How To Replace SSH Daemon With OpenSSH: Difference between revisions

From QNAPedia
Jump to navigation Jump to search
Created page with "== Overview == I've seen many different solutions to implement OpenSSH, but none really brought a full switch over to openssh. While the many documents out there reflect..."
 
Aborsu (talk | contribs)
m Fixed broken links
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
== Overview  ==


I've seen many different solutions to implement [[OpenSSH]], but none really brought a full switch over to openssh. While the many documents out there reflect how to replace the binary and get the openssh system to start up, most fail to show how to repoint underlying QNAP links to the /opt/etc/openssh configurations. With that said most implementations use hostkeys/keys that were generated under the old system possiblity leaving it unsecure.
== Overview ==


== High level features of this implementation ==
I've seen many different solutions to implement [https://www.openssh.com/ OpenSSH], but none really brought a full switch over to openssh. While the many documents out there reflect how to replace the binary and get the openssh system to start up, most fail to show how to repoint underlying QNAP links to the /opt/etc/openssh configurations. With that said most implementations use hostkeys/keys that were generated under the old system possiblity leaving it unsecure.
 
== High level features of this implementation ==


*Enhanced the original start scripts provided from QNAP.  
*Enhanced the original start scripts provided from QNAP.  
Line 10: Line 11:
*Support for firmware 3.3 of enabling/disabling SFTP via the GUI  
*Support for firmware 3.3 of enabling/disabling SFTP via the GUI  
*Persistent script. Restarts via the GUI will use the new code, IE enabling/disabling of SSH or telnet.  
*Persistent script. Restarts via the GUI will use the new code, IE enabling/disabling of SSH or telnet.  
*Script ensures, upon booting, that it waits for the system QNAP ssh system to start before attempting to start openssh to replace the QNAP SSH daemon. This is important as we do not want competing SSHD processes.
*Script ensures, upon booting, that it waits for the system QNAP ssh system to start before attempting to start openssh to replace the QNAP SSH daemon. This is important as we do not want competing SSHD processes.  


== The Alternative way ==
== The Alternative way ==


The port which the standard Qnap sshd listens to is configurable from the web interface... Change it to something else, then run OpenSSH on port 22. You don't need to fiddle with system config files or replace the sshd binary, just leave them be and edit /opt/etc/openssh/* to your liking.  
The port which the standard Qnap sshd listens to is configurable from the web interface... Change it to something else, then run OpenSSH on port 22. You don't need to fiddle with system config files or replace the sshd binary, just leave them be and edit /opt/etc/openssh/* to your liking.


Then you can either run OpenSSH sshd binary in the autorun.sh script (it daemonizes by default), or you can make sure that "/opt/etc/init.d/" files are correctly started on start up (follow instructions in [[Install Optware IPKG]]).  
Then you can either run OpenSSH sshd binary in the autorun.sh script (it daemonizes by default), or you can make sure that "/opt/etc/init.d/" files are correctly started on start up (follow instructions in [[Install_Optware_IPKG|Install_Optware_IPKG]]).


== Installation ==
== Installation ==


NOTE: This will require you to be either logged into the QNAP via Telnet or SSH in order to execute the commands denoted as <tt>#</tt>.  
NOTE: This will require you to be either logged into the QNAP via Telnet or SSH in order to execute the commands denoted as <tt>#</tt>.


*[[Install Optware IPKG]]. [[Optware|Optware]] is the conduit for installing [[OpenSSH|OpenSSH]].  
*[[Install_Optware_IPKG|Install_Optware_IPKG]]. [[Optware_IPKG|Optware]] is the conduit for installing [https://www.openssh.com/ OpenSSH].  
*Install the [[Openssh]] package using [[Optware]].
*Install the [https://www.openssh.com/ OpenSSH] package using [[Optware_IPKG|Optware]].  


  # ipkg update
  # ipkg update
  # ipkg install openssh
  # ipkg install openssh


*mount /tmp/config, following the instructions in the article [[Running Your Own Application at Startup|Running Your Own Application at Startup]].  
*mount /tmp/config, following the instructions in the article [[Running_Your_Own_Application_at_Startup|Running Your Own Application at Startup]].  
*Copy the script below, ''login.sh'', to <tt>/tmp/config/login.sh</tt>  
*Copy the script below, ''login.sh'', to <tt>/tmp/config/login.sh</tt>  
*Make /tmp/config/login.sh executable
*Make /tmp/config/login.sh executable  


  # chmod +x /tmp/config/login.sh
  # chmod +x /tmp/config/login.sh


*Create or Edit /tmp/config/autorun.sh and add the following
*Create or Edit /tmp/config/autorun.sh and add the following  


  /bin/cp /tmp/config/login.sh /tmp&nbsp;; /bin/sh /tmp/login.sh restart &amp;
  /bin/cp /tmp/config/login.sh /tmp&nbsp;; /bin/sh /tmp/login.sh restart &


*Ensure /tmp/config/autorun.sh is executable
*Ensure /tmp/config/autorun.sh is executable  


  # chmod +x /tmp/config/autorun.sh
  # chmod +x /tmp/config/autorun.sh


*Reboot
*Reboot  


  # reboot
  # reboot


[Tested on TS-410, TS-459, TS-509 and TS-869.]  
[Tested on TS-410, TS-459, TS-509 and TS-869.]


== login.sh ==
== login.sh ==


=== Updated for Firmware&nbsp;3.4.3 ===
=== Updated for Firmware&nbsp;3.4.3 ===
<pre> #!/bin/sh
<pre> #!/bin/sh
SLEEP_MAX=600
SLEEP_MAX=600
Line 56: Line 57:
TELNET=/bin/utelnetd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config
SSHD_CONF=/opt/etc/openssh/sshd_config
SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
Line 66: Line 67:
     [ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
     [ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
     if [ -f /opt/bin/ssh-keygen  ]; then
     if [ -f /opt/bin/ssh-keygen  ]; then
         if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
         if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
             /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
             /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
             /opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
             /opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;
             /bin/sync
             /bin/sync
         fi
         fi
         if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
         if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
             /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
             /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
             /opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
             /opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;
             /bin/sync
             /bin/sync
         fi
         fi
         if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
         if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
             /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
             /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
             /opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
             /opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N &quot;&quot;
             /bin/sync
             /bin/sync
         fi
         fi
Line 87: Line 88:
update_sshd_config()
update_sshd_config()
{
{
     ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`
     ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`


     if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
     if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then
         /bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
         /bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null
         if [ $?&nbsp;!= 0 ]; then
         if [ $?&amp;nbsp;!= 0 ]; then
             /bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
             /bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
             /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
             /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
         fi
         fi
     else
     else
         /bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
         /bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null
         if [ $? = 0 ]; then
         if [ $? = 0 ]; then
             /bin/sed "/\/usr\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
             /bin/sed &quot;/\/usr\/libexec\/sftp-server/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
             /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
             /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
             /bin/rm ${SSHD_CONF}.tmp
             /bin/rm ${SSHD_CONF}.tmp
Line 108: Line 109:
{
{
     # Check to see if we already copied the old sshd
     # Check to see if we already copied the old sshd
     if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
     if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then
         mv /usr/sbin/sshd /usr/sbin/sshd_orig
         mv /usr/sbin/sshd /usr/sbin/sshd_orig
         cp /opt/sbin/sshd /usr/sbin/sshd
         cp /opt/sbin/sshd /usr/sbin/sshd
Line 114: Line 115:
      
      
     # Finally, replace the current login script if neccessary so further restarts via the web interface work
     # Finally, replace the current login script if neccessary so further restarts via the web interface work
     /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
     /bin/grep &quot;enable_openssh&quot; /etc/init.d/login.sh &amp;gt; /dev/null
     if [ $?&nbsp;!= 0 ]; then
     if [ $?&amp;nbsp;!= 0 ]; then
         if [ -e $0 ]; then
         if [ -e $0 ]; then
             cp $0 /etc/init.d/login.sh
             cp $0 /etc/init.d/login.sh
Line 123: Line 124:
     # Make sure we have a home directory on a persistent drive
     # Make sure we have a home directory on a persistent drive
     # Note, this will only create the admin home directory
     # Note, this will only create the admin home directory
     if [&nbsp;! -e "/share/MD0_DATA/home" ]; then
     if [&amp;nbsp;! -e &quot;/share/MD0_DATA/home&quot; ]; then
         /bin/mkdir /share/MD0_DATA/home
         /bin/mkdir /share/MD0_DATA/home
         /bin/mkdir /share/MD0_DATA/home/admin
         /bin/mkdir /share/MD0_DATA/home/admin
Line 130: Line 131:
      
      
     # Link persistent home directory to referenced home dirs in /etc/passwd
     # Link persistent home directory to referenced home dirs in /etc/passwd
     if [&nbsp;! -e "/share/homes" ]; then
     if [&amp;nbsp;! -e &quot;/share/homes&quot; ]; then
         ln -s /share/MD0_DATA/home /share/homes
         ln -s /share/MD0_DATA/home /share/homes
     fi
     fi
Line 138: Line 139:
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
         sleep 1
         sleep 1
         let "SLEEP_COUNTER += 1"
         let &quot;SLEEP_COUNTER += 1&quot;
done
done


/sbin/test -f $SSHD || exit 0
/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0
/sbin/test -f $TELNET || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp


case "$1" in
case &quot;$1&quot; in
     start)
     start)
     if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
     if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then
         echo "Starting sshd services: disabled."
         echo &quot;Starting sshd services: disabled.&quot;
     else
     else
         echo -n "Starting sshd services: "
         echo -n &quot;Starting sshd services: &quot;
         enable_openssh
         enable_openssh
         generte_ssh_key
         generte_ssh_key
         update_sshd_config
         update_sshd_config
         /sbin/daemon_mgr sshd start "$SSHD -f ${SSHD_CONF} -p $SSH_PORT"
         /sbin/daemon_mgr sshd start &quot;$SSHD -f ${SSHD_CONF} -p $SSH_PORT&quot;
         echo "sshd."
         echo &quot;sshd.&quot;
         touch /var/lock/subsys/sshd
         touch /var/lock/subsys/sshd
     fi
     fi


     if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
     if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then
         echo "Starting telnet services: disabled."
         echo &quot;Starting telnet services: disabled.&quot;
     else
     else
         echo -n "Starting telnet services: "
         echo -n &quot;Starting telnet services: &quot;
         /sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
         /sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;
         echo "utelnetd."
         echo &quot;utelnetd.&quot;
         touch /var/lock/subsys/utelnetd
         touch /var/lock/subsys/utelnetd
     fi
     fi


   &nbsp;;;
   &amp;nbsp;;;
     stop)
     stop)
     echo -n "Shutting down sshd services:"
     echo -n &quot;Shutting down sshd services:&quot;
     /sbin/daemon_mgr sshd stop $SSHD
     /sbin/daemon_mgr sshd stop $SSHD
     /usr/bin/killall sshd
     /usr/bin/killall sshd
     rm -f /var/lock/subsys/sshd
     rm -f /var/lock/subsys/sshd
     echo "sshd"
     echo &quot;sshd&quot;


     echo -n "Shutting down telnet services:"
     echo -n &quot;Shutting down telnet services:&quot;
     /sbin/daemon_mgr utelnetd stop $TELNET
     /sbin/daemon_mgr utelnetd stop $TELNET
     rm -f /var/lock/subsys/utelnetd
     rm -f /var/lock/subsys/utelnetd
     echo "utelnetd"
     echo &quot;utelnetd&quot;
   &nbsp;;;
   &amp;nbsp;;;


     restart)
     restart)
     $0 stop
     $0 stop
     $0 start
     $0 start
   &nbsp;;;     
   &amp;nbsp;;;     
     *)
     *)
         echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
         echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;
         exit 1
         exit 1
esac
esac
Line 196: Line 197:




</pre>  
</pre>
=== TS-212 ===
 
=== TS-212 ===


==== Firmware 3.5.2 Build 1126T ====
==== Firmware 3.5.2 Build 1126T ====


Created with some <tt>meld</tt>ing of the above script with that found by default on the 3.5.2 Build 1126T firmware (on <tt>mtdblock5</tt>), the following script seems to work as intended on a TS-212.<br>
Created with some <tt>meld</tt>ing of the above script with that found by default on the 3.5.2 Build 1126T firmware (on <tt>mtdblock5</tt>), the following script seems to work as intended on a TS-212.
<pre>#!/bin/sh
<pre>#!/bin/sh
SLEEP_MAX=600
SLEEP_MAX=600
Line 211: Line 213:
/sbin/test -f $TELNET || exit 0
/sbin/test -f $TELNET || exit 0


[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp


SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
Line 222: Line 224:
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
if [ -f /opt/bin/ssh-keygen ]; then
if [ -f /opt/bin/ssh-keygen ]; then
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;
/bin/touch /etc/config/ssh_key.fla
/bin/touch /etc/config/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;
/bin/touch /etc/config/ssh_key.fla
/bin/touch /etc/config/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retrsa1=$?
retrsa1=$?
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retrsa2=$?
retrsa2=$?
/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retdsa1=$?
retdsa1=$?
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retdsa2=$?
retdsa2=$?


Line 250: Line 252:


if [ -d /etc/config/ssh ]; then
if [ -d /etc/config/ssh ]; then
/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/rm -rf /root/.ssh 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
/bin/ln -sf /etc/config/ssh /root/.ssh
/bin/ln -sf /etc/config/ssh /root/.ssh
[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
Line 256: Line 258:
fi
fi
if [ "x${BOOT_CONF}" = "xTS-NASX86" ] &amp;&amp; [&nbsp;! -f /etc/config/ssh_key.fla ]; then
if [ &quot;x${BOOT_CONF}&quot; = &quot;xTS-NASX86&quot; ] &amp;amp;&amp;amp; [&amp;nbsp;! -f /etc/config/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&amp;gt;&amp;gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&amp;gt;&amp;gt;/dev/null
/usr/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/usr/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;
/usr/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/usr/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;
/bin/touch /etc/config/ssh_key.fla
/bin/touch /etc/config/ssh_key.fla
fi
fi
Line 269: Line 271:
update_sshd_config()
update_sshd_config()
{
{
ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`
ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`


if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then
/bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
/bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
if [ $?&amp;nbsp;!= 0 ]; then
/bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
fi
else
else
/bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
/bin/grep &quot;/usr/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null
if [ $? = 0 ]; then
if [ $? = 0 ]; then
/bin/sed "/\/usr\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/sed &quot;/\/usr\/libexec\/sftp-server/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
/bin/rm ${SSHD_CONF}.tmp
/bin/rm ${SSHD_CONF}.tmp
Line 290: Line 292:
{
{
     # Check to see if we already copied the old sshd
     # Check to see if we already copied the old sshd
     if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
     if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then
         mv /usr/sbin/sshd /usr/sbin/sshd_orig
         mv /usr/sbin/sshd /usr/sbin/sshd_orig
         cp /opt/sbin/sshd /usr/sbin/sshd
         cp /opt/sbin/sshd /usr/sbin/sshd
Line 296: Line 298:
      
      
     # Finally, replace the current login script if neccessary so further restarts via the web interface work
     # Finally, replace the current login script if neccessary so further restarts via the web interface work
     /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
     /bin/grep &quot;enable_openssh&quot; /etc/init.d/login.sh &amp;gt; /dev/null
     if [ $?&nbsp;!= 0 ]; then
     if [ $?&amp;nbsp;!= 0 ]; then
         if [ -e $0 ]; then
         if [ -e $0 ]; then
             cp $0 /etc/init.d/login.sh
             cp $0 /etc/init.d/login.sh
Line 305: Line 307:
     # Make sure we have a home directory on a persistent drive
     # Make sure we have a home directory on a persistent drive
     # Note, this will only create the admin home directory
     # Note, this will only create the admin home directory
     if [&nbsp;! -e "/share/MD0_DATA/home" ]; then
     if [&amp;nbsp;! -e &quot;/share/MD0_DATA/home&quot; ]; then
         /bin/mkdir /share/MD0_DATA/home
         /bin/mkdir /share/MD0_DATA/home
         /bin/mkdir /share/MD0_DATA/home/admin
         /bin/mkdir /share/MD0_DATA/home/admin
Line 312: Line 314:
      
      
     # Link persistent home directory to referenced home dirs in /etc/passwd
     # Link persistent home directory to referenced home dirs in /etc/passwd
     if [&nbsp;! -e "/share/homes" ]; then
     if [&amp;nbsp;! -e &quot;/share/homes&quot; ]; then
         ln -s /share/MD0_DATA/home /share/homes
         ln -s /share/MD0_DATA/home /share/homes
     fi
     fi
Line 320: Line 322:
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
         sleep 1
         sleep 1
         let "SLEEP_COUNTER += 1"
         let &quot;SLEEP_COUNTER += 1&quot;
done
done


/sbin/test -f $SSHD || exit 0
/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0
/sbin/test -f $TELNET || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp


case "$1" in
case &quot;$1&quot; in
     start)
     start)
if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then
echo "Starting sshd services: disabled."
echo &quot;Starting sshd services: disabled.&quot;
else
else
echo -n "Starting sshd services: "
echo -n &quot;Starting sshd services: &quot;
enable_openssh
enable_openssh
generte_ssh_key
generte_ssh_key
update_sshd_config
update_sshd_config
/sbin/daemon_mgr sshd start "$SSHD -f ${SSHD_CONF} -p $SSH_PORT"
/sbin/daemon_mgr sshd start &quot;$SSHD -f ${SSHD_CONF} -p $SSH_PORT&quot;
echo "sshd."
echo &quot;sshd.&quot;
touch /var/lock/subsys/sshd
touch /var/lock/subsys/sshd
fi
fi


if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then
echo "Starting telnet services: disabled."
echo &quot;Starting telnet services: disabled.&quot;
else
else
echo -n "Starting telnet services: "
echo -n &quot;Starting telnet services: &quot;
/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
/sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;
echo "utelnetd."
echo &quot;utelnetd.&quot;
touch /var/lock/subsys/utelnetd
touch /var/lock/subsys/utelnetd
fi
fi


if [ `/sbin/getcfg "TFTP Server" "Enable" -u -d FALSE` = FALSE ]; then
if [ `/sbin/getcfg &quot;TFTP Server&quot; &quot;Enable&quot; -u -d FALSE` = FALSE ]; then
echo "Starting opentftpd services: disabled."
echo &quot;Starting opentftpd services: disabled.&quot;
else
else
/etc/init.d/opentftp.sh start
/etc/init.d/opentftp.sh start
Line 360: Line 362:
;;
;;
     stop)
     stop)
echo -n "Shutting down sshd services:"
echo -n &quot;Shutting down sshd services:&quot;
/sbin/daemon_mgr sshd stop $SSHD
/sbin/daemon_mgr sshd stop $SSHD
/usr/bin/killall sshd
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
rm -f /var/lock/subsys/sshd
echo "sshd"
echo &quot;sshd&quot;


echo -n "Shutting down telnet services:"
echo -n &quot;Shutting down telnet services:&quot;
/sbin/daemon_mgr utelnetd stop $TELNET
/sbin/daemon_mgr utelnetd stop $TELNET
rm -f /var/lock/subsys/utelnetd
rm -f /var/lock/subsys/utelnetd
echo "utelnetd"
echo &quot;utelnetd&quot;
;;
;;


Line 377: Line 379:
;;
;;
     *)
     *)
         echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
         echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;
         exit 1
         exit 1
esac
esac


exit 0
exit 0
</pre>  
</pre>
==== Firmware 4.0.5 ====
 
==== Firmware 4.0.5 ====


It seems that the default sshd shipped with this version allows users other than admin. It is only needed to add the allowed usernames (including admin) to the ''AllowUsers'' directive in '''/etc/ssh/sshd_config'''.  
It seems that the default sshd shipped with this version allows users other than admin. It is only needed to add the allowed usernames (including admin) to the ''AllowUsers'' directive in '''/etc/ssh/sshd_config'''.
<pre>AllowUsers admin USERNAME
<pre>AllowUsers admin USERNAME
</pre>  
</pre>
Unfortunately, changes to that file are not persistent across reboot. Copying the modified '''sshd_config''' script to '''/tmp/config''', and making the '''autorun.sh '''script copy it back in '''/etc/ssh''' on boot should work.<br>
 
Unfortunately, changes to that file are not persistent across reboot. Copying the modified '''sshd_config''' script to '''/tmp/config''', and making the '''autorun.sh '''script copy it back in '''/etc/ssh''' on boot should work.


If using the Optware-provided OpenSSH is still required, the following additional changes are needed.  
If using the Optware-provided OpenSSH is still required, the following additional changes are needed.


Sometimes between 3.5.x and 4.0.5, OpenSSH seems to have started expecting ECDSA keys. The '''login.sh''' script needs to generate them too in ''generte_ssh_keys'' [sic].  
Sometimes between 3.5.x and 4.0.5, OpenSSH seems to have started expecting ECDSA keys. The '''login.sh''' script needs to generate them too in ''generte_ssh_keys'' [sic].
<pre> if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
<pre> if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N &quot;&quot;
/bin/touch /etc/config/ssh_key.fla
/bin/touch /etc/config/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
</pre>  
</pre>
=== <br>TS-419P+ with Firmware 3.6.1 Build 0302T ===
 
=== <br/> TS-419P+ with Firmware 3.6.1 Build 0302T ===
<pre>#!/bin/sh
<pre>#!/bin/sh
SSH=/opt/sbin/sshd
SSH=/opt/sbin/sshd
Line 406: Line 411:
SSHD_CONF=/opt/etc/openssh/sshd_config
SSHD_CONF=/opt/etc/openssh/sshd_config


SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
SSHKEY_CONFIG_DIR=/opt/etc/openssh
SLEEP_MAX=300
SLEEP_MAX=300
Line 416: Line 421:
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
if [ -f /opt/bin/ssh-keygen ]; then
if [ -f /opt/bin/ssh-keygen ]; then
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ];
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ];
then
then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ];
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ];
then
then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
[ -d $SSHKEY_CONFIG_DIR/root ] || /bin/mkdir $SSHKEY_CONFIG_DIR/root
[ -d $SSHKEY_CONFIG_DIR/root ] || /bin/mkdir $SSHKEY_CONFIG_DIR/root
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa.pub ]; then
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/root/id_rsa*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/root/id_rsa*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/root/id_rsa -N ""
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/root/id_rsa -N &quot;&quot;
/bin/touch /opt/etc/openssh/root/ssh_key.fla
/bin/touch /opt/etc/openssh/root/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
if [ -d /opt/etc/openssh ]; then
if [ -d /opt/etc/openssh ]; then
/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/rm -rf /root/.ssh 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
/bin/ln -sf /opt/etc/openssh/root /root/.ssh
/bin/ln -sf /opt/etc/openssh/root /root/.ssh
fi
fi
if [&nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
if [&amp;nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&amp;gt;&amp;gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&amp;gt;&amp;gt;/dev/null
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
fi
fi
if [&nbsp;! -f /opt/etc/openssh/root/ssh_key.fla ]; then
if [&amp;nbsp;! -f /opt/etc/openssh/root/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/id_rsa* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/id_rsa* 2&amp;gt;&amp;gt;/dev/null
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/id_rsa -N ""
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/id_rsa -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
fi
fi
Line 458: Line 463:
update_sshd_config()
update_sshd_config()
{
{
ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`
ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`


if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then
/bin/grep "/opt/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
/bin/grep &quot;/opt/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
if [ $?&amp;nbsp;!= 0 ]; then
/bin/sed '107i\Subsystem sftp \/opt\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/sed '107i\Subsystem sftp \/opt\/libexec\/sftp-server' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
fi
else
else
/bin/grep "/opt/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
/bin/grep &quot;/opt/libexec/sftp-server&quot; ${SSHD_CONF} &amp;gt; /dev/null
if [ $? == 0 ]; then
if [ $? == 0 ]; then
/bin/sed "/\/opt\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/sed &quot;/\/opt\/libexec\/sftp-server/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
fi
Line 478: Line 483:
{
{
# Check to see if we already copied the old sshd
# Check to see if we already copied the old sshd
if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then
mv /usr/sbin/sshd /usr/sbin/sshd_orig
mv /usr/sbin/sshd /usr/sbin/sshd_orig
cp /opt/sbin/sshd /usr/sbin/sshd
cp /opt/sbin/sshd /usr/sbin/sshd
Line 484: Line 489:


# Finally, replace the current login script if neccessary so further restarts via the web interface work
# Finally, replace the current login script if neccessary so further restarts via the web interface work
/bin/grep "enable_openssh" ${SSHD_CONF} &gt; /dev/null
/bin/grep &quot;enable_openssh&quot; ${SSHD_CONF} &amp;gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
if [ $?&amp;nbsp;!= 0 ]; then
if [ -e /tmp/login.sh ]; then
if [ -e /tmp/login.sh ]; then
cp /tmp/login.sh /etc/init.d/login.sh
cp /tmp/login.sh /etc/init.d/login.sh
Line 494: Line 499:
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
sleep 1
sleep 1
let "SLEEP_COUNTER += 1"
let &quot;SLEEP_COUNTER += 1&quot;
done
done


Line 502: Line 507:
/sbin/test -f $TELNET || exit 0
/sbin/test -f $TELNET || exit 0


case "$1" in
case &quot;$1&quot; in
start)
start)


if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then
echo "Starting sshd services: disabled."
echo &quot;Starting sshd services: disabled.&quot;
else
else
echo -n "Starting sshd services: "
echo -n &quot;Starting sshd services: &quot;
enable_openssh
enable_openssh
generte_ssh_key
generte_ssh_key
update_sshd_config
update_sshd_config
/sbin/daemon_mgr sshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
/sbin/daemon_mgr sshd start &quot;$SSH -f ${SSHD_CONF} -p $SSH_PORT&quot;
echo "sshd."
echo &quot;sshd.&quot;
touch /var/lock/subsys/sshd
touch /var/lock/subsys/sshd
fi
fi


if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then
echo "Starting telnet services: disabled."
echo &quot;Starting telnet services: disabled.&quot;
else
else
echo -n "Starting telnet services: "
echo -n &quot;Starting telnet services: &quot;
/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
/sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;
echo "utelnetd."
echo &quot;utelnetd.&quot;
touch /var/lock/subsys/utelnetd
touch /var/lock/subsys/utelnetd
fi
fi
Line 528: Line 533:
;;
;;
stop)
stop)
echo -n "Shutting down sshd services:"
echo -n &quot;Shutting down sshd services:&quot;
/sbin/daemon_mgr sshd stop $SSH
/sbin/daemon_mgr sshd stop $SSH
/usr/bin/killall sshd
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
rm -f /var/lock/subsys/sshd
echo "sshd"
echo &quot;sshd&quot;


echo -n "Shutting down telnet services:"
echo -n &quot;Shutting down telnet services:&quot;
/sbin/daemon_mgr utelnetd stop $TELNET
/sbin/daemon_mgr utelnetd stop $TELNET
rm -f /var/lock/subsys/utelnetd
rm -f /var/lock/subsys/utelnetd
echo "utelnetd"
echo &quot;utelnetd&quot;
;;
;;


Line 545: Line 550:
;;
;;
*)
*)
echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;
exit 1
exit 1
esac
esac


exit 0
exit 0
</pre>  
</pre>
<br>
 
&nbsp;


=== TS-119 with 3.8.3 Build 20130426<br>  ===
=== TS-119 with 3.8.3 Build 20130426 ===


Works with OpenSSH_5.9p1 and the QPKG-based method from [[Running Your Own Application at Startup|Running Your Own Application at Startup]].<br>  
Works with OpenSSH_5.9p1 and the QPKG-based method from <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>.
<pre>#!/bin/sh
<pre>#!/bin/sh
SSH=/opt/sbin/sshd
SSH=/opt/sbin/sshd
Line 564: Line 570:
/sbin/test -f $TELNET || exit 0
/sbin/test -f $TELNET || exit 0


[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
[ -f &quot;/bin/cmp&quot; ] || ln -sf /bin/busybox /bin/cmp


SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=`/sbin/getcfg LOGIN &quot;SSH Port&quot; -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN &quot;TELNET Port&quot; -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
TELNET_PORT=`/sbin/getcfg LOGIN &quot;TELNET Port&quot; -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
Line 577: Line 583:
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
if [ -f /opt/bin/ssh-keygen ]; then
if [ -f /opt/bin/ssh-keygen ]; then
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
/opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
/opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
/bin/sync
fi
fi
/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retrsa1=$?
retrsa1=$?
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retrsa2=$?
retrsa2=$?
/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retdsa1=$?
retdsa1=$?
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retdsa2=$?
retdsa2=$?
/bin/cmp /etc/ssh/ssh_host_ecdsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_ecdsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retecdsa1=$?
retecdsa1=$?
/bin/cmp /etc/ssh/ssh_host_ecdsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/cmp /etc/ssh/ssh_host_ecdsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
retecdsa2=$?
retecdsa2=$?


Line 617: Line 623:


if [ -d /opt/etc/openssh ]; then
if [ -d /opt/etc/openssh ]; then
/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/rm -rf /root/.ssh 1&amp;gt;&amp;gt;/dev/null 2&amp;gt;&amp;gt;/dev/null
/bin/ln -sf /opt/etc/openssh/root /root/.ssh
/bin/ln -sf /opt/etc/openssh/root /root/.ssh
[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
Line 623: Line 629:
fi
fi
if [ "x${BOOT_CONF}" = "xTS-NASX86" ] &amp;&amp; [&nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
if [ &quot;x${BOOT_CONF}&quot; = &quot;xTS-NASX86&quot; ] &amp;amp;&amp;amp; [&amp;nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&amp;gt;&amp;gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&amp;gt;&amp;gt;/dev/null
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N &quot;&quot;
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N &quot;&quot;
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/touch /opt/etc/openssh/ssh_key.fla
fi
fi
Line 636: Line 642:
update_sshd_config()
update_sshd_config()
{
{
ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`
ENABLED_SFTP=`/sbin/getcfg LOGIN &quot;SFTP Enable&quot; -u -d TRUE`


if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
if [ &quot;x${ENABLED_SFTP}&quot; = &quot;xTRUE&quot; ]; then
/bin/grep "internal-sftp" ${SSHD_CONF} &gt; /dev/null
/bin/grep &quot;internal-sftp&quot; ${SSHD_CONF} &amp;gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
if [ $?&amp;nbsp;!= 0 ]; then
/bin/sed '107i\Subsystem sftp internal-sftp' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/sed '107i\Subsystem sftp internal-sftp' ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
fi
else
else
/bin/grep "internal-sftp" ${SSHD_CONF} &gt; /dev/null
/bin/grep &quot;internal-sftp&quot; ${SSHD_CONF} &amp;gt; /dev/null
if [ $? = 0 ]; then
if [ $? = 0 ]; then
/bin/sed "/internal-sftp/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/sed &quot;/internal-sftp/d&quot; ${SSHD_CONF} &amp;gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
fi
Line 656: Line 662:
{
{
     # Check to see if we already copied the old sshd
     # Check to see if we already copied the old sshd
     if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
     if [&amp;nbsp;! -e /usr/sbin/sshd_orig ]; then
         mv /usr/sbin/sshd /usr/sbin/sshd_orig
         mv /usr/sbin/sshd /usr/sbin/sshd_orig
         cp /opt/sbin/sshd /usr/sbin/sshd
         cp /opt/sbin/sshd /usr/sbin/sshd
Line 662: Line 668:
      
      
     # Finally, replace the current login script if necessary so further restarts via the web interface work
     # Finally, replace the current login script if necessary so further restarts via the web interface work
     /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
     /bin/grep &quot;enable_openssh&quot; /etc/init.d/login.sh &amp;gt; /dev/null
     if [ $?&nbsp;!= 0 ]; then
     if [ $?&amp;nbsp;!= 0 ]; then
         if [ -e $0 ]; then
         if [ -e $0 ]; then
             cp $0 /etc/init.d/login.sh
             cp $0 /etc/init.d/login.sh
Line 671: Line 677:
     # Make sure we have a home directory on a persistent drive
     # Make sure we have a home directory on a persistent drive
     # Note, this will only create the admin home directory
     # Note, this will only create the admin home directory
     if [&nbsp;! -e "/share/HDA_DATA/home" ]; then
     if [&amp;nbsp;! -e &quot;/share/HDA_DATA/home&quot; ]; then
         /bin/mkdir /share/HDA_DATA/home
         /bin/mkdir /share/HDA_DATA/home
         /bin/mkdir /share/HDA_DATA/home/admin
         /bin/mkdir /share/HDA_DATA/home/admin
Line 678: Line 684:
      
      
     # Link persistent home directory to referenced home dirs in /etc/passwd
     # Link persistent home directory to referenced home dirs in /etc/passwd
     if [&nbsp;! -e "/share/homes" ]; then
     if [&amp;nbsp;! -e &quot;/share/homes&quot; ]; then
         ln -s /share/HDA_DATA/home /share/homes
         ln -s /share/HDA_DATA/home /share/homes
     fi
     fi
Line 685: Line 691:
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
while [[&amp;nbsp;! -e /tmp/.boot_done &amp;amp;&amp;amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
         sleep 1
         sleep 1
         let "SLEEP_COUNTER += 1"
         let &quot;SLEEP_COUNTER += 1&quot;
done
done


case "$1" in
case &quot;$1&quot; in
     start)
     start)
if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
if [ `/sbin/getcfg LOGIN &quot;SSH Enable&quot; -u -d TRUE` = FALSE ]; then
echo "Starting sshd services: disabled."
echo &quot;Starting sshd services: disabled.&quot;
else
else
echo -n "Starting sshd services: "
echo -n &quot;Starting sshd services: &quot;
         enable_openssh
         enable_openssh
generte_ssh_key
generte_ssh_key
update_sshd_config
update_sshd_config
/sbin/daemon_mgr sshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
/sbin/daemon_mgr sshd start &quot;$SSH -f ${SSHD_CONF} -p $SSH_PORT&quot;
echo "sshd."
echo &quot;sshd.&quot;
touch /var/lock/subsys/sshd
touch /var/lock/subsys/sshd
fi
fi


if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
if [ `/sbin/getcfg LOGIN &quot;TELNET Enable&quot; -u -d FALSE` = FALSE ]; then
echo "Starting telnet services: disabled."
echo &quot;Starting telnet services: disabled.&quot;
else
else
echo -n "Starting telnet services: "
echo -n &quot;Starting telnet services: &quot;
/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
/sbin/daemon_mgr utelnetd start &quot;$TELNET -p $TELNET_PORT &amp;amp;&quot;
echo "utelnetd."
echo &quot;utelnetd.&quot;
touch /var/lock/subsys/utelnetd
touch /var/lock/subsys/utelnetd
fi
fi


if [ `/sbin/getcfg "TFTP Server" "Enable" -u -d FALSE` = FALSE ]; then
if [ `/sbin/getcfg &quot;TFTP Server&quot; &quot;Enable&quot; -u -d FALSE` = FALSE ]; then
echo "Starting opentftpd services: disabled."
echo &quot;Starting opentftpd services: disabled.&quot;
else
else
/etc/init.d/opentftp.sh start
/etc/init.d/opentftp.sh start
Line 721: Line 727:
;;
;;
     stop)
     stop)
echo -n "Shutting down sshd services:"
echo -n &quot;Shutting down sshd services:&quot;
/sbin/daemon_mgr sshd stop $SSH
/sbin/daemon_mgr sshd stop $SSH
/usr/bin/killall sshd
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
rm -f /var/lock/subsys/sshd
echo "sshd"
echo &quot;sshd&quot;


echo -n "Shutting down telnet services:"
echo -n &quot;Shutting down telnet services:&quot;
/sbin/daemon_mgr utelnetd stop $TELNET
/sbin/daemon_mgr utelnetd stop $TELNET
rm -f /var/lock/subsys/utelnetd
rm -f /var/lock/subsys/utelnetd
echo "utelnetd"
echo &quot;utelnetd&quot;
;;
;;


Line 738: Line 744:
;;
;;
     *)
     *)
         echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
         echo &quot;Usage: /etc/init.d/login.sh {start|stop|restart}&quot;
         exit 1
         exit 1
esac
esac


exit 0
exit 0
</pre>  
</pre>
== Configuration ==
 
== Configuration ==


Configuration files are maintained in /opt/etc/openssh, such as the sshd_config  
Configuration files are maintained in /opt/etc/openssh, such as the sshd_config


== Restarting openssh without rebooting ==
== Restarting openssh without rebooting ==


Once the system is setup, it might be useful to make changes to the sshd_config and restart the daemon without rebooting. You can do this one of two ways.  
Once the system is setup, it might be useful to make changes to the sshd_config and restart the daemon without rebooting. You can do this one of two ways.


=== GUI ===
=== GUI ===


#Untick the box in the GUI to disable SSH and hit apply  
#Untick the box in the GUI to disable SSH and hit apply  
#Re-enable and hit apply
#Re-enable and hit apply  
 
== Disabling guest account  ==


With OpenSSH, by default all users can log in, which means that the user "guest" with the default password "guest" can also log in and this may be undesirable to you.<strike>You may then want to remove this account with "deluser guest" from the command line with the admin account</strike> Verry bad idea as at least the qnap admin webinterface and FTP stoped working on 4.0.2. By pure luck SSH still works and restoring the user fixes the problem. You can also give it a password with "passwd guest" instead.
== Disabling guest account ==


== Contributions to documentation  ==
With OpenSSH, by default all users can log in, which means that the user "guest" with the default password "guest" can also log in and this may be undesirable to you.<strike>You may then want to remove this account with "deluser guest" from the command line with the admin account</strike> Verry bad idea as at least the qnap admin webinterface and FTP stoped working on 4.0.2. By pure luck SSH still works and restoring the user fixes the problem. You can also give it a password with "passwd guest" instead.


This howto was written by Papengut and edited by stevebow and jk42 then later re-written by patbaker82. See the ''Page History'' link for more contributors.
== Contributions to documentation ==


Note: This article overlaps with &lt;a _fcknotitle="true" href="Replace ssh"&gt;Replace ssh&lt;/a&gt;. The two articles should probably get merged.  
This howto was written by Papengut and edited by stevebow and jk42 then later re-written by patbaker82. See the ''Page History'' link for more contributors.


&lt;a _fcknotitle="true" href="Category:SSH"&gt;SSH&lt;/a&gt;
Note: This article overlaps with [[Replace_ssh_with_Qnapware_OpenSSH|Replace ssh]]. The two articles should probably get merged.


[[Category:SSH]]
<a _fcknotitle="true" href="Category:SSH">SSH</a>
  [[Category:SSH]]

Latest revision as of 03:35, 19 April 2020

Overview

I've seen many different solutions to implement OpenSSH, but none really brought a full switch over to openssh. While the many documents out there reflect how to replace the binary and get the openssh system to start up, most fail to show how to repoint underlying QNAP links to the /opt/etc/openssh configurations. With that said most implementations use hostkeys/keys that were generated under the old system possiblity leaving it unsecure.

High level features of this implementation

  • Enhanced the original start scripts provided from QNAP.
  • Creates initial 'admin' home directory as specified in /etc/passwd
  • Use of configuration parameters set in the GUI. The ports you set in the GUI will be the ones that openssh will use. Further you can disable/enable openssh via the GUI.
  • Support for firmware 3.3 of enabling/disabling SFTP via the GUI
  • Persistent script. Restarts via the GUI will use the new code, IE enabling/disabling of SSH or telnet.
  • Script ensures, upon booting, that it waits for the system QNAP ssh system to start before attempting to start openssh to replace the QNAP SSH daemon. This is important as we do not want competing SSHD processes.

The Alternative way

The port which the standard Qnap sshd listens to is configurable from the web interface... Change it to something else, then run OpenSSH on port 22. You don't need to fiddle with system config files or replace the sshd binary, just leave them be and edit /opt/etc/openssh/* to your liking.

Then you can either run OpenSSH sshd binary in the autorun.sh script (it daemonizes by default), or you can make sure that "/opt/etc/init.d/" files are correctly started on start up (follow instructions in Install_Optware_IPKG).

Installation

NOTE: This will require you to be either logged into the QNAP via Telnet or SSH in order to execute the commands denoted as #.

# ipkg update
# ipkg install openssh
  • mount /tmp/config, following the instructions in the article Running Your Own Application at Startup.
  • Copy the script below, login.sh, to /tmp/config/login.sh
  • Make /tmp/config/login.sh executable
# chmod +x /tmp/config/login.sh
  • Create or Edit /tmp/config/autorun.sh and add the following
/bin/cp /tmp/config/login.sh /tmp ; /bin/sh /tmp/login.sh restart &
  • Ensure /tmp/config/autorun.sh is executable
# chmod +x /tmp/config/autorun.sh
  • Reboot
# reboot

[Tested on TS-410, TS-459, TS-509 and TS-869.]

login.sh

Updated for Firmware 3.4.3

 #!/bin/sh
SLEEP_MAX=600
SSHD=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config
SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`

generte_ssh_key()
{
    [ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
    if [ -f /opt/bin/ssh-keygen  ]; then
        if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
            /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
            /opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
            /bin/sync
        fi
        if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
            /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
            /opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
            /bin/sync
        fi
        if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
            /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
            /opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
            /bin/sync
        fi
    fi

}

update_sshd_config()
{
    ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

    if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
        /bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
        if [ $?&nbsp;!= 0 ]; then
            /bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
            /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
        fi
    else
        /bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
        if [ $? = 0 ]; then
            /bin/sed "/\/usr\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
            /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
            /bin/rm ${SSHD_CONF}.tmp
        fi
    fi
}

enable_openssh()
{
    # Check to see if we already copied the old sshd
    if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
        mv /usr/sbin/sshd /usr/sbin/sshd_orig
        cp /opt/sbin/sshd /usr/sbin/sshd
    fi
    
    # Finally, replace the current login script if neccessary so further restarts via the web interface work
    /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
    if [ $?&nbsp;!= 0 ]; then
        if [ -e $0 ]; then
            cp $0 /etc/init.d/login.sh
        fi
    fi
    
    # Make sure we have a home directory on a persistent drive
    # Note, this will only create the admin home directory
    if [&nbsp;! -e "/share/MD0_DATA/home" ]; then
        /bin/mkdir /share/MD0_DATA/home
        /bin/mkdir /share/MD0_DATA/home/admin
        /bin/chmod og-rx /share/MD0_DATA/home/admin
    fi
    
    # Link persistent home directory to referenced home dirs in /etc/passwd
    if [&nbsp;! -e "/share/homes" ]; then
        ln -s /share/MD0_DATA/home /share/homes
    fi
}


# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
        sleep 1
        let "SLEEP_COUNTER += 1"
done

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

case "$1" in
    start)
    if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
        echo "Starting sshd services: disabled."
    else
        echo -n "Starting sshd services: "
        enable_openssh
        generte_ssh_key
        update_sshd_config
        /sbin/daemon_mgr sshd start "$SSHD -f ${SSHD_CONF} -p $SSH_PORT"
        echo "sshd."
        touch /var/lock/subsys/sshd
    fi

    if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
        echo "Starting telnet services: disabled."
    else
        echo -n "Starting telnet services: "
        /sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
        echo "utelnetd."
        touch /var/lock/subsys/utelnetd
    fi

   &nbsp;;;
    stop)
    echo -n "Shutting down sshd services:" 
    /sbin/daemon_mgr sshd stop $SSHD
    /usr/bin/killall sshd
    rm -f /var/lock/subsys/sshd
    echo "sshd"

    echo -n "Shutting down telnet services:"
    /sbin/daemon_mgr utelnetd stop $TELNET
    rm -f /var/lock/subsys/utelnetd
    echo "utelnetd"
   &nbsp;;;

    restart)
    $0 stop
    $0 start
   &nbsp;;;    
    *)
        echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
        exit 1
esac

exit 0


TS-212

Firmware 3.5.2 Build 1126T

Created with some melding of the above script with that found by default on the 3.5.2 Build 1126T firmware (on mtdblock5), the following script seems to work as intended on a TS-212.

#!/bin/sh
SLEEP_MAX=600
SSHD=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
generte_ssh_key()
{
	[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
	if [ -f /opt/bin/ssh-keygen ]; then
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
			/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
			/bin/sync
		fi
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
			/bin/sync
		fi
	
		/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa2=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa2=$?

		[ $retrsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key /etc/ssh/
		[ $retrsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub /etc/ssh/
		[ $retdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key /etc/ssh/
		[ $retdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub /etc/ssh/

		if [ -d /etc/config/ssh ]; then
			/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
			/bin/ln -sf /etc/config/ssh /root/.ssh
			[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
			[ -f /etc/config/ssh/id_rsa.pub ] || /bin/ln -sf ssh_host_rsa_key.pub /etc/config/ssh/id_rsa.pub
		fi
		
		if [ "x${BOOT_CONF}" = "xTS-NASX86" ] &amp;&amp; [&nbsp;! -f /etc/config/ssh_key.fla ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*	2&gt;&gt;/dev/null
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
			/usr/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/usr/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
		fi
	fi

}

update_sshd_config()
{
	ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

	if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
		/bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
		if [ $?&nbsp;!= 0 ]; then
			/bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
		fi
	else
		/bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
		if [ $? = 0 ]; then
			/bin/sed "/\/usr\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
			/bin/rm ${SSHD_CONF}.tmp
		fi
	fi
}

enable_openssh()
{
    # Check to see if we already copied the old sshd
    if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
        mv /usr/sbin/sshd /usr/sbin/sshd_orig
        cp /opt/sbin/sshd /usr/sbin/sshd
    fi
    
    # Finally, replace the current login script if neccessary so further restarts via the web interface work
    /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
    if [ $?&nbsp;!= 0 ]; then
        if [ -e $0 ]; then
            cp $0 /etc/init.d/login.sh
        fi
    fi
    
    # Make sure we have a home directory on a persistent drive
    # Note, this will only create the admin home directory
    if [&nbsp;! -e "/share/MD0_DATA/home" ]; then
        /bin/mkdir /share/MD0_DATA/home
        /bin/mkdir /share/MD0_DATA/home/admin
        /bin/chmod og-rx /share/MD0_DATA/home/admin
    fi
    
    # Link persistent home directory to referenced home dirs in /etc/passwd
    if [&nbsp;! -e "/share/homes" ]; then
        ln -s /share/MD0_DATA/home /share/homes
    fi
}


# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
        sleep 1
        let "SLEEP_COUNTER += 1"
done

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

case "$1" in
    start)
	if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
		echo "Starting sshd services: disabled."
	else
		echo -n "Starting sshd services: "
		enable_openssh
		generte_ssh_key
		update_sshd_config
		/sbin/daemon_mgr sshd start "$SSHD -f ${SSHD_CONF} -p $SSH_PORT"
		echo "sshd."
		touch /var/lock/subsys/sshd
	fi

	if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting telnet services: disabled."
	else
		echo -n "Starting telnet services: "
		/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
		echo "utelnetd."
		touch /var/lock/subsys/utelnetd
	fi

	if [ `/sbin/getcfg "TFTP Server" "Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting opentftpd services: disabled."
	else
		/etc/init.d/opentftp.sh start
	fi

	;;
    stop)
	echo -n "Shutting down sshd services:" 
	/sbin/daemon_mgr sshd stop $SSHD
	/usr/bin/killall sshd
	rm -f /var/lock/subsys/sshd
	echo "sshd"

	echo -n "Shutting down telnet services:"
	/sbin/daemon_mgr utelnetd stop $TELNET
	rm -f /var/lock/subsys/utelnetd
	echo "utelnetd"
	;;

    restart)
	$0 stop
	$0 start
	;;	
    *)
        echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
        exit 1
esac

exit 0

Firmware 4.0.5

It seems that the default sshd shipped with this version allows users other than admin. It is only needed to add the allowed usernames (including admin) to the AllowUsers directive in /etc/ssh/sshd_config.

AllowUsers admin USERNAME

Unfortunately, changes to that file are not persistent across reboot. Copying the modified sshd_config script to /tmp/config, and making the autorun.sh script copy it back in /etc/ssh on boot should work.

If using the Optware-provided OpenSSH is still required, the following additional changes are needed.

Sometimes between 3.5.x and 4.0.5, OpenSSH seems to have started expecting ECDSA keys. The login.sh script needs to generate them too in generte_ssh_keys [sic].

		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
			/bin/sync
		fi


TS-419P+ with Firmware 3.6.1 Build 0302T

#!/bin/sh
SSH=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config

SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
SLEEP_MAX=300

generte_ssh_key()
{
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
if [ -f /opt/bin/ssh-keygen ]; then
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ];
then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
fi
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ];
then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
fi
[ -d $SSHKEY_CONFIG_DIR/root ] || /bin/mkdir $SSHKEY_CONFIG_DIR/root
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/root/id_rsa*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/root/id_rsa -N ""
/bin/touch /opt/etc/openssh/root/ssh_key.fla
/bin/sync
fi
if [ -d /opt/etc/openssh ]; then
/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/ln -sf /opt/etc/openssh/root /root/.ssh
fi
if [&nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
fi
if [&nbsp;! -f /opt/etc/openssh/root/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/id_rsa* 2&gt;&gt;/dev/null
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/id_rsa -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
fi
fi
}

update_sshd_config()
{
ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
/bin/grep "/opt/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
/bin/sed '107i\Subsystem sftp \/opt\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
else
/bin/grep "/opt/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
if [ $? == 0 ]; then
/bin/sed "/\/opt\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
fi
}

enable_openssh()
{
# Check to see if we already copied the old sshd
if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
mv /usr/sbin/sshd /usr/sbin/sshd_orig
cp /opt/sbin/sshd /usr/sbin/sshd
fi

# Finally, replace the current login script if neccessary so further restarts via the web interface work
/bin/grep "enable_openssh" ${SSHD_CONF} &gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
if [ -e /tmp/login.sh ]; then
cp /tmp/login.sh /etc/init.d/login.sh
fi
fi
}

# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
sleep 1
let "SLEEP_COUNTER += 1"
done

/sbin/test -f $SSH || exit 0
/sbin/test -f $TELNET || exit 0

case "$1" in
start)

if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
echo "Starting sshd services: disabled."
else
echo -n "Starting sshd services: "
enable_openssh
generte_ssh_key
update_sshd_config
/sbin/daemon_mgr sshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
echo "sshd."
touch /var/lock/subsys/sshd
fi

if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
echo "Starting telnet services: disabled."
else
echo -n "Starting telnet services: "
/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
echo "utelnetd."
touch /var/lock/subsys/utelnetd
fi

;;
stop)
echo -n "Shutting down sshd services:"
/sbin/daemon_mgr sshd stop $SSH
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
echo "sshd"

echo -n "Shutting down telnet services:"
/sbin/daemon_mgr utelnetd stop $TELNET
rm -f /var/lock/subsys/utelnetd
echo "utelnetd"
;;

restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
exit 1
esac

exit 0

 

TS-119 with 3.8.3 Build 20130426

Works with OpenSSH_5.9p1 and the QPKG-based method from <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>.

#!/bin/sh
SSH=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
SLEEP_MAX=300

generte_ssh_key()
{
	[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
	if [ -f /opt/bin/ssh-keygen ]; then
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
			/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
			/bin/sync
		fi
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
			/bin/sync
		fi
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
			/opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
			/bin/sync
		fi
		
		/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa2=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa2=$?
		/bin/cmp /etc/ssh/ssh_host_ecdsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retecdsa1=$?
		/bin/cmp /etc/ssh/ssh_host_ecdsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retecdsa2=$?

		[ $retrsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key /etc/ssh/
		[ $retrsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub /etc/ssh/
		[ $retdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key /etc/ssh/
		[ $retdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub /etc/ssh/
		[ $retecdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key /etc/ssh/
		[ $retecdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub /etc/ssh/

		if [ -d /opt/etc/openssh ]; then
			/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
			/bin/ln -sf /opt/etc/openssh/root /root/.ssh
			[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
			[ -f /etc/config/ssh/id_rsa.pub ] || /bin/ln -sf ssh_host_rsa_key.pub /etc/config/ssh/id_rsa.pub
		fi
		
		if [ "x${BOOT_CONF}" = "xTS-NASX86" ] &amp;&amp; [&nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*	2&gt;&gt;/dev/null
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
			/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
		fi
	fi

}

update_sshd_config()
{
	ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

	if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
		/bin/grep "internal-sftp" ${SSHD_CONF} &gt; /dev/null
		if [ $?&nbsp;!= 0 ]; then
			/bin/sed '107i\Subsystem sftp internal-sftp' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
		fi
	else
		/bin/grep "internal-sftp" ${SSHD_CONF} &gt; /dev/null
		if [ $? = 0 ]; then
			/bin/sed "/internal-sftp/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
		fi
	fi
}

enable_openssh()
{
    # Check to see if we already copied the old sshd
    if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
        mv /usr/sbin/sshd /usr/sbin/sshd_orig
        cp /opt/sbin/sshd /usr/sbin/sshd
    fi
    
    # Finally, replace the current login script if necessary so further restarts via the web interface work
    /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
    if [ $?&nbsp;!= 0 ]; then
        if [ -e $0 ]; then
            cp $0 /etc/init.d/login.sh
        fi
    fi
    
    # Make sure we have a home directory on a persistent drive
    # Note, this will only create the admin home directory
    if [&nbsp;! -e "/share/HDA_DATA/home" ]; then
        /bin/mkdir /share/HDA_DATA/home
        /bin/mkdir /share/HDA_DATA/home/admin
        /bin/chmod og-rx /share/HDA_DATA/home/admin
    fi
    
    # Link persistent home directory to referenced home dirs in /etc/passwd
    if [&nbsp;! -e "/share/homes" ]; then
        ln -s /share/HDA_DATA/home /share/homes
    fi
}

# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
        sleep 1
        let "SLEEP_COUNTER += 1"
done

case "$1" in
    start)
	if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
		echo "Starting sshd services: disabled."
	else
		echo -n "Starting sshd services: "
        enable_openssh
		generte_ssh_key
		update_sshd_config
		/sbin/daemon_mgr sshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
		echo "sshd."
		touch /var/lock/subsys/sshd
	fi

	if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting telnet services: disabled."
	else
		echo -n "Starting telnet services: "
		/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
		echo "utelnetd."
		touch /var/lock/subsys/utelnetd
	fi

	if [ `/sbin/getcfg "TFTP Server" "Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting opentftpd services: disabled."
	else
		/etc/init.d/opentftp.sh start
	fi

	;;
    stop)
	echo -n "Shutting down sshd services:" 
	/sbin/daemon_mgr sshd stop $SSH
	/usr/bin/killall sshd
	rm -f /var/lock/subsys/sshd
	echo "sshd"

	echo -n "Shutting down telnet services:"
	/sbin/daemon_mgr utelnetd stop $TELNET
	rm -f /var/lock/subsys/utelnetd
	echo "utelnetd"
	;;

    restart)
	$0 stop
	$0 start
	;;	
    *)
        echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
        exit 1
esac

exit 0

Configuration

Configuration files are maintained in /opt/etc/openssh, such as the sshd_config

Restarting openssh without rebooting

Once the system is setup, it might be useful to make changes to the sshd_config and restart the daemon without rebooting. You can do this one of two ways.

GUI

  1. Untick the box in the GUI to disable SSH and hit apply
  2. Re-enable and hit apply

Disabling guest account

With OpenSSH, by default all users can log in, which means that the user "guest" with the default password "guest" can also log in and this may be undesirable to you.You may then want to remove this account with "deluser guest" from the command line with the admin account Verry bad idea as at least the qnap admin webinterface and FTP stoped working on 4.0.2. By pure luck SSH still works and restoring the user fixes the problem. You can also give it a password with "passwd guest" instead.

Contributions to documentation

This howto was written by Papengut and edited by stevebow and jk42 then later re-written by patbaker82. See the Page History link for more contributors.

Note: This article overlaps with Replace ssh. The two articles should probably get merged.

<a _fcknotitle="true" href="Category:SSH">SSH</a>