Replace ssh with Qnapware OpenSSH: Difference between revisions

From QNAPedia
Jump to navigation Jump to search
Documenting which NAS this strategy works with
Making QNAPware a link
 
Line 5: Line 5:
Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)
Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)


#Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
#Install [http://wiki.qnap.com/wiki/Debian_Installation_On_QNAP QNAPware] for opkg support (Note: This replaces both Entware and Optware)
#opkg install openssh-server
#opkg install openssh-server
#echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
#echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended

Latest revision as of 07:38, 1 January 2016

Tested on:

  • TS-453 Pro, Firmware 4.2.0

Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)

  1. Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
  2. opkg install openssh-server
  3. echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
  4. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
  5. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
  6. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
  7. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
  8. useradd --system --no-create-home sshd
  9. ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
  10. ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
  11. Create /etc/init.d/openssh.sh
#!/bin/sh

SSH=/Apps/opt/sbin/opensshd
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config

/sbin/test -f $SSHD || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=22
SSHKEY_CONFIG_DIR=/etc/config/ssh
case "$1" in
    start)
        /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
        if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then
                echo -n "Starting OpenSSH (opensshd) service: "
                /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
                echo "OK"
                touch /var/lock/subsys/opensshd
        fi

        ;;
    stop)
        echo -n "Shutting down OpenSSH (opensshd) service: " 
        /sbin/daemon_mgr opensshd stop $SSH
        /usr/bin/killall opensshd 2>/dev/null
        rm -f /var/lock/subsys/opensshd
        echo "OK"
        ;;

    restart)
        $0 stop
        $0 start
        ;;      
    *)
        echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
        exit 1
esac

exit 0

Finally, /etc/init.d/openssh.sh start to get up and running.

Optionally, if you'd like users other than admin to log in with authorized_keys:

  1. Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
  2. mkdir -p /opt/home/someuser/.ssh
  3. mkdir -p /opt/home -m 755

Run these for every user you want to be  (replace someuser with your actual username):

  1. mkdir -m 700 -p /opt/home/someuser/.ssh
  2. touch /opt/home/someuser/.ssh/authorized_keys
  3. chmod 600 /opt/home/someuser/.ssh/authorized_keys