[HOWTO] openSSH installation cook book

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
falofolio
Getting the hang of things
Posts: 65
Joined: Thu Jun 25, 2009 6:55 pm

Re: [HOWTO] openSSH installation cook book

Post by falofolio »

Hi Petr

I managed to get your solution working on my TS-219P with Firmware v3.4.0 build 0212T. However, the only thing I needed to modify was the first 'sleep' command.

I had to set the 5 sec. to a much larger number (e.g. 240 sec) to get it working, because like marsoupilami wrote /opt dir (see code below) is mounted very late at start-up.

Code: Select all

 cp /opt/sbin/sshd /usr/sbin/sshd # get openSSH daemon in place
To be sure, I also set the second sleep command to 15 sec. instead of 5 sec. However, I am not sure if that is necessary.


Thanks!
moleculezz
Know my way around
Posts: 108
Joined: Sat Nov 21, 2009 5:56 am

Re: [HOWTO] openSSH installation cook book

Post by moleculezz »

Is it possible to make this work by using this method.
I thought maybe I could add the login.sh script in /opt/etc/init.d/S01openssh or something and have it autorun from there.
Would this work?
TS-459 Pro+ || TS-419P II
User avatar
igracgq
Starting out
Posts: 42
Joined: Wed Jun 30, 2010 11:50 pm

Re: [HOWTO] openSSH installation cook book

Post by igracgq »

If I instal open ssh will it serve as as a client on my qnap where I could connect to another ssh server and therefore tunnel my qnaps traffic through it or will OpenSSh serve as a server on my qnap where I could connect through it?
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOWTO] openSSH installation cook book

Post by pwilson »

moleculezz wrote:Is it possible to make this work by using this method.
I thought maybe I could add the login.sh script in /opt/etc/init.d/S01openssh or something and have it autorun from there.
Would this work?
Yes, you can follow the instructions in the QNAPedia article: 2.1 Running /opt/etc/init.d/* on startup to run your "login.sh" script. Hiding this article title behind the words: "this method", rather than under the article's actual title of "Running /opt/etc/init.d/* on startup" , might have slowed down replies to your question.

I personally believe that "replacing" QNAP's "broken" SSHd deamon is a major mistake however. Optware doesn't always load properly, (especially after a Firmware upgrade), so doing so can fail under certain circumstances. This can effectively leave you "locked out" of your NAS from an SSH perspective.

You might be better off to support QNAP's broken "SSHd" (but put it on a different port), and then simply install OpenSSH on "Port 22/TCP". However even this isn't a perfect solution, as OpenSSH allows non-Admin users to login as well, which has the potential to completely compromise the security of your NAS. There are many strategies to "working around" QNAP's imcompetence at providing a properly working SSHd, but some of the solutions, (especially using OpenSSH instead), have security concerns that need to be addressed.

If you believe that you can deal with the security issues of using OpenSSH instead of the firmware provided SSDd daemon, you might want to review my previous post:

Installing OpenSSH as default SSHd Server (but keeping QNAP's SSHD version active as well).

Please read the entire thread, and not just my message, as there are some pretty serious security concerns that you need to be aware of, and some of these concerns are identified in some of the replies to my recommended solution.

I have used my solutions on both ARM-based, and Intel-based QNAP NAS devices successfully. It provides a good solution for knowlegable members, but is NOT recommended for newbies, because of the needed security issues that need to be addressed if you decide to adopt it. If you have any questions about my Installing OpenSSH as default SSHd Server (but keeping QNAP's SSHD version active as well) article, please post replies to that thread, rather than this one, so that I can answer any questions about it that you might have.

I take no responsibility for the security of your NAS, so please ensure that you completely understand the advantages and the pitfalls of my solution. If this is above your skill set, please do NOT attempt to implement it on your equipment.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
moleculezz
Know my way around
Posts: 108
Joined: Sat Nov 21, 2009 5:56 am

Re: [HOWTO] openSSH installation cook book

Post by moleculezz »

Thanks for the reply. I'll check out the article you mentioned.
TS-459 Pro+ || TS-419P II
LinoX
Starting out
Posts: 16
Joined: Wed Oct 21, 2009 9:27 pm

Re: [HOWTO] openSSH installation cook book

Post by LinoX »

In latest firmwares SSHd from QNAP is OpenSSH (on my 509 reported version is "OpenSSH_6.7p1, OpenSSL 1.0.1m 19 Mar 2015")
You don't need to install OpenSSH ipkg anymore (or replace the executable).
Just replace sshd_config (it's overwritten at boot every time) and re-start the daemon.

Hope this helps.
Ciao.
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: [HOWTO] openSSH installation cook book

Post by pwilson »

LinoX wrote:In latest firmwares SSHd from QNAP is OpenSSH (on my 509 reported version is "OpenSSH_6.7p1, OpenSSL 1.0.1m 19 Mar 2015")
You don't need to install OpenSSH ipkg anymore (or replace the executable).
Just replace sshd_config (it's overwritten at boot every time) and re-start the daemon.

Hope this helps.
Ciao.
The QNAP SSHd daemon is paralyzed by QNAP to only permit "admin" to use it. The Optware version does not suffer from this same stupidity.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
slam_head
First post
Posts: 1
Joined: Sun Feb 12, 2017 2:49 am

Re: [HOWTO] openSSH installation cook book

Post by slam_head »

I am on a TS-251 running firmware 4.2.3 and I'm not able to mount the configuration partition. When I try mounting a get an error that the device does not exist. Any ideas?

Code: Select all

[~] # mount /dev/mtdblock5 /tmp/config
mount: special device /dev/mtdblock5 does not exist
[~] # mount /dev/sdx6 /tmp/config     
mount: special device /dev/sdx6 does not exist
User avatar
OneCD
Guru
Posts: 12010
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: [HOWTO] openSSH installation cook book

Post by OneCD »

father_mande wrote:In new firmware and new series ... the boot partition is not at a fixed place ... no more the partition for autorun.sh
I've been working on this to automatically establish an autorun system - hope it helps. ;)

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
Locked

Return to “Miscellaneous”