Replace ssh with Qnapware OpenSSH: Difference between revisions

From QNAPedia
Jump to navigation Jump to search
Glenn (talk | contribs)
Making QNAPware a link
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Note: Work in progress.
Tested on:
 
*TS-453 Pro, Firmware 4.2.0


Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)
Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)


#Install Entware for opkg support (Note that this replaces the older non-supported as of Dec-2014 Optware)
#Install [http://wiki.qnap.com/wiki/Debian_Installation_On_QNAP QNAPware] for opkg support (Note: This replaces both Entware and Optware)
#opkg install openssh-server
#opkg install openssh-server
#ssh-keygen -t rsa -f ssh_host_rsa_key
#echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
#ssh-keygen -t dsa -f ssh_host_dsa_key
#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N ''-t rsa''
#Add sshd user to /etc/passwd and sshd group to /etc/group
#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N ''-t dsa''
#*echo sshd:x:74:>>/etc/group
#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N ''-t ecdsa''
#*echo sshd:x:74:74:Priviledge-separated SSH:/var/empty/sshd:/sbin/nologin>>/etc/passwd
#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N ''-t ed25519''
#
#useradd --system --no-create-home sshd
#ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
#ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
#Create /etc/init.d/openssh.sh
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><pre><nowiki>#!/bin/sh
 
SSH=/Apps/opt/sbin/opensshd
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config
 
/sbin/test -f $SSHD || exit 0
 
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
 
DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=22
SSHKEY_CONFIG_DIR=/etc/config/ssh
case "$1" in
    start)
        /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
        if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE`&nbsp;!= FALSE ]; then
                echo -n "Starting OpenSSH (opensshd) service: "
                /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
                echo "OK"
                touch /var/lock/subsys/opensshd
        fi
 
      &nbsp;;;
    stop)
        echo -n "Shutting down OpenSSH (opensshd) service: "
        /sbin/daemon_mgr opensshd stop $SSH
        /usr/bin/killall opensshd 2>/dev/null
        rm -f /var/lock/subsys/opensshd
        echo "OK"
      &nbsp;;;
 
    restart)
        $0 stop
        $0 start
      &nbsp;;;     
    *)
        echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
        exit 1
esac
 
exit 0
</nowiki></pre>
</div>
Finally, <code>/etc/init.d/openssh.sh start</code>&nbsp;to get up and running.
 
Optionally, if you'd like users other than admin to log in with authorized_keys:
 
#Edit /Apps/opt/etc/ssh/sshd_config, set&nbsp;AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
#mkdir -p /opt/home/someuser/.ssh
#<span style="line-height: 20.8px;">mkdir -p /opt/home -m 755</span>
 
<span style="line-height: 20.8px;">Run these for every user you want to be &nbsp;(replace someuser with your actual username):</span>
 
#mkdir -m 700&nbsp;-p /opt/home/someuser/.ssh
#touch&nbsp;<span style="line-height: 20.8px;">/opt/home/someuser/.ssh/authorized_keys</span>
#<span style="line-height: 20.8px;">chmod 600&nbsp;/opt/home/someuser/.ssh/authorized_keys</span>


[[Category:SSH]]
[[Category:SSH]]

Latest revision as of 07:38, 1 January 2016

Tested on:

  • TS-453 Pro, Firmware 4.2.0

Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)

  1. Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
  2. opkg install openssh-server
  3. echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
  4. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
  5. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
  6. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
  7. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
  8. useradd --system --no-create-home sshd
  9. ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
  10. ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
  11. Create /etc/init.d/openssh.sh
#!/bin/sh

SSH=/Apps/opt/sbin/opensshd
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config

/sbin/test -f $SSHD || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=22
SSHKEY_CONFIG_DIR=/etc/config/ssh
case "$1" in
    start)
        /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
        if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then
                echo -n "Starting OpenSSH (opensshd) service: "
                /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
                echo "OK"
                touch /var/lock/subsys/opensshd
        fi

        ;;
    stop)
        echo -n "Shutting down OpenSSH (opensshd) service: " 
        /sbin/daemon_mgr opensshd stop $SSH
        /usr/bin/killall opensshd 2>/dev/null
        rm -f /var/lock/subsys/opensshd
        echo "OK"
        ;;

    restart)
        $0 stop
        $0 start
        ;;      
    *)
        echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
        exit 1
esac

exit 0

Finally, /etc/init.d/openssh.sh start to get up and running.

Optionally, if you'd like users other than admin to log in with authorized_keys:

  1. Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
  2. mkdir -p /opt/home/someuser/.ssh
  3. mkdir -p /opt/home -m 755

Run these for every user you want to be  (replace someuser with your actual username):

  1. mkdir -m 700 -p /opt/home/someuser/.ssh
  2. touch /opt/home/someuser/.ssh/authorized_keys
  3. chmod 600 /opt/home/someuser/.ssh/authorized_keys