How do I disable password access for the default SSHd?

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
Post Reply
No Expert
Know my way around
Posts: 179
Joined: Fri Sep 17, 2010 4:05 am

How do I disable password access for the default SSHd?

Post by No Expert »

Hi,

I wan to disable password access for both the default and OpenSSH servers so that only key authentication is active.

For OpenSSH I know that I can make the change in the sshd_config file:

Code: Select all

PasswordAuthentication no
Does anyone know how to do the same for the default ("Qnap") SSHd server?

Thanks.
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: How do I disable password access for the default SSHd?

Post by pwilson »

No Expert wrote:Hi,

I wan to disable password access for both the default and OpenSSH servers so that only key authentication is active.

For OpenSSH I know that I can make the change in the sshd_config file:

Code: Select all

PasswordAuthentication no
Does anyone know how to do the same for the default ("Qnap") SSHd server?

Thanks.
There is no official way of doing it, but it can be done. To do it, you simply have to implement changes within the "autorun.sh" file on your NAS, per QNAPedia article: Running Your Own Application at Startup so that it modifies the settings at every boot.

The following code might do it for you:

Code: Select all

echo -n "Shutting down sshd services:" 
/sbin/daemon_mgr sshd stop /usr/sbin/sshd
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
echo "sshd"
/bin/sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
echo "Disabled SSHd Password Authentication in config file: /etc/ssh/sshd_config"
echo -n "Restarting sshd services:" 
/sbin/daemon_mgr sshd start /usr/sbin/sshd -f /etc/ssh/sshd_config -p $(/sbin/getcfg LOGIN "SSH Port" -d 22)
echo "sshd"
I have NOT tested this code, so please enable your TELNET access temporarily to ensure you don't lock yourself out while attempting to get this working. Once you are satisfied that it is working you can re-disable TELNET again.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
No Expert
Know my way around
Posts: 179
Joined: Fri Sep 17, 2010 4:05 am

Re: How do I disable password access for the default SSHd?

Post by No Expert »

Patrick - thanks.

I will give it a go.

Incidentally, is there anything from this script that is useful to include?
http://forum.qnap.com/viewtopic.php?p=211720#p211720
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: How do I disable password access for the default SSHd?

Post by pwilson »

No Expert wrote:Patrick - thanks.

I will give it a go.

Incidentally, is there anything from this script that is useful to include?
http://forum.qnap.com/viewtopic.php?p=211720#p211720
Not really. It is simply explicitly setting the defaults that are already present.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
No Expert
Know my way around
Posts: 179
Joined: Fri Sep 17, 2010 4:05 am

Re: How do I disable password access for the default SSHd?

Post by No Expert »

Hi,

a follow up to this question.
The background to this is that I am trying to prevent any password logins.
I have set up OpenSSH running on another port which only allows key authentication.

So, wouldn't it be easier if I just disabled the default "Qnap" SSH server on port 22 and just keep OpenSSH running on port X?
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: How do I disable password access for the default SSHd?

Post by schumaku »

You can change and disable whatever you want on your NAS.

Don't whine later if your mod does no longer work when a firmware upgrade fails, the NAS does not fully boot, or QNAP features misbehave or fail.

As you already have a dedicated port because of the OpenSSH install, you only expose this to the bad Internet. Or do you desperately want to avoid password auth on the LAN, too?
No Expert
Know my way around
Posts: 179
Joined: Fri Sep 17, 2010 4:05 am

Re: How do I disable password access for the default SSHd?

Post by No Expert »

OK I get it.
Port 22 is not open on my router so it's not accessible anyway by the "bad internet".
I'm OK on the LAN as it's only me that logs in.

I'll keep it as it is in that case.
JB09
Getting the hang of things
Posts: 58
Joined: Thu Mar 28, 2013 2:41 am

Re: How do I disable password access for the default SSHd?

Post by JB09 »

pwilson wrote:

Code: Select all

echo -n "Shutting down sshd services:" 
/sbin/daemon_mgr sshd stop /usr/sbin/sshd
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
echo "sshd"
/bin/sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
echo "Disabled SSHd Password Authentication in config file: /etc/ssh/sshd_config"
echo -n "Restarting sshd services:" 
/sbin/daemon_mgr sshd start /usr/sbin/sshd -f /etc/ssh/sshd_config -p $(/sbin/getcfg LOGIN "SSH Port" -d 22)
echo "sshd"
For anyone else intersted this line-->

Code: Select all

/sbin/daemon_mgr sshd start /usr/sbin/sshd -f /etc/ssh/sshd_config -p $(/sbin/getcfg LOGIN "SSH Port" -d 22)
needs to be changed to

Code: Select all

/sbin/daemon_mgr sshd start "/usr/sbin/sshd -f /etc/ssh/sshd_config -p $(/sbin/getcfg LOGIN "SSH Port" -d 22)"
<-- Note the quotations.
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: How do I disable password access for the default SSHd?

Post by pwilson »

JB09 wrote:
pwilson wrote:

Code: Select all

echo -n "Shutting down sshd services:" 
/sbin/daemon_mgr sshd stop /usr/sbin/sshd
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
echo "sshd"
/bin/sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
echo "Disabled SSHd Password Authentication in config file: /etc/ssh/sshd_config"
echo -n "Restarting sshd services:" 
/sbin/daemon_mgr sshd start /usr/sbin/sshd -f /etc/ssh/sshd_config -p $(/sbin/getcfg LOGIN "SSH Port" -d 22)
echo "sshd"
For anyone else intersted this line-->

Code: Select all

/sbin/daemon_mgr sshd start /usr/sbin/sshd -f /etc/ssh/sshd_config -p $(/sbin/getcfg LOGIN "SSH Port" -d 22)
needs to be changed to

Code: Select all

/sbin/daemon_mgr sshd start "/usr/sbin/sshd -f /etc/ssh/sshd_config -p $(/sbin/getcfg LOGIN "SSH Port" -d 22)"
<-- Note the quotations.
Thanks. I missed this during my efforts. Thank-you. You taught me something! I appreciate it.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
Post Reply

Return to “Miscellaneous”