In the current version of QNAP 4.2.0 build 20160130, SSH / SFTP can only be used by the "admin" to login remotely, however SFTP is becoming a very popular method for secure remote access to FTP servers for File Management (more so I find than FTP with SSL)
Need to be able to separate SSH / SFTP from for instance Telnet or allow Admins to define whether SFTP is permitted for end users so that SFTP can be used to upload files as well.
SSH/SFTP not to be restricted to Admin Only
-
- New here
- Posts: 2
- Joined: Fri Dec 07, 2012 8:34 am
- Don
- Guru
- Posts: 12289
- Joined: Thu Jan 03, 2008 4:56 am
- Location: Long Island, New York
Re: SSH/SFTP not to be restricted to Admin Only
You need to open a ticket with QNAP to request enhancements.
Use the forum search feature before posting.
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
-
- New here
- Posts: 3
- Joined: Thu Jan 07, 2016 5:50 am
Re: SSH/SFTP not to be restricted to Admin Only
PLUS 1.
I agree... this would be a very handy solution to provide a secure FTP transfer for standard users
(ie. the Teenagers data. I don't want their FTP data out in the open, but I also don't want them to be admins).
Not being a programmer, my simple (and I must admit possibly wrong) recommendation would be a check box option in the "User Management" section under "Applications Privileges" option. Currently FTP Service is already there, I'd recommend an option/checkbox to allow SFTP Service to the users listed there.
Thanks,
-DGW.
I agree... this would be a very handy solution to provide a secure FTP transfer for standard users
(ie. the Teenagers data. I don't want their FTP data out in the open, but I also don't want them to be admins).
Not being a programmer, my simple (and I must admit possibly wrong) recommendation would be a check box option in the "User Management" section under "Applications Privileges" option. Currently FTP Service is already there, I'd recommend an option/checkbox to allow SFTP Service to the users listed there.
Thanks,
-DGW.
- Don
- Guru
- Posts: 12289
- Joined: Thu Jan 03, 2008 4:56 am
- Location: Long Island, New York
Re: SSH/SFTP not to be restricted to Admin Only
Saying +1 on a community forum accomplishes nothing. OPEN A TICKET WITH QNAP!!!!dgwieda wrote:PLUS 1.
I agree... this would be a very handy solution to provide a secure FTP transfer for standard users
(ie. the Teenagers data. I don't want their FTP data out in the open, but I also don't want them to be admins).
Not being a programmer, my simple (and I must admit possibly wrong) recommendation would be a check box option in the "User Management" section under "Applications Privileges" option. Currently FTP Service is already there, I'd recommend an option/checkbox to allow SFTP Service to the users listed there.
Thanks,
-DGW.
Use the forum search feature before posting.
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
-
- Starting out
- Posts: 28
- Joined: Mon Dec 05, 2016 1:57 pm
Re: SSH/SFTP not to be restricted to Admin Only
Is there any open ticket on this? What's QNAP's position?
At the moment the only option would be tweaking with /etc/ssh/sshd_config and startup scripts
At the moment the only option would be tweaking with /etc/ssh/sshd_config and startup scripts
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: SSH/SFTP not to be restricted to Admin Only
Always when talking to QNAP I hear that SSH access is for troubleshooting only.solitone wrote:What's QNAP's position?
QTS 4.3 has introduced the ability for configuring SSH/SFTP users in a list ... and the users need to be members of the administrators group. This might address the multi-user administration requirements only in my opinion.
This is no help at all when it comes to sftp usage - we need sftp access for administrators _and_ non-administrators - selectable a full root access, vs a rooted access to the user permitted shared folders only. And then, once the sftp is rooted to the shared folders only, I can already hear the whining of those using sftp to browse the NAS QTS oprating system and application space...
You can refer to MantisBT ID 703 when filing a ticket with https://helpdesk.qnap.com/solitone wrote:Is there any open ticket on this?
-
- Starting out
- Posts: 28
- Joined: Mon Dec 05, 2016 1:57 pm
Re: SSH/SFTP not to be restricted to Admin Only
I don't know Mantis Bug Tracker. Do QNAP use that system? Till now I've sent them tickets via their Help Desk application. Is that linked somehow to MantisBT? Ticket ID codes are pretty different.schumaku wrote:You can refer to MantisBT ID 703 when filing a ticket with https://helpdesk.qnap.com/solitone wrote:Is there any open ticket on this?
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: SSH/SFTP not to be restricted to Admin Only
You don't have to care about the platform - just mention MantisBT ID 703 when filing or updating a ticket on the helpdesk.solitone wrote:I don't know Mantis Bug Tracker. Do QNAP use that system? Till now I've sent them tickets via their Help Desk application. Is that linked somehow to MantisBT? Ticket ID codes are pretty different.
-
- Starting out
- Posts: 28
- Joined: Mon Dec 05, 2016 1:57 pm
Re: SSH/SFTP not to be restricted to Admin Only
Ok, thanks.
BTW, this is what they told me:
BTW, this is what they told me:
Unfortunately this feature is not supported at this moment of time.
I am going to create a feature request for you so that this can be implemented in the future.
The more feature requests we get the better.
-
- New here
- Posts: 5
- Joined: Thu Apr 30, 2015 6:22 am
Re: SSH/SFTP not to be restricted to Admin Only
I'm on QTS 4.2.2, and it seems that QTS 4.3 will not help us with our problem. I'm really starting to regret my purchase (TS-251). Next time, I'll go with a homemade server on a linux distrib (seriously, 350$ NAS and not able to SFTP with a non-root user?!) :/
Just send a ticket too...
Just send a ticket too...