[HOW-TO] Install Optware/OpenSSH as default SSHd Server

Discussion on setting up QNAP NAS products.
Post Reply
arthurart85
First post
Posts: 1
Joined: Mon May 27, 2013 11:12 pm

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by arthurart85 »

I think i won't be "off topic" with my intervention but i am experiencing a pretty big problem also with my ssh admin login to a QNAP ts-419p.
The things is that i am only able to login with admin (since the sshd_config file must contains "AllowUsers admin") but the password is not recognized.
Of course i have double checked and did not make a too long or short password.
Password for admin on the web interface works but not for ssh nor telnet.
I think i have screwed up something on the sshd_config file or something else.
Also i have installed OpenSSH and there may be some confusion between which port is listenning on what...
I would like to know before i do a reboot of the qnap if,
- first it can resolve those kind of problems and
- if all my apache configuration won't be reset (stuff like SSL certificates and keys)
Thanks.
Hope to hear any solution...

(ps: i have installed OpenSSH in order to use gitosis on qnap)
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by pwilson »

arthurart85 wrote:I think i won't be "off topic" with my intervention but i am experiencing a pretty big problem also with my ssh admin login to a QNAP ts-419p.
The things is that i am only able to login with admin (since the sshd_config file must contains "AllowUsers admin") but the password is not recognized.
Of course i have double checked and did not make a too long or short password.
Password for admin on the web interface works but not for ssh nor telnet.
I think i have screwed up something on the sshd_config file or something else.
Also i have installed OpenSSH and there may be some confusion between which port is listenning on what...
I would like to know before i do a reboot of the qnap if,
- first it can resolve those kind of problems and
- if all my apache configuration won't be reset (stuff like SSL certificates and keys)
Thanks.
Hope to hear any solution...

(ps: i have installed OpenSSH in order to use gitosis on qnap)
You can check the status of your SSHd/OpenSSH daemons with the following command:

Code: Select all

ps faxo "%U %t %p %a" | grep sshd | grep -v grep
On my NAS is provides the following output:

Code: Select all

ps faxo "%U %t %p %a" | grep sshd | grep -v grep 
admin    12-00:23:11 12199 /opt/sbin/sshd
admin          00:37  2948  \_ sshd: admin@pts/4
admin    12-00:21:46 27104 /usr/sbin/sshd -f /etc/ssh/sshd_config -p 12121
You'll note in this output that both /usr/sbin/sshd (QNAP version) (running on port 12121/TCP), and /opt/sbin/sshd (OpenSSH) are running.

Nothing in my tutorial changes anything in QNAP's apache setup, so nothing in my tutorial should adversely affect your Webserver at all. Both SSHd daemons use the standard /etc/passwd file (unless pre-shared keys are configured), so I can not explain why your password is failing. Is you password working with either daemon?

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
fantomas
Experience counts
Posts: 1560
Joined: Mon Feb 07, 2011 5:40 am
Location: Bratislava, Slovakia
Contact:

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by fantomas »

seems that 4.0.1 has openssh:
sshd: illegal option -- v
OpenSSH_6.1p1, OpenSSL 0.9.7a Feb 19 2003
experience with administration of UN*X (mostly linux) and applications on internet servers since 1994...
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by pwilson »

fantomas wrote:seems that 4.0.1 has openssh:
sshd: illegal option -- v
OpenSSH_6.1p1, OpenSSL 0.9.7a Feb 19 2003
True enough it does. However, check out the OpenSSL version! The Optware version includes OpenSSL from 2012.

Code: Select all

/opt/sbin/sshd -v
sshd: illegal option -- v
OpenSSH_5.9p1, OpenSSL 0.9.8v 19 Apr 2012
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
            [-f config_file] [-g login_grace_time] [-h host_key_file]
            [-k key_gen_time] [-o option] [-p port] [-u len]

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
fantomas
Experience counts
Posts: 1560
Joined: Mon Feb 07, 2011 5:40 am
Location: Bratislava, Slovakia
Contact:

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by fantomas »

that's correct. however I was trying to use 4.0.1 beta with openssl 1.0 installed. It seemed to work without problems - hopefully it will get to official firmware soon.
experience with administration of UN*X (mostly linux) and applications on internet servers since 1994...
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by pwilson »

fantomas wrote:that's correct. however I was trying to use 4.0.1 beta with openssl 1.0 installed. It seemed to work without problems - hopefully it will get to official firmware soon.
Yeah, that would be nice. Unlike the original QNAP SSHd daemon, the OpenSSH daemon properly respects the $HOME directory in the /etc/passwd file. I have complained about this issue for the past 3 years through more than 10 Firmware versions, so it would be nice if QNAP finally fixes this annoying issue.

OpenSSH/OpenSSL is indeed the long term solution. However, owners of "legacy" QNAP NAS models will likely need to continue to use my solution, as they are no longer getting Firmware upgrades, and therefore will NOT get this upgrade from QNAP.

I hope for their sake that they will follow my advice in this thread rather than attempting to follow QNAPedia article: How To Replace SSH Daemon With OpenSSH. As I alluded to in my original post in this thread, I believe that following the QNAPedia article: How To Replace SSH Daemon With OpenSSH is dangerous, as it can result in "Lockout" if Optware/OpenSSH doesn't load, and the QNAP one is no longer present.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
Kiekse
New here
Posts: 3
Joined: Wed Jul 24, 2013 2:31 pm

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by Kiekse »

Dear Patrick,

meanwhile there is the 4.02 Firmware as offical version.
Have you checked if the internal OpenSSH-Daemon respects the $HOME-Directory in the /etc/passwd yet?

If so, I don't need to install OpenSSH from optware, right?

Best regards and thanks a lot for this article!
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install OpenSSH as default SSHd Server

Post by pwilson »

Kiekse wrote:Dear Patrick,

meanwhile there is the 4.02 Firmware as offical version.
Have you checked if the internal OpenSSH-Daemon respects the $HOME-Directory in the /etc/passwd yet?

If so, I don't need to install OpenSSH from optware, right?

Best regards and thanks a lot for this article!
Yes, I've checked. It's still "broken":

QNAP SSHd:

Code: Select all

ssh admin@nasty2 -p 12121
admin@nasty2's password: 
[~] # echo $HOME
/root
[~] # echo $PS1
[\w] #
[~] # echo $PATH
/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/jre/bin
[~] # /bin/ps | grep sshd | grep 12121
23856 admin       952 S   /usr/sbin/sshd -f /etc/ssh/sshd_config -p 12121 
[~] # /usr/sbin/sshd -v
sshd: illegal option -- v
OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
            [-f config_file] [-g login_grace_time] [-h host_key_file]
            [-k key_gen_time] [-o option] [-p port] [-u len]
[~] # 


My solution runs "my" Bash initialization files, which fixes the $HOME variable, my prompt ($PS1), and my $PATH properly:

My custom Optware/OpenSSH solution:

Code: Select all

ssh admin@nasty2
HOME = /share/homes/admin

admin@NASTY2:~# echo $HOME
/share/homes/admin
admin@NASTY2:~# echo $PS1
\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$
admin@NASTY2:~# echo $PATH
/share/homes/admin/bin:/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/jre/bin
admin@NASTY2:~# 
As the QNAP version persists in placing "admin" in /root, and because the Firmware overwrites the BASH initialization files in /root at every boot, it makes the using the QNAP SSHd very inconvenient indeed. I've stopped whining about this in the Forums, as my solution provides complete relief for this stupid implementation, and as QNAP continues to ignore this request, I've simply given up asking.

My solution works properly, and yet still permits access to the QNAP provided one, if for some reason OpenSSH doesn't load properly. I have done more than 10 Firmware upgrades since implementing my solution, and it continues to work as I expect without requiring any further tweaking. (I've even setup my SSH authorized keys on my OpenSSH setup, so that I don't even have to provide a password when I access my NAS via SSH).

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
stefan1201
First post
Posts: 1
Joined: Fri Oct 18, 2013 6:36 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by stefan1201 »

Hello Patrick,

I followed your very detailed instruction.
Thanks for that.

I have a openSuse client and I want to use the backup software "back in time" to make backups on my Qnap.
This software requires password-less authentication via ssh (solved) and sshfs for mounting.
I made some tests and the sshfs mounting does not work on the port 22 at all.
The Qnap build-in on port (8022, the one I took) is working fine and allows a sshfs mount without any issues.
How do I make this feature also available to the openssh port 22?
Did I miss something?

I am using a TS-219P+ latest firmware version installed.

Thanks in advance
Stefan
Marc.O
New here
Posts: 5
Joined: Sat Dec 28, 2013 10:29 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by Marc.O »

Hello Patrick,

Thank you for this nice and clear HOW-TO. I am encountering a problem with auto starting openSSH though :(
I am using firmware version: 4.0.5.
When I run my autorun.sh manually it works fine, openSSH starts and I can use it. But when I reboot openSSH is not running.

My autorun.sh:

Code: Select all

#!/bin/sh
#Overwrite usb.agent for printer to work
echo "`date` : Overwritting usb.agent" > /share/MD0_DATA/.qpkg/autorun/autorunLog.txt
cp /share/Programs/HPdriverQNAP/usb.agent /etc/hotplug

#Start openSSH
echo "`date` : Starting openSSH" >> /share/MD0_DATA/.qpkg/autorun/autorunLog.txt
#/opt/sbin/sshd
/share/MD0_DATA/.qpkg/Optware/sbin/sshd
I tried both lines but they give the same result.

After rebooting the log file shows the echo lines:
Sat Dec 28 15:37:36 CET 2013 : Overwritting usb.agent
Sat Dec 28 15:37:36 CET 2013 : Starting openSSH

But # ps | grep ssh returns:
4504 admin 1072 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 222
7783 admin 1988 S sshd: admin@pts/0
8759 admin 576 S grep ssh

Does anyone have an idea what is going wrong?

Best regards,

Marco
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by pwilson »

Marc.O wrote:Hello Patrick,

Thank you for this nice and clear HOW-TO. I am encountering a problem with auto starting openSSH though :(
I am using firmware version: 4.0.5.
When I run my autorun.sh manually it works fine, openSSH starts and I can use it. But when I reboot openSSH is not running.

My autorun.sh:

Code: Select all

#!/bin/sh
#Overwrite usb.agent for printer to work
echo "`date` : Overwritting usb.agent" > /share/MD0_DATA/.qpkg/autorun/autorunLog.txt
cp /share/Programs/HPdriverQNAP/usb.agent /etc/hotplug

#Start openSSH
echo "`date` : Starting openSSH" >> /share/MD0_DATA/.qpkg/autorun/autorunLog.txt
#/opt/sbin/sshd
/share/MD0_DATA/.qpkg/Optware/sbin/sshd
I tried both lines but they give the same result.

After rebooting the log file shows the echo lines:
Sat Dec 28 15:37:36 CET 2013 : Overwritting usb.agent
Sat Dec 28 15:37:36 CET 2013 : Starting openSSH

But # ps | grep ssh returns:
4504 admin 1072 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 222
7783 admin 1988 S sshd: admin@pts/0
8759 admin 576 S grep ssh

Does anyone have an idea what is going wrong?

Best regards,

Marco
Try this...

Code: Select all

/share/MD0_DATA/.qpkg/Optware/sbin/sshd -f /share/MD0_DATA/.qpkg/Optware/etc/openssh/sshd_config

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
Marc.O
New here
Posts: 5
Joined: Sat Dec 28, 2013 10:29 pm

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by Marc.O »

Try this...

Code: Select all

/share/MD0_DATA/.qpkg/Optware/sbin/sshd -f /share/MD0_DATA/.qpkg/Optware/etc/openssh/sshd_config
Thnx for the fast reply. But it is still not running after a reboot:
ps | grep ssh
4600 admin 1080 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 222
6559 admin 2224 S sshd: admin@pts/0
7621 admin 576 R grep ssh
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by pwilson »

Marc.O wrote:
Try this...

Code: Select all

/share/MD0_DATA/.qpkg/Optware/sbin/sshd -f /share/MD0_DATA/.qpkg/Optware/etc/openssh/sshd_config
Thnx for the fast reply. But it is still not running after a reboot:
ps | grep ssh
4600 admin 1080 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 222
6559 admin 2224 S sshd: admin@pts/0
7621 admin 576 R grep ssh
What does the System Log tell you?

Code: Select all

grep ssh /var/log/messages

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by Moogle Stiltzkin »

thk you wilson for the guide.

just want to ask though, what does openssh have that qnap's default ssh doesn't ?
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server

Post by schumaku »

It's not limited to admin logins only...
Post Reply

Return to “Turbo Station Installation & Setup”