Replace ssh with Qnapware OpenSSH
Note: Work in progress.
Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something)
- Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
- opkg install openssh-server
- echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
- useradd --system --no-create-home sshd
- ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
- ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
- Create /etc/init.d/openssh.sh
#!/bin/sh
SSH=/Apps/opt/sbin/opensshd
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config
/sbin/test -f $SSHD || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=22
SSHKEY_CONFIG_DIR=/etc/config/ssh
case "$1" in
start)
/bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then
echo -n "Starting OpenSSH (opensshd) service: "
/sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
echo "OK"
touch /var/lock/subsys/opensshd
fi
;;
stop)
echo -n "Shutting down OpenSSH (opensshd) service: "
/sbin/daemon_mgr opensshd stop $SSH
/usr/bin/killall opensshd 2>/dev/null
rm -f /var/lock/subsys/opensshd
echo "OK"
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
exit 1
esac
exit 0
Optionally, if you'd like users other than admin to log in with authorized_keys:
- Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
- mkdir -p /opt/home/someuser/.ssh
- mkdir -p /opt/home -m 755
Run these for every user you want to be (replace someuser with your actual username):
- mkdir -m 700 -p /opt/home/someuser/.ssh
- touch /opt/home/someuser/.ssh/authorized_keys
- chmod 600 /opt/home/someuser/.ssh/authorized_keys