[WANTED] SSH login as anyone but Admin
-
- Know my way around
- Posts: 178
- Joined: Tue Nov 06, 2007 9:07 pm
[WANTED] SSH login as anyone but Admin
Wanted Dead or Alive
Ability to be able to login via ssh as anyone but admin. Would love to be able to access home dirs via SFTP but would need to login as user X and not admin.
QSISteve
Ability to be able to login via ssh as anyone but admin. Would love to be able to access home dirs via SFTP but would need to login as user X and not admin.
QSISteve
-
- Experience counts
- Posts: 1786
- Joined: Sat Oct 13, 2007 2:21 am
- Location: Germany
Re: [WANTED] SSH login as anyone but Admin
just open the /etc/ssh/sshd_config file and add the username, you want to log in with, after "AllowUsers" (without quotes). there should already be admin and you can add as many users as you want, just seperated be a space. like this:
AllowUsers admin user1 user2 user3
after a reboot of your nas the new settings should work. but i think you have to reenter the usernames everytime you update the firmware.
AllowUsers admin user1 user2 user3
after a reboot of your nas the new settings should work. but i think you have to reenter the usernames everytime you update the firmware.
TVS-1282 | Version 4.4.3 | 3x 12TB WDC WD121KRYZ RAID5
TS-639 Pro | Version 4.2.6 | 5x 3TB WDC WD30EFRX RAID5 as Backup
LianLi EX-50 with 3x 2TB SAMSUNG HD203WI + 2x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
LianLi EX-503 with 5x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
TS-639 Pro | Version 4.2.6 | 5x 3TB WDC WD30EFRX RAID5 as Backup
LianLi EX-50 with 3x 2TB SAMSUNG HD203WI + 2x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
LianLi EX-503 with 5x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
niwa2
Are you saying that you have been able to do this with firmware 2.0.0 Build 0122T?
I tried but the edits to sshd_config were replaced by some default file upon reboot.
Even when I could get the edits to survive a reboot ssh by non admin user would fail
with an immediate disconnect of the putty client when anything other than admin was
used.
Are you saying that you have been able to do this with firmware 2.0.0 Build 0122T?
I tried but the edits to sshd_config were replaced by some default file upon reboot.
Even when I could get the edits to survive a reboot ssh by non admin user would fail
with an immediate disconnect of the putty client when anything other than admin was
used.
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
-
- Experience counts
- Posts: 1786
- Joined: Sat Oct 13, 2007 2:21 am
- Location: Germany
Re: [WANTED] SSH login as anyone but Admin
you are right. i just saw that the changes are overwritten.
that's strange
that's strange
TVS-1282 | Version 4.4.3 | 3x 12TB WDC WD121KRYZ RAID5
TS-639 Pro | Version 4.2.6 | 5x 3TB WDC WD30EFRX RAID5 as Backup
LianLi EX-50 with 3x 2TB SAMSUNG HD203WI + 2x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
LianLi EX-503 with 5x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
TS-639 Pro | Version 4.2.6 | 5x 3TB WDC WD30EFRX RAID5 as Backup
LianLi EX-50 with 3x 2TB SAMSUNG HD203WI + 2x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
LianLi EX-503 with 5x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
Yes very strange. I've posted questions about this. Emailed support about this and submitted an online support form about this. No answers yet. Not even an acknowledgment.
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
Niwa2,
Have you been able to resolve this? I just got a reply from QNAP support which was totally inadequate.
Have you found out where the default config file that is used to replace /etc/ssh/sshd_config upon reboot?
Have you been able to resolve this? I just got a reply from QNAP support which was totally inadequate.
Have you found out where the default config file that is used to replace /etc/ssh/sshd_config upon reboot?
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
-
- Experience counts
- Posts: 1786
- Joined: Sat Oct 13, 2007 2:21 am
- Location: Germany
Re: [WANTED] SSH login as anyone but Admin
hi
no i have not tried it anymore so far.
no i have not tried it anymore so far.
TVS-1282 | Version 4.4.3 | 3x 12TB WDC WD121KRYZ RAID5
TS-639 Pro | Version 4.2.6 | 5x 3TB WDC WD30EFRX RAID5 as Backup
LianLi EX-50 with 3x 2TB SAMSUNG HD203WI + 2x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
LianLi EX-503 with 5x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
TS-639 Pro | Version 4.2.6 | 5x 3TB WDC WD30EFRX RAID5 as Backup
LianLi EX-50 with 3x 2TB SAMSUNG HD203WI + 2x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
LianLi EX-503 with 5x 2TB SAMSUNG HD204UI in RAID5 as Backup drive
-
- Starting out
- Posts: 10
- Joined: Fri Jan 18, 2008 11:46 pm
Work Around
So I worked around this with a little bit of subtle trickery. As always, back up your data, I'm not responsible for loss, etc.
I have a TS209 Pro for the record.
First I duplicated the entire contents of /etc/ssh to /mnt/HDA_ROOT/.config
Then I modified /mnt/HDA_ROOT/.config/ssh/sshd_config to add the users I wanted on the AllowUsers line.
Next I modify the autorun.sh:
At the top just after #!/bin/sh Add in:
Then unmount it again:
Then reboot. At each reboot it will copy over your good config from your stash on HDA_ROOT and restart the login service to pickup the change.
You could see how this would be extensible to other services with similar limitations.
Good Luck. Matt
I have a TS209 Pro for the record.
First I duplicated the entire contents of /etc/ssh to /mnt/HDA_ROOT/.config
Code: Select all
cp -R /etc/ssh /mnt/HDA_ROOT/.config
Next I modify the autorun.sh:
Code: Select all
mount /dev/mtdblock5 /mnt/config
vi /mnt/config/autorun.sh
Code: Select all
# SSH Config
cp /mnt/HDA_ROOT/.config/ssh/sshd_config /etc/ssh/sshd_config
/etc/init.d/login.sh restart
Code: Select all
umount /dev/mtdblock5
You could see how this would be extensible to other services with similar limitations.
Good Luck. Matt
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
Matt,
What version firmware are you running that you can ssh into as non admin?
Thanks
What version firmware are you running that you can ssh into as non admin?
Thanks
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
-
- Starting out
- Posts: 10
- Joined: Fri Jan 18, 2008 11:46 pm
Re: [WANTED] SSH login as anyone but Admin
V1.1.5 but that is moot. It is the procedure I posted above that lets you SSH in as other users.
You have to add any users you want to allow to login to the AllowUsers line in sshd_config once you have copied it over to the .config dir.
Follow the procedure above and it should do it for you.
Matt
You have to add any users you want to allow to login to the AllowUsers line in sshd_config once you have copied it over to the .config dir.
Follow the procedure above and it should do it for you.
Matt
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
Well I finally figured out the problem. In my case it was unprintable characters on the "AllowUsers" line.
Don't know how they got there.
When I recreated this line by hand ssh login as anyone but admin started working fine.
Thanks
Don't know how they got there.
When I recreated this line by hand ssh login as anyone but admin started working fine.
Thanks
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
Upgrade to 2.0.0 build 0201T and ssh by non admin users is broken.
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
I finally figured this issue out. I've got ssh & sftp login by any user working on my TS209 Pro, firmware 1.x and 2.x.
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
-
- Know my way around
- Posts: 178
- Joined: Tue Nov 06, 2007 9:07 pm
Re: [WANTED] SSH login as anyone but Admin
johngalt wrote:
QSISteve
Well how do you do it?I finally figured this issue out. I've got ssh & sftp login by any user working on my TS209 Pro, firmware 1.x and 2.x.
QSISteve
-
- Know my way around
- Posts: 104
- Joined: Mon Oct 22, 2007 12:24 am
- Location: KY, USA
Re: [WANTED] SSH login as anyone but Admin
QSISteve,
By replacing the sshd executable supplied by QNAP. After many many hours of trying to get it to work with firmware 2.0.0
I decided to run strings on the sshd executable supplied by QNAP. I was surprised to find the word "admin" in there. Now one would expect "root" or Administrator" but....... Needles to say I then downloaded the exact same version of OpenSSH and ran strings on that sshd executable, no "admin". Fearing the worst that I was dealing with a altered executable I just installed via OptWare install the latest unaltered OpenSSH. Then replaced the stock "sshd". Now everything works as one would expect.
By replacing the sshd executable supplied by QNAP. After many many hours of trying to get it to work with firmware 2.0.0
I decided to run strings on the sshd executable supplied by QNAP. I was surprised to find the word "admin" in there. Now one would expect "root" or Administrator" but....... Needles to say I then downloaded the exact same version of OpenSSH and ran strings on that sshd executable, no "admin". Fearing the worst that I was dealing with a altered executable I just installed via OptWare install the latest unaltered OpenSSH. Then replaced the stock "sshd". Now everything works as one would expect.
Doug
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD
TS-659 Pro+, 3.6.0 Build 0210
Drives: 2x Seagate ST31000524NS Raid 1 + 4 Seagate ST32000641AS JBOD