2021 updated openSSH installation instructions
=========================================
Through UI change QNAP's default SSH port to another e.g 12121
Install entware-std
ssh to qnap using the new port
if you have previously attempted to install without success, do a like housekeeping:
Code: Select all
rm -rf /opt/etc/ssh
rm -rf /share/homes/admin/.ssh
install openssh server
Code: Select all
opkg update
opkg install openssh-server
Add an user "sshd" with a custom user-id :
find
Code: Select all
[sshd]:x:110:65534:SSHD Privilege Separation:/var/empty:/bin/sh
and add below (make sure that you use a unique user-id):
Code: Select all
sshd:x:111:65534:SSHD Privilege Separation:/opt/var/empty:/bin/false
do the same for /etc/shadow file, so it looks like:
Code: Select all
vi /etc/shadow
[sshd]:!:18530:0:99999:7:::
sshd:!:18531:0:99999:7:::
create host keys:
check that the server is running
if no errors come up then utilize autorun.sh to start the daemon automatically
check here for your model
https://wiki.qnap.com/wiki/Running_Your ... at_Startup
and replace
mount $(/sbin/hal_app --get_boot_pd port_id=0)6 /tmp/config with your model's specific mount option:
Code: Select all
vi /share/homes/admin/editautoconfig.sh
copy/paste the below content, save and exit vi
Code: Select all
#!/bin/sh
# script to ease autorun.sh edit
# check: https://wiki.qnap.com/wiki/Running_Your_Own_Application_at_Startup
mount $(/sbin/hal_app --get_boot_pd port_id=0)6 /tmp/config
touch /tmp/config/autorun.sh
chmod +x /tmp/config/autorun.sh
$EDITOR /tmp/config/autorun.sh
umount /tmp/config
make it executable
Code: Select all
chmod +x /share/homes/admin/editautoconfig.sh
run it (run it every time you need to add content to autorun.sh)
Code: Select all
cd /share/homes/admin/
./editautoconfig
add content below, save and exit the editor
Code: Select all
#!/bin/sh
# Start OpenSSH
/opt/sbin/sshd
create .ssh directory and authorized_keys file in user's home directory
Code: Select all
cd /share/homes/admin
mkdir .ssh
touch .ssh/authorized_keys
create public/private keys and add public to authorized_keys using e.g PuTTYgen
meaning that when created the files, copy public key, go back to terminal and:
Code: Select all
echo <public-key-contents> > /share/homes/admin/.ssh/authorized_keys
set correct permissions:
Code: Select all
chmod 0711 /share/homes/admin/
chmod 0700 .ssh/
chmod 0600 .ssh/authorized_keys
now try to connect to the server using e.g putty and using the key you created
if everything is ok, then no password is needed and you will be logged in using the key
now enable only public key authentication
check that the following apply:
Code: Select all
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication no
after each change to /opt/etc/ssh/sshd_config restart the server
killall -HUP sshd
try to login again to the server
done
p.s if you need to add keys for another user, go to user's home folder, create the .ssh directory and authorized_keys file, make keys and add public key to authorized_key.
if this is done using admin account then change ownership of .ssh/ directory to specified user by chown -R /share/homes/<user>/.ssh
finally set permissions as above
ssh to server