Replace ssh with Qnapware OpenSSH

From QNAPedia
Revision as of 07:32, 1 January 2016 by Blast hardcheese (talk | contribs) (Formatting, adding final step for actually starting the service)
Jump to navigation Jump to search

Note: Work in progress.

Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)

  1. Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
  2. opkg install openssh-server
  3. echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
  4. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
  5. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
  6. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
  7. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
  8. useradd --system --no-create-home sshd
  9. ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
  10. ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
  11. Create /etc/init.d/openssh.sh
#!/bin/sh

SSH=/Apps/opt/sbin/opensshd
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config

/sbin/test -f $SSHD || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=22
SSHKEY_CONFIG_DIR=/etc/config/ssh
case "$1" in
    start)
        /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
        if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then
                echo -n "Starting OpenSSH (opensshd) service: "
                /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
                echo "OK"
                touch /var/lock/subsys/opensshd
        fi

        ;;
    stop)
        echo -n "Shutting down OpenSSH (opensshd) service: " 
        /sbin/daemon_mgr opensshd stop $SSH
        /usr/bin/killall opensshd 2>/dev/null
        rm -f /var/lock/subsys/opensshd
        echo "OK"
        ;;

    restart)
        $0 stop
        $0 start
        ;;      
    *)
        echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
        exit 1
esac

exit 0

Finally, /etc/init.d/openssh.sh start to get up and running.

Optionally, if you'd like users other than admin to log in with authorized_keys:

  1. Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
  2. mkdir -p /opt/home/someuser/.ssh
  3. mkdir -p /opt/home -m 755

Run these for every user you want to be  (replace someuser with your actual username):

  1. mkdir -m 700 -p /opt/home/someuser/.ssh
  2. touch /opt/home/someuser/.ssh/authorized_keys
  3. chmod 600 /opt/home/someuser/.ssh/authorized_keys