Whats the status?QNAPAndy wrote:got it, def be on high priority for this issue. thanks for the info
Regards, harryd
Whats the status?QNAPAndy wrote:got it, def be on high priority for this issue. thanks for the info
The link is now broken--apparently due to a forum reorg--and try to intuit 1875 references as I might, I can't find it. As I've installed my own keys and had a private rant about the built-in security hole for "Richard", I'm rather keen to be sure my keys survive a restart. Would be nice if the info was sticky, and apologies in advance if it is and I just need to told to shaddup and siddown (as long as I'm also told where it is )Hi Codex22,
Place your file on the hard drive first and follow this guide below to automatically copy the file from hard disk to root's home every time you reboot the device.
Andy
Code: Select all
echo "[public key string]" > /root/.ssh/authorized_keys
Hey Andy,QNAPAndy wrote:I confirmed that it's been removed now and the changes will be applied in the next firmware update soon, thanks for reminding for my bad memory.
by the way they are flash partitions on the NAS only.
still works.echo "[public key string]" > /root/.ssh/authorized_keys
It appears that this is *finally* fixed in the latest firmware I installed on my ts-409 pro -- 2.1.0 Build 0624T. I commented the above mentioned fix out of my autorun.sh and rebooted, and I no longer see Richards keys in my .ssh dir. I haven't tried putting my own keys on to make sure they survive a reboot yet, but I'm assuming since richards keys are no longer there, it isnt' trying to copy them on boot anymore.haraku wrote:Nope, just installed the latest firmware (2.0.1 Build 080416), and Richard's back door is still there...
Fortunately the workaround mentioned by roncstill works.echo "[public key string]" > /root/.ssh/authorized_keys
Code: Select all
[admin@NAS ~]# ls -la /root/.ssh/
drwx------ 2 admin administ 1024 Jul 15 08:35 ./
drwxr-xr-x 5 admin administ 1024 Jul 15 14:56 ../