[HOW-TO] Install Optware/OpenSSH as default SSHd Server

Discussion on setting up QNAP NAS products.
Post Reply
filovirus
Getting the hang of things
Posts: 76
Joined: Wed Oct 06, 2010 10:55 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by filovirus »

Okay, thank you for helping me. I could not own this product without it.
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
filovirus
Getting the hang of things
Posts: 76
Joined: Wed Oct 06, 2010 10:55 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by filovirus »

I have openSSH setup on port 22 with the QNAP backup admin only ssh on 12121. I can ssh into the qnap on port 22 without requiring a password. So far so good. I can also rsync folders from my iMac to my qnap without requiring a password.

When I try to test SSH back to the iMac from the QNAP (local iMac -> QNAP -> back to iMac), I am repeatedly prompted for my passphrase. I guess I don't understand why it keeps asking. I would be better off using password authentication since the passphrase is long!

Code: Select all

[admin@parrotfish ~]# ssh xxxxx@imac
Enter passphrase for key '/share/homes/admin/.ssh/id_rsa':
Forgive me if I haven't provided enough information. I am not sure how to wrap my head around this.
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by pwilson »

filovirus wrote:I have openSSH setup on port 22 with the QNAP backup admin only ssh on 12121. I can ssh into the qnap on port 22 without requiring a password. So far so good. I can also rsync folders from my iMac to my qnap without requiring a password.

When I try to test SSH back to the iMac from the QNAP (local iMac -> QNAP -> back to iMac), I am repeatedly prompted for my passphrase. I guess I don't understand why it keeps asking. I would be better off using password authentication since the passphrase is long!

Code: Select all

[admin@parrotfish ~]# ssh xxxxx@imac
Enter passphrase for key '/share/homes/admin/.ssh/id_rsa':
Forgive me if I haven't provided enough information. I am not sure how to wrap my head around this.
Re-create your "/share/homes/admin/.ssh/id_rsa" keys, but this time don't create a "passphrase". If you specify a "passcode" (paraphrase) when you "create" the key, you need to specify this same "passcode" everytime you use the key. If you don't create one, then your iMac won't prompt for it.

Doing this will create "new" keys, so you will need to re-share the "public" keys between your iMac and your NAS, or it won't work at all. (This is why we recommend not installing keys on the QNAP SSHd server. Setup your QNAP SSHd server on Port 12121/TCP to work without keys. Simply don't Port-Formward 12121/TCP in your Router, to prevent remote access to the QNAP one). You can then leave OpenSSH installed on port 22/TCP with keys in place. This will permit you to access your NAS via SSH on port 12121/TCP as "admin" only from "inside" your network, but permit anyone to access OpenSSH (on port 22/TCP) if they use "authorized keys" to do so.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
filovirus
Getting the hang of things
Posts: 76
Joined: Wed Oct 06, 2010 10:55 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by filovirus »

Thank you Patrick. Have a great day.
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
User avatar
jmcox
New here
Posts: 4
Joined: Mon Nov 03, 2014 7:05 am
Location: North Carolina, USA

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by jmcox »

Hi Mr. Wilson,

Last week, my new TS-453-Pro was delivered. Yea!

I quickly discovered the bug in the QNAP os where admin is logged in to /root and all previous settings are overwritten on reboot.

Thank you for this guide on how to install a second SSH server to get around the bug.

I do have one suggestion for a minor update to the instructions that might save others some time when performing this update. The wiki page you refer to, How To Set Up Authorized Keys says to copy the computer's public key into the NAS's /etc/config/ssh/authorized_keys file. If you already pointed this out, I must have missed it, but I think you might want to add a note saying to copy or move the authorized_keys file into /share/homes/admin/.ssh/authorized_keys to avoid "Server refused our key" errors when trying to log on to port 22.

The /etc/config/ssh location is where the QNAP ssh server looks for keys. Adding the key there allows authenticated ssh login through port 12121, but not port 22.

It took the better part of a day for me to figure this out, but all in all your instructions saved me a couple of weeks figuring out my own work around, so it's all good! :D
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by pwilson »

jmcox wrote:Hi Mr. Wilson,

Last week, my new TS-453-Pro was delivered. Yea!

I quickly discovered the bug in the QNAP os where admin is logged in to /root and all previous settings are overwritten on reboot.

Thank you for this guide on how to install a second SSH server to get around the bug.

I do have one suggestion for a minor update to the instructions that might save others some time when performing this update. The wiki page you refer to, How To Set Up Authorized Keys says to copy the computer's public key into the NAS's /etc/config/ssh/authorized_keys file. If you already pointed this out, I must have missed it, but I think you might want to add a note saying to copy or move the authorized_keys file into /share/homes/admin/.ssh/authorized_keys to avoid "Server refused our key" errors when trying to log on to port 22.

The /etc/config/ssh location is where the QNAP ssh server looks for keys. Adding the key there allows authenticated ssh login through port 12121, but not port 22.

It took the better part of a day for me to figure this out, but all in all your instructions saved me a couple of weeks figuring out my own work around, so it's all good! :D
Actually I only came up this keys solution recently while trying to help someone else. I wasn't using keys with the QNAP SSHd server here, as I keep it around only as an emergency "backdoor" to access my NAS from my internal network. For my day-to-day operations, I use OpenSSH, and the keys in /share/homes/admin/.ssh.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
User avatar
jmcox
New here
Posts: 4
Joined: Mon Nov 03, 2014 7:05 am
Location: North Carolina, USA

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by jmcox »

pwilson wrote: Actually I only came up this keys solution recently while trying to help someone else. I wasn't using keys with the QNAP SSHd server here, as I keep it around only as an emergency "backdoor" to access my NAS from my internal network. For my day-to-day operations, I use OpenSSH, and the keys in /share/homes/admin/.ssh.
Yes, I'm trying to do the same thing, use OpenSSH for day-to-day operations (thus avoiding the admin /root folder bug) and leave the untouched QNAP SSHd server as a backup access method, available only from my LAN.

The step missing from the instructions that would help reach this goal is the step where the keys are moved into /share/homes/admin/.ssh. The instructions defer to How To Set Up Authorized Keys to tell the user how to set up the keys, and those instructions leave the keys in /etc/config/ssh, the location used by the QNAP SSHd server, not the OpenSSH server.

I just thought it might make the instructions a little clearer for other forum readers (like me) whose ssh skills might be lacking, to add a statement to the effect that the authorized_key file needs to be moved to /share/homes/admin/.ssh after it is created in order for the OpenSSH server to work correctly.
woody100
Starting out
Posts: 18
Joined: Mon Jun 13, 2011 4:16 am

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by woody100 »

Hi.

I'm hoping someone can help me upgrade/ uninstall openssh...

I recently installed (via Ipkg) openssh on my 'test' NAS (a 109 Pro).
It reports version details as:
OpenSSH_4.6p1, OpenSSL 0.9.7a Feb 19 2003

How do I upgrade it to a suitably current version of openssh as this appears to be back a few versions?
I've assumed it's not as simple as downloading v6.7 from the openssh site as I would assume that would rather negate the need to use the ipkg version in the first place.


The background detail:
Before I'd read this thread, I followed the instructions to add openssh to my NAS as outlined in the Qnap wike page http://wiki.qnap.com/wiki/How_To_Replac ... th_OpenSSH (seems to have been a bad idea).

This uses the same install routine as this thread (ipkg install openssh). However it means I've not installed it alongside my QNAP provided version of ssh but knocked out the QNAP version.

In an attempt to back the changes out, I've:
- removed the changes made to '/tmp/config/autorun.sh',
- 'successfully' run the command 'ipkg remove openssh'
- rebooted.

Despite this, ssh works absolutely fine and continues to show it's the old openssh version (and moved to port 12121 as per this thread).

output from ps -ef |grep ssh shows:
1608 admin 1572 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 12121
1871 admin 1940 S sshd: admin@pts/0
1880 admin 256 R grep ssh


Like a lot of things, when I know what the answer is, it'll be obvious and I'll wonder why I didn't think of it.

Many thanks in advance.

Nigel.
NAS models: TS 109 Pro & TS119P+
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by pwilson »

woody100 wrote:Hi.

I'm hoping someone can help me upgrade/ uninstall openssh...

I recently installed (via Ipkg) openssh on my 'test' NAS (a 109 Pro).
It reports version details as:
OpenSSH_4.6p1, OpenSSL 0.9.7a Feb 19 2003

How do I upgrade it to a suitably current version of openssh as this appears to be back a few versions?
I've assumed it's not as simple as downloading v6.7 from the openssh site as I would assume that would rather negate the need to use the ipkg version in the first place.


The background detail:
Before I'd read this thread, I followed the instructions to add openssh to my NAS as outlined in the Qnap wike page http://wiki.qnap.com/wiki/How_To_Replac ... th_OpenSSH (seems to have been a bad idea).

This uses the same install routine as this thread (ipkg install openssh). However it means I've not installed it alongside my QNAP provided version of ssh but knocked out the QNAP version.

In an attempt to back the changes out, I've:
- removed the changes made to '/tmp/config/autorun.sh',
- 'successfully' run the command 'ipkg remove openssh'
- rebooted.

Despite this, ssh works absolutely fine and continues to show it's the old openssh version (and moved to port 12121 as per this thread).

output from ps -ef |grep ssh shows:
1608 admin 1572 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 12121
1871 admin 1940 S sshd: admin@pts/0
1880 admin 256 R grep ssh


Like a lot of things, when I know what the answer is, it'll be obvious and I'll wonder why I didn't think of it.

Many thanks in advance.

Nigel.
You have already moved the QNAP one (/usr/sbin/sshd) to Port 12121/TCP as suggested in this thread. You can still install OpenSSH via Optware, and it will operate on port 22/TCP (the default SSHd port).

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
woody100
Starting out
Posts: 18
Joined: Mon Jun 13, 2011 4:16 am

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by woody100 »

Hi.
Thanks for the response, it is really appreciated as I can see I'm (more than slightly) out of my depth at this point.
I'm not sure my situation is that simple.

The purpose of my post is to get openssh version 6 running as per this thread. I haven't been able to do this.

I know I can install OpenSSH via Optware - I did this on my TEST NAS (but have since attempted to back it out and as part of this reply have now reinstalled it).
I am comparing the output from my TEST NAS (a 109Pro) with the output from my 'LIVE' NAS (a 119Pro) where I have not made any changes.

My thoughts (based on screendumps pasted further down this post).
1) On TEST, /usr/sbin/sshd reports itself to be v5.9p1 from 2012 whereas on 'LIVE' it is version 6.1p1from this year

2) If /usr/sbin/sshd is the QNAP provided sshd, why are they at different versions?
Or can the 109 only run up to version 5.9 of sshd? If so, why?

3) To see if I could improve the situation, I decided to re-install Openssh (ipkg install openssh) on the TEST box.
Rather suspiciously, v 5.91 is what is shown as a version number when it reinstalled.
This implies the version of sshd running on test at port 12121 is the one I installed and NOT the QNAP provided one.

4) Having got it installed, I can now I can connect on port 22 (as well as 12121).
How do I validate the version of ssh running on port 22?
If I run ps -ef | grep ssh then the path to the script is no longer given in the output (also pasted below) so am unclear on where it is to run/query it.
If it is still version 5.9 then I'm not running a fully patched version.



Output from TEST NAS - where I've installed OpenSSH
[~] # ps -ef |grep ssh
1608 admin 1572 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 12121
2003 admin 1940 S sshd: admin@pts/0
2027 admin 420 S grep ssh

[~] # which sshd
/usr/sbin/sshd

[~] # /usr/bin/ssh -v
OpenSSH_4.6p1, OpenSSL 0.9.7a Feb 19 2003

[~] # /usr/sbin/sshd -v
sshd: illegal option -- v
OpenSSH_5.9p1, OpenSSL 0.9.8v 19 Apr 2012


Reinstalling OpenSSH on TEST NAS
[~] # ipkg install openssh
Installing openssh (5.9p1-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optwa ... -1_arm.ipk
Configuring openssh
update-alternatives: Linking //opt/bin/scp to /opt/bin/openssh-scp
update-alternatives: Linking //opt/bin/ssh to /opt/bin/openssh-ssh

Fixing permissions on the /tmp directory...
Successfully terminated.

and a new PS -ef |grep ssh
[~] # ps -ef |grep ssh
2003 admin 1940 S sshd: admin@pts/0
2097 admin 1656 S /opt/sbin/sshd
2099 admin 2020 S sshd: admin@pts/1
2112 admin 420 S grep ssh


Output from my 'LIVE' unadulterated 119 Pro

[~] # ps -ef |grep ssh
4694 admin 588 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 22
11947 admin 1460 S sshd: admin@pts/0
13722 admin 496 S grep ssh

[~] # which sshd
/usr/sbin/sshd

[~] # /usr/bin/ssh -v
OpenSSH_6.1p1, OpenSSL 1.0.1i 6 Aug 2014

[~] # /usr/sbin/sshd -v
sshd: illegal option -- v
OpenSSH_6.1p1, OpenSSL 1.0.1i 6 Aug 2014

Many thanks.
Nigel.
NAS models: TS 109 Pro & TS119P+
joogoo
New here
Posts: 2
Joined: Mon Jan 12, 2015 8:29 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by joogoo »

Dear Mr. Wilson,

I've got some problems to install OpenSSH as default my SSHd server.
In fact, I've tried to follow the how-to instructions, but I can't figure out which ramdisk to mount.

My Qnap is a TS-453 Pro.

Thank you in advance for your help!
Regards.
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by pwilson »

joogoo wrote:Dear Mr. Wilson,

I've got some problems to install OpenSSH as default my SSHd server.
In fact, I've tried to follow the how-to instructions, but I can't figure out which ramdisk to mount.

My Qnap is a TS-453 Pro.

Thank you in advance for your help!
Regards.
I'm sorry, but I really don't understand your question.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
bert.r
Starting out
Posts: 42
Joined: Thu Jan 29, 2009 4:19 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by bert.r »

I guess he's looking for the device name for his model to mount in order to edit the autorun script. The wiki page lists quite a few models, but not his one. It would be good of that list could be made complete. I've recently been searching for a TS-269 and TS-212 and have added both to the page.
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by pwilson »

joogoo wrote:Dear Mr. Wilson,

I've got some problems to install OpenSSH as default my SSHd server.
In fact, I've tried to follow the how-to instructions, but I can't figure out which ramdisk to mount.

My Qnap is a TS-453 Pro.

Thank you in advance for your help!
Regards.

I don't own a TS-453, so I can't tell you for sure, but to create it on your NAS, it probably works like the TS-x70 series. The following commands should do it for you:

Code: Select all

mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 /tmp/config
ln -f /tmp/config/autorun.sh /tmp/config/autorun.sh.OLD
rm -f /tmp/config/autorun.sh
touch /tmp/config/autorun.sh
chmod +x /tmp/config/autorun.sh
cat <<EOF >>/tmp/config/autorun.sh
#!/bin/sh
# AUTORUN.SH - "Boot strap"
# This script forces the NAS to run "/etc/config/autorun.sh" at every startup (if this file exists).
#
/etc/config/autorun.sh
touch /tmp/autorun.ran
# done
EOF
echo "unmounting /tmp/config..."
umount /tmp/config
touch /etc/config/autorun.sh
chmod +x /etc/config/autorun.sh
cat <<EOF1 >>/etc/config/autorun.sh
#!/bin/sh
#
# /etc/config/autorun.sh - These commands run at every NAS Startup
#
###  Add your commands here 


#done
EOF1
echo "Edit /etc/config/autorun.sh for all further changes to the autostart procedure of the NAS. 
#done

Warning: This "autorun.sh" solution is specific to newer Intel-based QNAP NAS models. This solution is not correct for QNAP any ARM-based model, or older Intel-based NAS Models. You can modify the /etc/config/autorun.sh script to your requirements thereafter.

I don't for the life of me understand why you would need an autorun.sh at all for this task in the first place. If you need to customize the OpenSSH startup, simply edit /opt/etc/init.d/S40sshd. After you have accomplished this, you will need to follow the instructions for: Running /opt/etc/init.d/* on startup in QNAPedia article: Install Optware IPKG.

Startup scripts located in /opt/etc/init.d/ will run at Optware startup if you follow the instructions in this QNAPedia article. (No "autorun.sh" required).

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
joogoo
New here
Posts: 2
Joined: Mon Jan 12, 2015 8:29 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by joogoo »

pwilson wrote:
I don't own a TS-453, so I can't tell you for sure, but to create it on your NAS, it probably works like the TS-x70 series. The following commands should do it for you:

Code: Select all

mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 /tmp/config
ln -f /tmp/config/autorun.sh /tmp/config/autorun.sh.OLD
rm -f /tmp/config/autorun.sh
touch /tmp/config/autorun.sh
chmod +x /tmp/config/autorun.sh
cat <<EOF >>/tmp/config/autorun.sh
#!/bin/sh
# AUTORUN.SH - "Boot strap"
# This script forces the NAS to run "/etc/config/autorun.sh" at every startup (if this file exists).
#
/etc/config/autorun.sh
touch /tmp/autorun.ran
# done
EOF
echo "unmounting /tmp/config..."
umount /tmp/config
touch /etc/config/autorun.sh
chmod +x /etc/config/autorun.sh
cat <<EOF1 >>/etc/config/autorun.sh
#!/bin/sh
#
# /etc/config/autorun.sh - These commands run at every NAS Startup
#
###  Add your commands here 


#done
EOF1
echo "Edit /etc/config/autorun.sh for all further changes to the autostart procedure of the NAS. 
#done

Warning: This "autorun.sh" solution is specific to newer Intel-based QNAP NAS models. This solution is not correct for QNAP any ARM-based model, or older Intel-based NAS Models. You can modify the /etc/config/autorun.sh script to your requirements thereafter.

I don't for the life of me understand why you would need an autorun.sh at all for this task in the first place. If you need to customize the OpenSSH startup, simply edit /opt/etc/init.d/S40sshd. After you have accomplished this, you will need to follow the instructions for: Running /opt/etc/init.d/* on startup in QNAPedia article: Install Optware IPKG.

Startup scripts located in /opt/etc/init.d/ will run at Optware startup if you follow the instructions in this QNAPedia article. (No "autorun.sh" required).
Many thanks !
mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 /tmp/config did the trick.
I've been able to mount the ramdisk and add the autorun.sh script.
It did worked well to run because I can see /tmp/autorun.ran every time I reboot the NAS.

But for now, I haven't succeeded to run automatically OpenSSH at startup but there should be something wrong in my autorun.
Here is the code of it if you don't mind helping again :

Code: Select all

#!/bin/sh
#
# /etc/config/autorun.sh - These commands run at every NAS Startup
#
###  Add your commands here

/opt/etc/init.d/S40sshd start #added line

#done
Thanks again for your help.
Post Reply

Return to “Turbo Station Installation & Setup”