Replace ssh with Qnapware OpenSSH: Difference between revisions
Jump to navigation
Jump to search
m +Category:SSH |
Making QNAPware a link |
||
(6 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
Tested on: | |||
*TS-453 Pro, Firmware 4.2.0 | |||
Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something) | Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something) | ||
#Install | #Install [http://wiki.qnap.com/wiki/Debian_Installation_On_QNAP QNAPware] for opkg support (Note: This replaces both Entware and Optware) | ||
#opkg install openssh-server | #opkg install openssh-server | ||
#ssh-keygen -t rsa -f | #echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended | ||
#ssh-keygen -t | #ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N ''-t rsa'' | ||
# | #ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N ''-t dsa'' | ||
# | #ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N ''-t ecdsa'' | ||
#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N ''-t ed25519'' | |||
# | #useradd --system --no-create-home sshd | ||
#ln -s ../init.d/openssh.sh /etc/init.d/S86openssh | |||
#ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh | |||
#Create /etc/init.d/openssh.sh | |||
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><pre><nowiki>#!/bin/sh | |||
SSH=/Apps/opt/sbin/opensshd | |||
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config | |||
/sbin/test -f $SSHD || exit 0 | |||
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp | |||
DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22` | |||
SSH_PORT=22 | |||
SSHKEY_CONFIG_DIR=/etc/config/ssh | |||
case "$1" in | |||
start) | |||
/bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow | |||
if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then | |||
echo -n "Starting OpenSSH (opensshd) service: " | |||
/sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT" | |||
echo "OK" | |||
touch /var/lock/subsys/opensshd | |||
fi | |||
;; | |||
stop) | |||
echo -n "Shutting down OpenSSH (opensshd) service: " | |||
/sbin/daemon_mgr opensshd stop $SSH | |||
/usr/bin/killall opensshd 2>/dev/null | |||
rm -f /var/lock/subsys/opensshd | |||
echo "OK" | |||
;; | |||
restart) | |||
$0 stop | |||
$0 start | |||
;; | |||
*) | |||
echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}" | |||
exit 1 | |||
esac | |||
exit 0 | |||
</nowiki></pre> | |||
</div> | |||
Finally, <code>/etc/init.d/openssh.sh start</code> to get up and running. | |||
Optionally, if you'd like users other than admin to log in with authorized_keys: | |||
#Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys | |||
#mkdir -p /opt/home/someuser/.ssh | |||
#<span style="line-height: 20.8px;">mkdir -p /opt/home -m 755</span> | |||
<span style="line-height: 20.8px;">Run these for every user you want to be (replace someuser with your actual username):</span> | |||
#mkdir -m 700 -p /opt/home/someuser/.ssh | |||
#touch <span style="line-height: 20.8px;">/opt/home/someuser/.ssh/authorized_keys</span> | |||
#<span style="line-height: 20.8px;">chmod 600 /opt/home/someuser/.ssh/authorized_keys</span> | |||
| |||
[[Category:SSH]] | [[Category:SSH]] |
Latest revision as of 07:38, 1 January 2016
Tested on:
- TS-453 Pro, Firmware 4.2.0
Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something)
- Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
- opkg install openssh-server
- echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
- useradd --system --no-create-home sshd
- ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
- ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
- Create /etc/init.d/openssh.sh
#!/bin/sh SSH=/Apps/opt/sbin/opensshd SSHD_CONF=/Apps/opt/etc/ssh/sshd_config /sbin/test -f $SSHD || exit 0 [ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22` SSH_PORT=22 SSHKEY_CONFIG_DIR=/etc/config/ssh case "$1" in start) /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then echo -n "Starting OpenSSH (opensshd) service: " /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT" echo "OK" touch /var/lock/subsys/opensshd fi ;; stop) echo -n "Shutting down OpenSSH (opensshd) service: " /sbin/daemon_mgr opensshd stop $SSH /usr/bin/killall opensshd 2>/dev/null rm -f /var/lock/subsys/opensshd echo "OK" ;; restart) $0 stop $0 start ;; *) echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}" exit 1 esac exit 0
Finally, /etc/init.d/openssh.sh start
to get up and running.
Optionally, if you'd like users other than admin to log in with authorized_keys:
- Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
- mkdir -p /opt/home/someuser/.ssh
- mkdir -p /opt/home -m 755
Run these for every user you want to be (replace someuser with your actual username):
- mkdir -m 700 -p /opt/home/someuser/.ssh
- touch /opt/home/someuser/.ssh/authorized_keys
- chmod 600 /opt/home/someuser/.ssh/authorized_keys