[HOW-TO] Install Optware/OpenSSH as default SSHd Server
-
- Getting the hang of things
- Posts: 76
- Joined: Wed Oct 06, 2010 10:55 pm
Re: OpenSSH/QNAP SSH Public Key Authentication Fails
I am going to need to right now. Permissions are changing very often and driving me nuts. Where do you place you scripts where the permissions are not changed by the QNAP and they do not get deleted? /share/homes/admin/.ssh is not going to work. I keep losing the + x and have to reapply it
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: OpenSSH/QNAP SSH Public Key Authentication Fails
Create your own "custom" folder in /share/CACHEDEV1_DATA, and place your "custom" scripts etc there. You can then get your "autorun.sh" file to run it from there.filovirus wrote:I am going to need to right now. Permissions are changing very often and driving me nuts. Where do you place you scripts where the permissions are not changed by the QNAP and they do not get deleted? /share/homes/admin/.ssh is not going to work. I keep losing the + x and have to reapply it
Code: Select all
mkdir -p /share/CACHEDEV1_DATA/custom
rm -f /share/CACHEDEV1_DATA/custom/fix-OpenSSH-perms.sh
touch /share/CACHEDEV1_DATA/custom/fix-OpenSSH-perms.sh
chmod 755 /share/CACHEDEV1_DATA/custom/fix-OpenSSH-perms.sh
cat <<EOF >>/share/CACHEDEV1_DATA/custom/fix-OpenSSH-perms.sh
#!/bin/sh
#
# Fix Permissions on the $HOME directory for "admin", so that OpenSSH Authorized Keys work.
#
chmod 700 /share/homes/admin
chmod 700 /share/homes/admin/.ssh
chmod 600 /share/homes/admin/.ssh/*
chmod 644 /share/homes/admin/.ssh/*.pub
#EOF
EOF
#done
Code: Select all
/bin/sh /share/CACHEDEV1_DATA/custom/fix-OpenSSH-perms.sh
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
Why are you doing all this nonsense? OpenSSH already has a "startup" script, you simply need to enable it. You do NOT need to create a pseudo-QPKG for this at all. You are making this way more complicated than it needs to be.Jman420 wrote:I've been working on getting a full OpenSSH replacement for the QNAP SSH for a few years now and I've had moderate success. I've worked around the 'lock out' issue that schumaku & pwilson have mentioned by avoiding replacing the default QNAP sshd and instead starting the Optware OpenSSH manually. Since I never actually replace the default QNAP sshd file I am able to restart the QNAP SSH by going to the Admin Web UI and disabling and then re-enabling the SSH server from there. Here is the script I use; this script gets called at start up (I use the qpkg.conf method for my startup scripts):Still one issue that concerns me though, the Optware OpenSSH login attempts don't appear in the QNAP System Logs, in fact Optware OpenSSH doesn't seem to log anything anywhere. I have found where I believe that QNAP stores its system logs (/mnt/HDA_ROOT/.logs). They seem to be SQLite files. I'm hoping that I can inject the Optware OpenSSH logs into the QNAP System Logs in some way. Going to keep digging and changing OpenSSH settings around logging to try to get it to log to somewhere.Code: Select all
#!/bin/sh QPKG_NAME="OpenSSH" QNAP_SSH="/usr/sbin/sshd" OPEN_SSH="/opt/sbin/sshd" SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22` OPEN_SSH_SETTINGS="/share/AppShells/AppData/OpenSSH/sshd_config" QNAP_SSH_SETTINGS="/etc/ssh/sshd_config" _exit() { echo -e "Error: $*" echo exit 1 } case "$1" in start) echo "Stopping QNAP SSH Server" /sbin/daemon_mgr sshd stop "$QNAP_SSH -f $QNAP_SSH_SETTINGS -p $SSH_PORT" # kill `ps aux | grep sshd | grep -v grep | awk '{print $1}'` killall sshd echo "Starting OpenSSH" /sbin/daemon_mgr sshd start "$OPEN_SSH -f $OPEN_SSH_SETTINGS -p $SSH_PORT" ;; stop) echo "Stopping OpenSSH" /sbin/daemon_mgr sshd stop "$OPEN_SSH -f $OPEN_SSH_SETTINGS -p $SSH_PORT" # kill `ps aux | grep sshd | grep -v grep | awk '{print $1}'` killall sshd echo "Starting QNAP SSH Server" /sbin/daemon_mgr sshd start "$QNAP_SSH -f $QNAP_SSH_SETTINGS -p $SSH_PORT" ;; restart) echo "Restarting OpenSSH Server..." $0 stop $0 start echo "Done!" ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0
Simply follow the Running /opt/etc/init.d/* on startup section of QNAPedia article: Install Optware IPKG, so that the pre-existing script: /opt/etc/init.d/S40sshd runs when Optware loads at Startup.
As for "logging" simply modify your /opt/etc/openssh/sshd_config to enable any logging you require. Google is your friend, when it comes to customizing your sshd_config file to your specifications.
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
-
- Getting the hang of things
- Posts: 59
- Joined: Sat Sep 19, 2009 12:32 am
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
When I had originally written the script the QPKG Manager picked up the entries that I had added to qpkg.conf and I could enable/disable the functionality individually from the Web UI, but that was before QTS 4.0 and the App Manager. I also like the control it gives me since the script not only handles startup, but also stopping OpenSSH and re-enabling the default sshd. For a simpler setup the init.d method is sufficient and probably ideal, but I wanted more control. I'm also holding out some hope that I will find a way to manually add entries to the App Manager so I can control these scripts from the Web UI again.pwilson wrote: Why are you doing all this nonsense? OpenSSH already has a "startup" script, you simply need to enable it. You do NOT need to create a pseudo-QPKG for this at all. You are making this way more complicated than it needs to be.
Simply follow the Running /opt/etc/init.d/* on startup section of QNAPedia article: Install Optware IPKG, so that the pre-existing script: /opt/etc/init.d/S40sshd runs when Optware loads at Startup.
As for "logging" simply modify your /opt/etc/openssh/sshd_config to enable any logging you require. Google is your friend, when it comes to customizing your sshd_config file to your specifications.
Still researching the sshd_config logging stuff. I thought that by default OpenSSH logged login attempts to /var/log/auth.log or possibly /opt/var/log/auth.log for Optware, but it seems neither of those files exist. Need to dig more into the sshd_config logging settings.
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
Creating "home brew" solutions makes it impossible for people to help you.Jman420 wrote:When I had originally written the script the QPKG Manager picked up the entries that I had added to qpkg.conf and I could enable/disable the functionality individually from the Web UI, but that was before QTS 4.0 and the App Manager. I also like the control it gives me since the script not only handles startup, but also stopping OpenSSH and re-enabling the default sshd. For a simpler setup the init.d method is sufficient and probably ideal, but I wanted more control. I'm also holding out some hope that I will find a way to manually add entries to the App Manager so I can control these scripts from the Web UI again.pwilson wrote: Why are you doing all this nonsense? OpenSSH already has a "startup" script, you simply need to enable it. You do NOT need to create a pseudo-QPKG for this at all. You are making this way more complicated than it needs to be.
Simply follow the Running /opt/etc/init.d/* on startup section of QNAPedia article: Install Optware IPKG, so that the pre-existing script: /opt/etc/init.d/S40sshd runs when Optware loads at Startup.
As for "logging" simply modify your /opt/etc/openssh/sshd_config to enable any logging you require. Google is your friend, when it comes to customizing your sshd_config file to your specifications.
Still researching the sshd_config logging stuff. I thought that by default OpenSSH logged login attempts to /var/log/auth.log or possibly /opt/var/log/auth.log for Optware, but it seems neither of those files exist. Need to dig more into the sshd_config logging settings.
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
-
- Getting the hang of things
- Posts: 76
- Joined: Wed Oct 06, 2010 10:55 pm
Re: OpenSSH/QNAP SSH Public Key Authentication Fails
I have some things I need help working through
1. /share/CE_CACHEDEV1_DATA is encrypted. When I reboot, /share/CE_CACHEDEV1_DATA /.qpkg/autorun/autorun.sh cannot be read, at least until I mount the volume.
2. /opt/sbin/sshd did not restart on reboot. I had to manually start with the command /opt/sbin/sshd 2>/dev/null. I am able to login without a pw from the OSX Box without a pw afterward. Again, I suspect the encryption could be to blame for not loading optware on reboot.
3. I added /share/CE_CACHEDEV1_DATA /.qpkg/autorun/autorun.sh to /etc/config/crontab per http://wiki.qnap.com/wiki/Add_items_to_ ... tart.C2.A0 I do not know how to check if it is running the autorun.sh script.
Here is my openssl_perm.sh permissions and script.
Here is autorun.sh permissions and script
And finally the crontab file
Crontab changes were loaded and cron restarted per the wiki.
1. /share/CE_CACHEDEV1_DATA is encrypted. When I reboot, /share/CE_CACHEDEV1_DATA /.qpkg/autorun/autorun.sh cannot be read, at least until I mount the volume.
2. /opt/sbin/sshd did not restart on reboot. I had to manually start with the command /opt/sbin/sshd 2>/dev/null. I am able to login without a pw from the OSX Box without a pw afterward. Again, I suspect the encryption could be to blame for not loading optware on reboot.
3. I added /share/CE_CACHEDEV1_DATA /.qpkg/autorun/autorun.sh to /etc/config/crontab per http://wiki.qnap.com/wiki/Add_items_to_ ... tart.C2.A0 I do not know how to check if it is running the autorun.sh script.
Here is my openssl_perm.sh permissions and script.
Code: Select all
/share/CE_CACHEDEV1_DATA/jpvscripts: ls -l
drwxrwxrwx 2 admin administ 4096 Oct 7 12:51 @Recycle/
-rwx--x--x 1 admin administ 248 Oct 7 14:03 openssh_perm.sh*
-rwx--x--x 1 admin administ 45 Oct 7 12:53 ssh_check.sh*
#!/bin/sh
#
# Fix Permissions on the $HOME directory for "admin", so that OpenSSH Authorized Keys work.
#
chmod 700 /share/homes/admin
chmod 700 /share/homes/admin/.ssh
chmod 600 /share/homes/admin/.ssh/*
chmod 644 /share/homes/admin/.ssh/*.pub
Code: Select all
/share/CE_CACHEDEV1_DATA/.qpkg/autorun: ls -l
-rwxr-xr-x 1 admin administ 439 Oct 7 13:32 autorun.sh*
#!/bin/sh
/bin/sh /share/CACHEDEV1_DATA/jpvscripts/openssh_perm.sh
Code: Select all
# m h dom m dow cmd
0 2 * * * /sbin/qfstrim
0 4 * * * /sbin/hwclock -s
0 3 * * * /sbin/vs_refresh
0 3 * * * /sbin/clean_reset_pwd
0-59/15 * * * * /etc/init.d/nss2_dusg.sh
30 7 * * * /sbin/clean_upload_file
0 3 * * * /bin/rm -rf /mnt/HDA_ROOT/twonkymedia/twonkymedia.db/cache/*
10 15 * * * /usr/bin/power_clean -c 2>/dev/null
0 3 * * * /etc/init.d/ImRd.sh bgThGen
0-59/10 * * * * /etc/init.d/storage_usage.sh
30 3 * * * /sbin/notice_log_tool -v -R
0 3 * * 0 /etc/init.d/idmap.sh dump
* * * * * /bin/sh /share/CACHEDEV1_DATA/jpvscripts/openssh_perm.sh
49 13 * * * /usr/bin/qcloud_cli -c
4 3 * * 3 /etc/init.d/backup_conf.sh
30 7 * * * /usr/local/sbin/version_cleaner -t 0 > /dev/null 2>/dev/null
3 * * * * /sbin/qddns_check 2>/dev/null
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: OpenSSH/QNAP SSH Public Key Authentication Fails
Looking good. I can not help with Encrypted drives. I have no experience with QNAP's LUKS Drive Encryption, and I have no desire to learn about it. While I may well create an encrypted "secondary" storage volume on a UX-500P Expansion chassis later, I would never encrypt my boot partition, due to headaches such as this.filovirus wrote:I have some things I need help working through
1. /share/CE_CACHEDEV1_DATA is encrypted. When I reboot, /share/CE_CACHEDEV1_DATA /.qpkg/autorun/autorun.sh cannot be read, at least until I mount the volume.
2. /opt/sbin/sshd did not restart on reboot. I had to manually start with the command /opt/sbin/sshd 2>/dev/null. I am able to login without a pw from the OSX Box without a pw afterward. Again, I suspect the encryption could be to blame for not loading optware on reboot.
3. I added /share/CE_CACHEDEV1_DATA /.qpkg/autorun/autorun.sh to /etc/config/crontab per http://wiki.qnap.com/wiki/Add_items_to_ ... tart.C2.A0 I do not know how to check if it is running the autorun.sh script.
Here is my openssl_perm.sh permissions and script.
Here is autorun.sh permissions and scriptCode: Select all
/share/CE_CACHEDEV1_DATA/jpvscripts: ls -l drwxrwxrwx 2 admin administ 4096 Oct 7 12:51 @Recycle/ -rwx--x--x 1 admin administ 248 Oct 7 14:03 openssh_perm.sh* -rwx--x--x 1 admin administ 45 Oct 7 12:53 ssh_check.sh* #!/bin/sh # # Fix Permissions on the $HOME directory for "admin", so that OpenSSH Authorized Keys work. # chmod 700 /share/homes/admin chmod 700 /share/homes/admin/.ssh chmod 600 /share/homes/admin/.ssh/* chmod 644 /share/homes/admin/.ssh/*.pub
And finally the crontab fileCode: Select all
/share/CE_CACHEDEV1_DATA/.qpkg/autorun: ls -l -rwxr-xr-x 1 admin administ 439 Oct 7 13:32 autorun.sh* #!/bin/sh /bin/sh /share/CACHEDEV1_DATA/jpvscripts/openssh_perm.sh
Code: Select all
# m h dom m dow cmd 0 2 * * * /sbin/qfstrim 0 4 * * * /sbin/hwclock -s 0 3 * * * /sbin/vs_refresh 0 3 * * * /sbin/clean_reset_pwd 0-59/15 * * * * /etc/init.d/nss2_dusg.sh 30 7 * * * /sbin/clean_upload_file 0 3 * * * /bin/rm -rf /mnt/HDA_ROOT/twonkymedia/twonkymedia.db/cache/* 10 15 * * * /usr/bin/power_clean -c 2>/dev/null 0 3 * * * /etc/init.d/ImRd.sh bgThGen 0-59/10 * * * * /etc/init.d/storage_usage.sh 30 3 * * * /sbin/notice_log_tool -v -R 0 3 * * 0 /etc/init.d/idmap.sh dump * * * * * /bin/sh /share/CACHEDEV1_DATA/jpvscripts/openssh_perm.sh 49 13 * * * /usr/bin/qcloud_cli -c 4 3 * * 3 /etc/init.d/backup_conf.sh 30 7 * * * /usr/local/sbin/version_cleaner -t 0 > /dev/null 2>/dev/null 3 * * * * /sbin/qddns_check 2>/dev/null
Sorry, but I doubt I can help further with this particular issue.
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
-
- Getting the hang of things
- Posts: 76
- Joined: Wed Oct 06, 2010 10:55 pm
Re: OpenSSH/QNAP SSH Public Key Authentication Fails
ok, thank you very much.
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
-
- Starting out
- Posts: 36
- Joined: Fri Feb 14, 2014 1:54 am
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
pwilson wrote:I have no idea what is happening on your TS-212, but it still works here as expected under Firmware 4.1.0 Build 20140504 on my TS-470 Pro. (I do however thank-you for the observation, as I must confess that I have not been testing this here after every Firmware Upgrade).Jingo wrote:Nice setup, I recently set up something similar to this on my 212.
Just wanted to point out that setting the shell to /bin/false on firmware 4.0.5 actually results in a valid shell, since /bin/false is a link back to the main busybox executable.
I guess for some reason the sshd looksat the symlink and uses the actual file, so it doesn't actually get called as false, resulting in a shell.
You might want to try installing "coreutils" under Optware to see if /opt/bin/false works. (Both work here).
Code: Select all
admin@NASTY2:~# ls -lF $(which false) lrwxrwxrwx 1 admin administrators 15 2014-01-01 12:51 /opt/bin/false -> coreutils-false*
I only just saw your reply, so I apologize for the late reply.
I'm away from home at the moment, but based on my experience setting the shell to /bin/false is a security concern. It resulted in a valid shell, which is not the expected behavior.
I'm home on Friday and will test again with both the Qnap SSH and OpenSSH to see if I can reproduce this behavior.
After doing a cursory search it does seem that there were, at least at one point essentially two versions of 'false' that shipped with busybox, that would act differently depending on how it was called which could explain our differing experiences.
-
- Starting out
- Posts: 36
- Joined: Fri Feb 14, 2014 1:54 am
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
Well I can't reproduce it. While I was following the procedure to move the Qnap SSH to a different port as a backup and have OpenSSH as my main, did experience /bin/false resulting in a valid shell. I did something to fix it, and only wish I had documented those steps.Jingo wrote:pwilson wrote:I have no idea what is happening on your TS-212, but it still works here as expected under Firmware 4.1.0 Build 20140504 on my TS-470 Pro. (I do however thank-you for the observation, as I must confess that I have not been testing this here after every Firmware Upgrade).Jingo wrote:Nice setup, I recently set up something similar to this on my 212.
Just wanted to point out that setting the shell to /bin/false on firmware 4.0.5 actually results in a valid shell, since /bin/false is a link back to the main busybox executable.
I guess for some reason the sshd looksat the symlink and uses the actual file, so it doesn't actually get called as false, resulting in a shell.
You might want to try installing "coreutils" under Optware to see if /opt/bin/false works. (Both work here).
Code: Select all
admin@NASTY2:~# ls -lF $(which false) lrwxrwxrwx 1 admin administrators 15 2014-01-01 12:51 /opt/bin/false -> coreutils-false*
In any case I would advise people to actually verify no shell is granted after logging in after setting a users shell to /bin/false.
-
- Getting the hang of things
- Posts: 76
- Joined: Wed Oct 06, 2010 10:55 pm
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
Hi Patrick,
If we run both Optware and QNAP SSH on separate ports, this means there are two ssh_config files for each, correct? i.e./etc/config/ and /opt/etc/config/
Does this mean I need to manage two separate sets of keys to use key authentication for each ssh? Is it possible to scale it down have both look at a single location with only one key pair?
Thanks,
Jerold
If we run both Optware and QNAP SSH on separate ports, this means there are two ssh_config files for each, correct? i.e./etc/config/ and /opt/etc/config/
Does this mean I need to manage two separate sets of keys to use key authentication for each ssh? Is it possible to scale it down have both look at a single location with only one key pair?
Thanks,
Jerold
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
The reason for keeping both ssh is to avoid touching the QNAP standard sshd - where code and configuration can be forced changed with any boot or firmware update again.filovirus wrote:If we run both Optware and QNAP SSH on separate ports, this means there are two ssh_config files for each, correct? i.e./etc/config/ and /opt/etc/config/
-
- Getting the hang of things
- Posts: 76
- Joined: Wed Oct 06, 2010 10:55 pm
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
Are you recommending maintaining two sets of key pairs (one for each) and just export both public keys as needed? I absolutely do want to maintain both openssh and qnap in the event the openssh doesn't start/gets overwritten on reboot/firmware update. Having two sets of keys just seems to confuse me a bit and I was hoping to use the same set of key files for both ssh services.
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
-
- Getting the hang of things
- Posts: 76
- Joined: Wed Oct 06, 2010 10:55 pm
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
Are you recommending maintaining two sets of key pairs (one for each) and just export both public keys as needed? I absolutely do want to maintain both openssh and qnap in the event the openssh doesn't start/gets overwritten on reboot/firmware update. Having two sets of keys just seems to confuse me a bit and I was hoping to use the same set of key files for both ssh services.
TS-870 Pro EOL - JBOD/NAS Backup Remote
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
TS-873 QTS 5.0.0.2055 (5/13/2022) Seagate 6tb x 8 in RAID10
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: [HOW-TO] Install Optware/OpenSSH as default SSHd Server
Keep the standard QNAP sshd on it's QNAP configuration for password auth for admin only untouched. If anything goes mad - you still have this back door.