair -C 'Generated by nas-tweaks.net' -t rsa -q
- With Password
ssh-keygen -f keypair -C 'Generated by nas-tweaks.net' -N '' -t rsa -q
Activating authorized_keys in SSH
Open /ffp/etc/ssh/sshd_config
and search for the following line:
#PubkeyAuthentication yes
And remove the comment:
PubkeyAuthentication yes
Moving the generated keys to authorized_keys
touch authorized_keys chmod 600 authorized_keys cat keypair.pub >> authorized_keys
Adding the private Key to the client
To copy the private keyfile to the client, you can choose between different ways depending on the available OS and programs.
- Windows
Download and install WinSCP and connect to your NAS-Device. Copy the File~/.ssh/keypair
to the client into a secure location. - Linux
On the NAS-Device enter the following command with your credentials to copy the key to the client ”remote-system”:cat ~/.ssh/keypair | ssh user@remote-system 'umask 077; cat >>~/.ssh/authorized_keys'