https://wiki.qnap.com/mediawiki/api.php?action=feedcontributions&user=Shtrom&feedformat=atom
QNAPedia - User contributions [en]
2024-03-28T23:58:35Z
User contributions
MediaWiki 1.39.3
https://wiki.qnap.com/mediawiki/index.php?title=How_To_Replace_SSH_Daemon_With_OpenSSH&diff=1125
How To Replace SSH Daemon With OpenSSH
2015-12-18T15:12:44Z
<p>Shtrom: </p>
<hr />
<div><h2> Overview </h2><br />
<p>I've seen many different solutions to implement <a href="OpenSSH">OpenSSH</a>, but none really brought a full switch over to openssh. While the many documents out there reflect how to replace the binary and get the openssh system to start up, most fail to show how to repoint underlying QNAP links to the /opt/etc/openssh configurations. With that said most implementations use hostkeys/keys that were generated under the old system possiblity leaving it unsecure. <br />
</p><br />
<h2> High level features of this implementation </h2><br />
<ul><li>Enhanced the original start scripts provided from QNAP. <br />
</li><br />
<li>Creates initial 'admin' home directory as specified in /etc/passwd <br />
</li><br />
<li>Use of configuration parameters set in the GUI. The ports you set in the GUI will be the ones that openssh will use. Further you can disable/enable openssh via the GUI. <br />
</li><br />
<li>Support for firmware 3.3 of enabling/disabling SFTP via the GUI <br />
</li><br />
<li>Persistent script. Restarts via the GUI will use the new code, IE enabling/disabling of SSH or telnet. <br />
</li><br />
<li>Script ensures, upon booting, that it waits for the system QNAP ssh system to start before attempting to start openssh to replace the QNAP SSH daemon. This is important as we do not want competing SSHD processes.<br />
</li></ul><h2> The Alternative way </h2><br />
<p>The port which the standard Qnap sshd listens to is configurable from the web interface... Change it to something else, then run OpenSSH on port 22. You don't need to fiddle with system config files or replace the sshd binary, just leave them be and edit /opt/etc/openssh/* to your liking. <br />
</p><p>Then you can either run OpenSSH sshd binary in the autorun.sh script (it daemonizes by default), or you can make sure that "/opt/etc/init.d/" files are correctly started on start up (follow instructions in <a href="Install%20Optware%20IPKG">Install Optware IPKG</a>). <br />
</p><br />
<h2> Installation </h2><br />
<p>NOTE: This will require you to be either logged into the QNAP via Telnet or SSH in order to execute the commands denoted as <tt>#</tt>. <br />
</p><br />
<ul><li><a href="Install%20Optware%20IPKG">Install Optware IPKG</a>. <a href="Optware">Optware</a> is the conduit for installing <a href="OpenSSH">OpenSSH</a>. <br />
</li><br />
<li>Install the <a href="Openssh">Openssh</a> package using <a href="Optware">Optware</a>.<br />
</li></ul><pre class="_fck_mw_lspace"># ipkg update<br />
# ipkg install openssh<br />
</pre><br />
<ul><li>mount /tmp/config, following the instructions in the article <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>. <br />
</li><br />
<li>Copy the script below, <i>login.sh</i>, to <tt>/tmp/config/login.sh</tt> <br />
</li><br />
<li>Make /tmp/config/login.sh executable<br />
</li></ul><pre class="_fck_mw_lspace"># chmod +x /tmp/config/login.sh<br />
</pre><br />
<ul><li>Create or Edit /tmp/config/autorun.sh and add the following<br />
</li></ul><pre class="_fck_mw_lspace">/bin/cp /tmp/config/login.sh /tmp&#160;; /bin/sh /tmp/login.sh restart &amp;<br />
</pre><br />
<ul><li>Ensure /tmp/config/autorun.sh is executable<br />
</li></ul><pre class="_fck_mw_lspace"># chmod +x /tmp/config/autorun.sh<br />
</pre><br />
<ul><li>Reboot<br />
</li></ul><pre class="_fck_mw_lspace"># reboot<br />
</pre><br />
<p>[Tested on TS-410, TS-459, TS-509 and TS-869.] <br />
</p><br />
<h2> login.sh </h2><br />
<h3> Updated for Firmware&#160;3.4.3 </h3><br />
<pre> #!/bin/sh<br />
SLEEP_MAX=600<br />
SSHD=/opt/sbin/sshd<br />
TELNET=/bin/utelnetd<br />
SSHD_CONF=/opt/etc/openssh/sshd_config<br />
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`<br />
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`<br />
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`<br />
SSHKEY_CONFIG_DIR=/opt/etc/openssh<br />
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`<br />
<br />
generte_ssh_key()<br />
{<br />
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR<br />
if [ -f /opt/bin/ssh-keygen ]; then<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;<br />
/bin/sync<br />
fi<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*<br />
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;<br />
/bin/sync<br />
fi<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*<br />
/opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N &quot;&quot;<br />
/bin/sync<br />
fi<br />
fi<br />
<br />
}<br />
<br />
update_sshd_config()<br />
{<br />
ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`<br />
<br />
if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then<br />
/bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
/bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
fi<br />
else<br />
/bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $? = 0 ]; then<br />
/bin/sed &quot;/\/usr\/libexec\/sftp-server/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
/bin/rm ${SSHD_CONF}.tmp<br />
fi<br />
fi<br />
}<br />
<br />
enable_openssh()<br />
{<br />
# Check to see if we already copied the old sshd<br />
if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then<br />
mv /usr/sbin/sshd /usr/sbin/sshd_orig<br />
cp /opt/sbin/sshd /usr/sbin/sshd<br />
fi<br />
<br />
# Finally, replace the current login script if neccessary so further restarts via the web interface work<br />
/bin/grep &quot;enable_openssh&quot; /etc/init.d/login.sh &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
if [ -e $0 ]; then<br />
cp $0 /etc/init.d/login.sh<br />
fi<br />
fi<br />
<br />
# Make sure we have a home directory on a persistent drive<br />
# Note, this will only create the admin home directory<br />
if [&amp;nbsp;! -e &quot;/share/MD0_DATA/home&quot; ]; then<br />
/bin/mkdir /share/MD0_DATA/home<br />
/bin/mkdir /share/MD0_DATA/home/admin<br />
/bin/chmod og-rx /share/MD0_DATA/home/admin<br />
fi<br />
<br />
# Link persistent home directory to referenced home dirs in /etc/passwd<br />
if [&amp;nbsp;! -e &quot;/share/homes&quot; ]; then<br />
ln -s /share/MD0_DATA/home /share/homes<br />
fi<br />
}<br />
<br />
<br />
# Wait $SLEEP seconds or determine if the system is done booting before proceeding<br />
SLEEP_COUNTER=0<br />
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do<br />
sleep 1<br />
let &quot;SLEEP_COUNTER += 1&quot;<br />
done<br />
<br />
/sbin/test -f $SSHD || exit 0<br />
/sbin/test -f $TELNET || exit 0<br />
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp<br />
<br />
case &quot;$1&quot; in<br />
start)<br />
if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then<br />
echo &quot;Starting sshd services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting sshd services: &quot;<br />
enable_openssh<br />
generte_ssh_key<br />
update_sshd_config<br />
/sbin/daemon_mgr sshd start &quot;$SSHD -f ${SSHD_CONF} -p $SSH_PORT&quot;<br />
echo &quot;sshd.&quot;<br />
touch /var/lock/subsys/sshd<br />
fi<br />
<br />
if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then<br />
echo &quot;Starting telnet services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting telnet services: &quot;<br />
/sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;<br />
echo &quot;utelnetd.&quot;<br />
touch /var/lock/subsys/utelnetd<br />
fi<br />
<br />
&amp;nbsp;;;<br />
stop)<br />
echo -n &quot;Shutting down sshd services:&quot; <br />
/sbin/daemon_mgr sshd stop $SSHD<br />
/usr/bin/killall sshd<br />
rm -f /var/lock/subsys/sshd<br />
echo &quot;sshd&quot;<br />
<br />
echo -n &quot;Shutting down telnet services:&quot;<br />
/sbin/daemon_mgr utelnetd stop $TELNET<br />
rm -f /var/lock/subsys/utelnetd<br />
echo &quot;utelnetd&quot;<br />
&amp;nbsp;;;<br />
<br />
restart)<br />
$0 stop<br />
$0 start<br />
&amp;nbsp;;; <br />
*)<br />
echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;<br />
exit 1<br />
esac<br />
<br />
exit 0<br />
<br />
<br />
</pre> <br />
<h3> TS-212 </h3><br />
<h4> Firmware 3.5.2 Build 1126T </h4><br />
<p>Created with some <tt>meld</tt>ing of the above script with that found by default on the 3.5.2 Build 1126T firmware (on <tt>mtdblock5</tt>), the following script seems to work as intended on a TS-212.<br /> <br />
</p><br />
<pre>#!/bin/sh<br />
SLEEP_MAX=600<br />
SSHD=/opt/sbin/sshd<br />
TELNET=/bin/utelnetd<br />
SSHD_CONF=/opt/etc/openssh/sshd_config<br />
<br />
/sbin/test -f $SSHD || exit 0<br />
/sbin/test -f $TELNET || exit 0<br />
<br />
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp<br />
<br />
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`<br />
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`<br />
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`<br />
SSHKEY_CONFIG_DIR=/opt/etc/openssh<br />
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`<br />
generte_ssh_key()<br />
{<br />
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR<br />
if [ -f /opt/bin/ssh-keygen ]; then<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;<br />
/bin/touch /etc/config/ssh_key.fla<br />
/bin/sync<br />
fi<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*<br />
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;<br />
/bin/touch /etc/config/ssh_key.fla<br />
/bin/sync<br />
fi<br />
<br />
/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retrsa1=$?<br />
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retrsa2=$?<br />
/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retdsa1=$?<br />
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retdsa2=$?<br />
<br />
[ $retrsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key /etc/ssh/<br />
[ $retrsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub /etc/ssh/<br />
[ $retdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key /etc/ssh/<br />
[ $retdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub /etc/ssh/<br />
<br />
if [ -d /etc/config/ssh ]; then<br />
/bin/rm -rf /root/.ssh 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
/bin/ln -sf /etc/config/ssh /root/.ssh<br />
[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa<br />
[ -f /etc/config/ssh/id_rsa.pub ] || /bin/ln -sf ssh_host_rsa_key.pub /etc/config/ssh/id_rsa.pub<br />
fi<br />
<br />
if [ &quot;x${BOOT_CONF}&quot; = &quot;xTS-NASX86&quot; ] &amp;amp;&amp;amp; [&amp;nbsp;! -f /etc/config/ssh_key.fla ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&amp;gt;&amp;gt;/dev/null<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&amp;gt;&amp;gt;/dev/null<br />
/usr/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;<br />
/usr/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;<br />
/bin/touch /etc/config/ssh_key.fla<br />
fi<br />
fi<br />
<br />
}<br />
<br />
update_sshd_config()<br />
{<br />
ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`<br />
<br />
if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then<br />
/bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
/bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
fi<br />
else<br />
/bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $? = 0 ]; then<br />
/bin/sed &quot;/\/usr\/libexec\/sftp-server/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
/bin/rm ${SSHD_CONF}.tmp<br />
fi<br />
fi<br />
}<br />
<br />
enable_openssh()<br />
{<br />
# Check to see if we already copied the old sshd<br />
if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then<br />
mv /usr/sbin/sshd /usr/sbin/sshd_orig<br />
cp /opt/sbin/sshd /usr/sbin/sshd<br />
fi<br />
<br />
# Finally, replace the current login script if neccessary so further restarts via the web interface work<br />
/bin/grep &quot;enable_openssh&quot; /etc/init.d/login.sh &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
if [ -e $0 ]; then<br />
cp $0 /etc/init.d/login.sh<br />
fi<br />
fi<br />
<br />
# Make sure we have a home directory on a persistent drive<br />
# Note, this will only create the admin home directory<br />
if [&amp;nbsp;! -e &quot;/share/MD0_DATA/home&quot; ]; then<br />
/bin/mkdir /share/MD0_DATA/home<br />
/bin/mkdir /share/MD0_DATA/home/admin<br />
/bin/chmod og-rx /share/MD0_DATA/home/admin<br />
fi<br />
<br />
# Link persistent home directory to referenced home dirs in /etc/passwd<br />
if [&amp;nbsp;! -e &quot;/share/homes&quot; ]; then<br />
ln -s /share/MD0_DATA/home /share/homes<br />
fi<br />
}<br />
<br />
<br />
# Wait $SLEEP seconds or determine if the system is done booting before proceeding<br />
SLEEP_COUNTER=0<br />
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do<br />
sleep 1<br />
let &quot;SLEEP_COUNTER += 1&quot;<br />
done<br />
<br />
/sbin/test -f $SSHD || exit 0<br />
/sbin/test -f $TELNET || exit 0<br />
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp<br />
<br />
case &quot;$1&quot; in<br />
start)<br />
if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then<br />
echo &quot;Starting sshd services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting sshd services: &quot;<br />
enable_openssh<br />
generte_ssh_key<br />
update_sshd_config<br />
/sbin/daemon_mgr sshd start &quot;$SSHD -f ${SSHD_CONF} -p $SSH_PORT&quot;<br />
echo &quot;sshd.&quot;<br />
touch /var/lock/subsys/sshd<br />
fi<br />
<br />
if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then<br />
echo &quot;Starting telnet services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting telnet services: &quot;<br />
/sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;<br />
echo &quot;utelnetd.&quot;<br />
touch /var/lock/subsys/utelnetd<br />
fi<br />
<br />
if [ `/sbin/getcfg &quot;TFTP Server&quot; &quot;Enable&quot; -u -d FALSE` = FALSE ]; then<br />
echo &quot;Starting opentftpd services: disabled.&quot;<br />
else<br />
/etc/init.d/opentftp.sh start<br />
fi<br />
<br />
;;<br />
stop)<br />
echo -n &quot;Shutting down sshd services:&quot; <br />
/sbin/daemon_mgr sshd stop $SSHD<br />
/usr/bin/killall sshd<br />
rm -f /var/lock/subsys/sshd<br />
echo &quot;sshd&quot;<br />
<br />
echo -n &quot;Shutting down telnet services:&quot;<br />
/sbin/daemon_mgr utelnetd stop $TELNET<br />
rm -f /var/lock/subsys/utelnetd<br />
echo &quot;utelnetd&quot;<br />
;;<br />
<br />
restart)<br />
$0 stop<br />
$0 start<br />
;; <br />
*)<br />
echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;<br />
exit 1<br />
esac<br />
<br />
exit 0<br />
</pre> <br />
<h4> Firmware 4.0.5 </h4><br />
<p>It seems that the default sshd shipped with this version allows users other than admin. It is only needed to add the allowed usernames (including admin) to the <i>AllowUsers</i> directive in <b>/etc/ssh/sshd_config</b>. <br />
</p><br />
<pre>AllowUsers admin USERNAME<br />
</pre> <br />
<p>Unfortunately, changes to that file are not persistent across reboot. Copying the modified <b>sshd_config</b> script to <b>/tmp/config</b>, and making the <b>autorun.sh </b>script copy it back in <b>/etc/ssh</b> on boot should work.<br /> <br />
</p><p>If using the Optware-provided OpenSSH is still required, the following additional changes are needed. <br />
</p><p>Sometimes between 3.5.x and 4.0.5, OpenSSH seems to have started expecting ECDSA keys. The <b>login.sh</b> script needs to generate them too in <i>generte_ssh_keys</i> [sic]. <br />
</p><br />
<pre> if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*<br />
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N &quot;&quot;<br />
/bin/touch /etc/config/ssh_key.fla<br />
/bin/sync<br />
fi<br />
</pre> <br />
<h3> <br />TS-419P+ with Firmware 3.6.1 Build 0302T </h3><br />
<pre>#!/bin/sh<br />
SSH=/opt/sbin/sshd<br />
TELNET=/bin/utelnetd<br />
SSHD_CONF=/opt/etc/openssh/sshd_config<br />
<br />
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`<br />
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`<br />
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`<br />
SSHKEY_CONFIG_DIR=/opt/etc/openssh<br />
SLEEP_MAX=300<br />
<br />
generte_ssh_key()<br />
{<br />
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR<br />
if [ -f /opt/bin/ssh-keygen ]; then<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ];<br />
then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
/bin/sync<br />
fi<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ];<br />
then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*<br />
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
/bin/sync<br />
fi<br />
[ -d $SSHKEY_CONFIG_DIR/root ] || /bin/mkdir $SSHKEY_CONFIG_DIR/root<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/root/id_rsa*<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/root/id_rsa -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/root/ssh_key.fla<br />
/bin/sync<br />
fi<br />
if [ -d /opt/etc/openssh ]; then<br />
/bin/rm -rf /root/.ssh 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
/bin/ln -sf /opt/etc/openssh/root /root/.ssh<br />
fi<br />
if [&amp;nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&amp;gt;&amp;gt;/dev/null<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&amp;gt;&amp;gt;/dev/null<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;<br />
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
fi<br />
if [&amp;nbsp;! -f /opt/etc/openssh/root/ssh_key.fla ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/id_rsa* 2&amp;gt;&amp;gt;/dev/null<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/id_rsa -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
fi<br />
fi<br />
}<br />
<br />
update_sshd_config()<br />
{<br />
ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`<br />
<br />
if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then<br />
/bin/grep &quot;/opt/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
/bin/sed '107i\Subsystem sftp \/opt\/libexec\/sftp-server' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
fi<br />
else<br />
/bin/grep &quot;/opt/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $? == 0 ]; then<br />
/bin/sed &quot;/\/opt\/libexec\/sftp-server/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
fi<br />
fi<br />
}<br />
<br />
enable_openssh()<br />
{<br />
# Check to see if we already copied the old sshd<br />
if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then<br />
mv /usr/sbin/sshd /usr/sbin/sshd_orig<br />
cp /opt/sbin/sshd /usr/sbin/sshd<br />
fi<br />
<br />
# Finally, replace the current login script if neccessary so further restarts via the web interface work<br />
/bin/grep &quot;enable_openssh&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
if [ -e /tmp/login.sh ]; then<br />
cp /tmp/login.sh /etc/init.d/login.sh<br />
fi<br />
fi<br />
}<br />
<br />
# Wait $SLEEP seconds or determine if the system is done booting before proceeding<br />
SLEEP_COUNTER=0<br />
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do<br />
sleep 1<br />
let &quot;SLEEP_COUNTER += 1&quot;<br />
done<br />
<br />
/sbin/test -f $SSH || exit 0<br />
/sbin/test -f $TELNET || exit 0<br />
<br />
case &quot;$1&quot; in<br />
start)<br />
<br />
if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then<br />
echo &quot;Starting sshd services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting sshd services: &quot;<br />
enable_openssh<br />
generte_ssh_key<br />
update_sshd_config<br />
/sbin/daemon_mgr sshd start &quot;$SSH -f ${SSHD_CONF} -p $SSH_PORT&quot;<br />
echo &quot;sshd.&quot;<br />
touch /var/lock/subsys/sshd<br />
fi<br />
<br />
if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then<br />
echo &quot;Starting telnet services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting telnet services: &quot;<br />
/sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;<br />
echo &quot;utelnetd.&quot;<br />
touch /var/lock/subsys/utelnetd<br />
fi<br />
<br />
;;<br />
stop)<br />
echo -n &quot;Shutting down sshd services:&quot;<br />
/sbin/daemon_mgr sshd stop $SSH<br />
/usr/bin/killall sshd<br />
rm -f /var/lock/subsys/sshd<br />
echo &quot;sshd&quot;<br />
<br />
echo -n &quot;Shutting down telnet services:&quot;<br />
/sbin/daemon_mgr utelnetd stop $TELNET<br />
rm -f /var/lock/subsys/utelnetd<br />
echo &quot;utelnetd&quot;<br />
;;<br />
<br />
restart)<br />
$0 stop<br />
$0 start<br />
;;<br />
*)<br />
echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;<br />
exit 1<br />
esac<br />
<br />
exit 0<br />
</pre> <br />
<p><br /> <br />
</p><br />
<h3> TS-119 with 3.8.3 Build 20130426<br /> </h3><br />
<p>Works with OpenSSH_5.9p1 and the QPKG-based method from <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>.<br /> <br />
</p><br />
<pre>#!/bin/sh<br />
SSH=/opt/sbin/sshd<br />
TELNET=/bin/utelnetd<br />
SSHD_CONF=/opt/etc/openssh/sshd_config<br />
<br />
/sbin/test -f $SSHD || exit 0<br />
/sbin/test -f $TELNET || exit 0<br />
<br />
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp<br />
<br />
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`<br />
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`<br />
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`<br />
SSHKEY_CONFIG_DIR=/opt/etc/openssh<br />
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`<br />
SLEEP_MAX=300<br />
<br />
generte_ssh_key()<br />
{<br />
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR<br />
if [ -f /opt/bin/ssh-keygen ]; then<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
/bin/sync<br />
fi<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*<br />
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
/bin/sync<br />
fi<br />
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*<br />
/opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
/bin/sync<br />
fi<br />
<br />
/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retrsa1=$?<br />
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retrsa2=$?<br />
/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retdsa1=$?<br />
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retdsa2=$?<br />
/bin/cmp /etc/ssh/ssh_host_ecdsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retecdsa1=$?<br />
/bin/cmp /etc/ssh/ssh_host_ecdsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
retecdsa2=$?<br />
<br />
[ $retrsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key /etc/ssh/<br />
[ $retrsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub /etc/ssh/<br />
[ $retdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key /etc/ssh/<br />
[ $retdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub /etc/ssh/<br />
[ $retecdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key /etc/ssh/<br />
[ $retecdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub /etc/ssh/<br />
<br />
if [ -d /opt/etc/openssh ]; then<br />
/bin/rm -rf /root/.ssh 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null<br />
/bin/ln -sf /opt/etc/openssh/root /root/.ssh<br />
[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa<br />
[ -f /etc/config/ssh/id_rsa.pub ] || /bin/ln -sf ssh_host_rsa_key.pub /etc/config/ssh/id_rsa.pub<br />
fi<br />
<br />
if [ &quot;x${BOOT_CONF}&quot; = &quot;xTS-NASX86&quot; ] &amp;amp;&amp;amp; [&amp;nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&amp;gt;&amp;gt;/dev/null<br />
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&amp;gt;&amp;gt;/dev/null<br />
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;<br />
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;<br />
/bin/touch /opt/etc/openssh/ssh_key.fla<br />
fi<br />
fi<br />
<br />
}<br />
<br />
update_sshd_config()<br />
{<br />
ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`<br />
<br />
if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then<br />
/bin/grep &quot;internal-sftp&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
/bin/sed '107i\Subsystem sftp internal-sftp' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
fi<br />
else<br />
/bin/grep &quot;internal-sftp&quot; ${SSHD_CONF} &amp;gt; /dev/null<br />
if [ $? = 0 ]; then<br />
/bin/sed &quot;/internal-sftp/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp<br />
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}<br />
fi<br />
fi<br />
}<br />
<br />
enable_openssh()<br />
{<br />
# Check to see if we already copied the old sshd<br />
if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then<br />
mv /usr/sbin/sshd /usr/sbin/sshd_orig<br />
cp /opt/sbin/sshd /usr/sbin/sshd<br />
fi<br />
<br />
# Finally, replace the current login script if necessary so further restarts via the web interface work<br />
/bin/grep &quot;enable_openssh&quot; /etc/init.d/login.sh &amp;gt; /dev/null<br />
if [ $?&amp;nbsp;!= 0 ]; then<br />
if [ -e $0 ]; then<br />
cp $0 /etc/init.d/login.sh<br />
fi<br />
fi<br />
<br />
# Make sure we have a home directory on a persistent drive<br />
# Note, this will only create the admin home directory<br />
if [&amp;nbsp;! -e &quot;/share/HDA_DATA/home&quot; ]; then<br />
/bin/mkdir /share/HDA_DATA/home<br />
/bin/mkdir /share/HDA_DATA/home/admin<br />
/bin/chmod og-rx /share/HDA_DATA/home/admin<br />
fi<br />
<br />
# Link persistent home directory to referenced home dirs in /etc/passwd<br />
if [&amp;nbsp;! -e &quot;/share/homes&quot; ]; then<br />
ln -s /share/HDA_DATA/home /share/homes<br />
fi<br />
}<br />
<br />
# Wait $SLEEP seconds or determine if the system is done booting before proceeding<br />
SLEEP_COUNTER=0<br />
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do<br />
sleep 1<br />
let &quot;SLEEP_COUNTER += 1&quot;<br />
done<br />
<br />
case &quot;$1&quot; in<br />
start)<br />
if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then<br />
echo &quot;Starting sshd services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting sshd services: &quot;<br />
enable_openssh<br />
generte_ssh_key<br />
update_sshd_config<br />
/sbin/daemon_mgr sshd start &quot;$SSH -f ${SSHD_CONF} -p $SSH_PORT&quot;<br />
echo &quot;sshd.&quot;<br />
touch /var/lock/subsys/sshd<br />
fi<br />
<br />
if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then<br />
echo &quot;Starting telnet services: disabled.&quot;<br />
else<br />
echo -n &quot;Starting telnet services: &quot;<br />
/sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;<br />
echo &quot;utelnetd.&quot;<br />
touch /var/lock/subsys/utelnetd<br />
fi<br />
<br />
if [ `/sbin/getcfg &quot;TFTP Server&quot; &quot;Enable&quot; -u -d FALSE` = FALSE ]; then<br />
echo &quot;Starting opentftpd services: disabled.&quot;<br />
else<br />
/etc/init.d/opentftp.sh start<br />
fi<br />
<br />
;;<br />
stop)<br />
echo -n &quot;Shutting down sshd services:&quot; <br />
/sbin/daemon_mgr sshd stop $SSH<br />
/usr/bin/killall sshd<br />
rm -f /var/lock/subsys/sshd<br />
echo &quot;sshd&quot;<br />
<br />
echo -n &quot;Shutting down telnet services:&quot;<br />
/sbin/daemon_mgr utelnetd stop $TELNET<br />
rm -f /var/lock/subsys/utelnetd<br />
echo &quot;utelnetd&quot;<br />
;;<br />
<br />
restart)<br />
$0 stop<br />
$0 start<br />
;; <br />
*)<br />
echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;<br />
exit 1<br />
esac<br />
<br />
exit 0<br />
</pre> <br />
<h2> Configuration </h2><br />
<p>Configuration files are maintained in /opt/etc/openssh, such as the sshd_config <br />
</p><br />
<h2> Restarting openssh without rebooting </h2><br />
<p>Once the system is setup, it might be useful to make changes to the sshd_config and restart the daemon without rebooting. You can do this one of two ways. <br />
</p><br />
<h3> GUI </h3><br />
<ol><li>Untick the box in the GUI to disable SSH and hit apply <br />
</li><br />
<li>Re-enable and hit apply<br />
</li></ol><h2> Disabling guest account </h2><br />
<p>With OpenSSH, by default all users can log in, which means that the user "guest" with the default password "guest" can also log in and this may be undesirable to you.<strike>You may then want to remove this account with "deluser guest" from the command line with the admin account</strike> Verry bad idea as at least the qnap admin webinterface and FTP stoped working on 4.0.2. By pure luck SSH still works and restoring the user fixes the problem. You can also give it a password with "passwd guest" instead. <br />
</p><br />
<h2> Contributions to documentation </h2><br />
<p>This howto was written by Papengut and edited by stevebow and jk42 then later re-written by patbaker82. See the <i>Page History</i> link for more contributors. <br />
</p><p>Note: This article overlaps with &lt;a _fcknotitle="true" href="Replace ssh"&gt;Replace ssh&lt;/a&gt;. The two articles should probably get merged. <br />
</p><p>&lt;a _fcknotitle="true" href="Category:SSH"&gt;SSH&lt;/a&gt;<br />
</p><span class="fck_mw_category" _fcknotitle="true">SSH</span></div>
Shtrom