How To Replace SSH Daemon With OpenSSH: Difference between revisions

From QNAPedia
Jump to navigation Jump to search
No edit summary
m (Fixed broken links)
 
Line 1: Line 1:
<h2> Overview </h2>
 
<p>I've seen many different solutions to implement <a href="OpenSSH">OpenSSH</a>, but none really brought a full switch over to openssh. While the many documents out there reflect how to replace the binary and get the openssh system to start up, most fail to show how to repoint underlying QNAP links to the /opt/etc/openssh configurations. With that said most implementations use hostkeys/keys that were generated under the old system possiblity leaving it unsecure.  
== Overview ==
</p>
 
<h2> High level features of this implementation </h2>
I've seen many different solutions to implement [https://www.openssh.com/ OpenSSH], but none really brought a full switch over to openssh. While the many documents out there reflect how to replace the binary and get the openssh system to start up, most fail to show how to repoint underlying QNAP links to the /opt/etc/openssh configurations. With that said most implementations use hostkeys/keys that were generated under the old system possiblity leaving it unsecure.
<ul><li>Enhanced the original start scripts provided from QNAP.  
 
</li>
== High level features of this implementation ==
<li>Creates initial 'admin' home directory as specified in /etc/passwd  
 
</li>
*Enhanced the original start scripts provided from QNAP.  
<li>Use of configuration parameters set in the GUI. The ports you set in the GUI will be the ones that openssh will use. Further you can disable/enable openssh via the GUI.  
*Creates initial 'admin' home directory as specified in /etc/passwd  
</li>
*Use of configuration parameters set in the GUI. The ports you set in the GUI will be the ones that openssh will use. Further you can disable/enable openssh via the GUI.  
<li>Support for firmware 3.3 of enabling/disabling SFTP via the GUI  
*Support for firmware 3.3 of enabling/disabling SFTP via the GUI  
</li>
*Persistent script. Restarts via the GUI will use the new code, IE enabling/disabling of SSH or telnet.  
<li>Persistent script. Restarts via the GUI will use the new code, IE enabling/disabling of SSH or telnet.  
*Script ensures, upon booting, that it waits for the system QNAP ssh system to start before attempting to start openssh to replace the QNAP SSH daemon. This is important as we do not want competing SSHD processes.  
</li>
 
<li>Script ensures, upon booting, that it waits for the system QNAP ssh system to start before attempting to start openssh to replace the QNAP SSH daemon. This is important as we do not want competing SSHD processes.
== The Alternative way ==
</li></ul><h2> The Alternative way </h2>
 
<p>The port which the standard Qnap sshd listens to is configurable from the web interface... Change it to something else, then run OpenSSH on port 22. You don't need to fiddle with system config files or replace the sshd binary, just leave them be and edit /opt/etc/openssh/* to your liking.  
The port which the standard Qnap sshd listens to is configurable from the web interface... Change it to something else, then run OpenSSH on port 22. You don't need to fiddle with system config files or replace the sshd binary, just leave them be and edit /opt/etc/openssh/* to your liking.
</p><p>Then you can either run OpenSSH sshd binary in the autorun.sh script (it daemonizes by default), or you can make sure that "/opt/etc/init.d/" files are correctly started on start up (follow instructions in <a href="Install%20Optware%20IPKG">Install Optware IPKG</a>).  
 
</p>
Then you can either run OpenSSH sshd binary in the autorun.sh script (it daemonizes by default), or you can make sure that "/opt/etc/init.d/" files are correctly started on start up (follow instructions in [[Install_Optware_IPKG|Install_Optware_IPKG]]).
<h2> Installation </h2>
 
<p>NOTE: This will require you to be either logged into the QNAP via Telnet or SSH in order to execute the commands denoted as <tt>#</tt>.  
== Installation ==
</p>
 
<ul><li><a href="Install%20Optware%20IPKG">Install Optware IPKG</a>. <a href="Optware">Optware</a> is the conduit for installing <a href="OpenSSH">OpenSSH</a>.  
NOTE: This will require you to be either logged into the QNAP via Telnet or SSH in order to execute the commands denoted as <tt>#</tt>.
</li>
 
<li>Install the <a href="Openssh">Openssh</a> package using <a href="Optware">Optware</a>.
*[[Install_Optware_IPKG|Install_Optware_IPKG]]. [[Optware_IPKG|Optware]] is the conduit for installing [https://www.openssh.com/ OpenSSH].
</li></ul><pre class="_fck_mw_lspace"># ipkg update
*Install the [https://www.openssh.com/ OpenSSH] package using [[Optware_IPKG|Optware]].  
# ipkg install openssh
 
</pre>
# ipkg update
<ul><li>mount /tmp/config, following the instructions in the article <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>.  
# ipkg install openssh
</li>
 
<li>Copy the script below, <i>login.sh</i>, to <tt>/tmp/config/login.sh</tt>  
*mount /tmp/config, following the instructions in the article [[Running_Your_Own_Application_at_Startup|Running Your Own Application at Startup]].  
</li>
*Copy the script below, ''login.sh'', to <tt>/tmp/config/login.sh</tt>  
<li>Make /tmp/config/login.sh executable
*Make /tmp/config/login.sh executable  
</li></ul><pre class="_fck_mw_lspace"># chmod +x /tmp/config/login.sh
 
</pre>
# chmod +x /tmp/config/login.sh
<ul><li>Create or Edit /tmp/config/autorun.sh and add the following
 
</li></ul><pre class="_fck_mw_lspace">/bin/cp /tmp/config/login.sh /tmp&#160;; /bin/sh /tmp/login.sh restart &amp;
*Create or Edit /tmp/config/autorun.sh and add the following  
</pre>
 
<ul><li>Ensure /tmp/config/autorun.sh is executable
/bin/cp /tmp/config/login.sh /tmp&nbsp;; /bin/sh /tmp/login.sh restart &
</li></ul><pre class="_fck_mw_lspace"># chmod +x /tmp/config/autorun.sh
 
</pre>
*Ensure /tmp/config/autorun.sh is executable  
<ul><li>Reboot
 
</li></ul><pre class="_fck_mw_lspace"># reboot
# chmod +x /tmp/config/autorun.sh
</pre>
 
<p>[Tested on TS-410, TS-459, TS-509 and TS-869.]  
*Reboot  
</p>
 
<h2> login.sh </h2>
# reboot
<h3> Updated for Firmware&#160;3.4.3 </h3>
 
[Tested on TS-410, TS-459, TS-509 and TS-869.]
 
== login.sh ==
 
=== Updated for Firmware&nbsp;3.4.3 ===
<pre> #!/bin/sh
<pre> #!/bin/sh
SLEEP_MAX=600
SLEEP_MAX=600
Line 192: Line 197:




</pre>  
</pre>
<h3> TS-212 </h3>
 
<h4> Firmware 3.5.2 Build 1126T </h4>
=== TS-212 ===
<p>Created with some <tt>meld</tt>ing of the above script with that found by default on the 3.5.2 Build 1126T firmware (on <tt>mtdblock5</tt>), the following script seems to work as intended on a TS-212.<br />
 
</p>
==== Firmware 3.5.2 Build 1126T ====
 
Created with some <tt>meld</tt>ing of the above script with that found by default on the 3.5.2 Build 1126T firmware (on <tt>mtdblock5</tt>), the following script seems to work as intended on a TS-212.
<pre>#!/bin/sh
<pre>#!/bin/sh
SLEEP_MAX=600
SLEEP_MAX=600
Line 377: Line 384:


exit 0
exit 0
</pre>  
</pre>
<h4> Firmware 4.0.5 </h4>
 
<p>It seems that the default sshd shipped with this version allows users other than admin. It is only needed to add the allowed usernames (including admin) to the <i>AllowUsers</i> directive in <b>/etc/ssh/sshd_config</b>.  
==== Firmware 4.0.5 ====
</p>
 
It seems that the default sshd shipped with this version allows users other than admin. It is only needed to add the allowed usernames (including admin) to the ''AllowUsers'' directive in '''/etc/ssh/sshd_config'''.
<pre>AllowUsers admin USERNAME
<pre>AllowUsers admin USERNAME
</pre>  
</pre>
<p>Unfortunately, changes to that file are not persistent across reboot. Copying the modified <b>sshd_config</b> script to <b>/tmp/config</b>, and making the <b>autorun.sh </b>script copy it back in <b>/etc/ssh</b> on boot should work.<br />
 
</p><p>If using the Optware-provided OpenSSH is still required, the following additional changes are needed.  
Unfortunately, changes to that file are not persistent across reboot. Copying the modified '''sshd_config''' script to '''/tmp/config''', and making the '''autorun.sh '''script copy it back in '''/etc/ssh''' on boot should work.
</p><p>Sometimes between 3.5.x and 4.0.5, OpenSSH seems to have started expecting ECDSA keys. The <b>login.sh</b> script needs to generate them too in <i>generte_ssh_keys</i> [sic].  
 
</p>
If using the Optware-provided OpenSSH is still required, the following additional changes are needed.
 
Sometimes between 3.5.x and 4.0.5, OpenSSH seems to have started expecting ECDSA keys. The '''login.sh''' script needs to generate them too in ''generte_ssh_keys'' [sic].
<pre> if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
<pre> if [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&amp;nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
Line 393: Line 403:
/bin/sync
/bin/sync
fi
fi
</pre>  
</pre>
<h3> <br />TS-419P+ with Firmware 3.6.1 Build 0302T </h3>
 
=== <br/> TS-419P+ with Firmware 3.6.1 Build 0302T ===
<pre>#!/bin/sh
<pre>#!/bin/sh
SSH=/opt/sbin/sshd
SSH=/opt/sbin/sshd
Line 544: Line 555:


exit 0
exit 0
</pre>  
</pre>
<p><br />
 
</p>
&nbsp;
<h3> TS-119 with 3.8.3 Build 20130426<br />  </h3>
 
<p>Works with OpenSSH_5.9p1 and the QPKG-based method from <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>.<br />
=== TS-119 with 3.8.3 Build 20130426 ===
</p>
 
Works with OpenSSH_5.9p1 and the QPKG-based method from <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>.
<pre>#!/bin/sh
<pre>#!/bin/sh
SSH=/opt/sbin/sshd
SSH=/opt/sbin/sshd
Line 737: Line 749:


exit 0
exit 0
</pre>  
</pre>
<h2> Configuration </h2>
 
<p>Configuration files are maintained in /opt/etc/openssh, such as the sshd_config  
== Configuration ==
</p>
 
<h2> Restarting openssh without rebooting </h2>
Configuration files are maintained in /opt/etc/openssh, such as the sshd_config
<p>Once the system is setup, it might be useful to make changes to the sshd_config and restart the daemon without rebooting. You can do this one of two ways.  
 
</p>
== Restarting openssh without rebooting ==
<h3> GUI </h3>
 
<ol><li>Untick the box in the GUI to disable SSH and hit apply  
Once the system is setup, it might be useful to make changes to the sshd_config and restart the daemon without rebooting. You can do this one of two ways.
</li>
 
<li>Re-enable and hit apply
=== GUI ===
</li></ol><h2> Disabling guest account </h2>
 
<p>With OpenSSH, by default all users can log in, which means that the user "guest" with the default password "guest" can also log in and this may be undesirable to you.<strike>You may then want to remove this account with "deluser guest" from the command line with the admin account</strike> Verry bad idea as at least the qnap admin webinterface and FTP stoped working on 4.0.2. By pure luck SSH still works and restoring the user fixes the problem. You can also give it a password with "passwd guest" instead.  
#Untick the box in the GUI to disable SSH and hit apply  
</p>
#Re-enable and hit apply  
<h2> Contributions to documentation </h2>
 
<p>This howto was written by Papengut and edited by stevebow and jk42 then later re-written by patbaker82. See the <i>Page History</i> link for more contributors.  
== Disabling guest account ==
</p><p>Note: This article overlaps with &lt;a _fcknotitle="true" href="Replace ssh"&gt;Replace ssh&lt;/a&gt;. The two articles should probably get merged.  
 
</p><p>&lt;a _fcknotitle="true" href="Category:SSH"&gt;SSH&lt;/a&gt;
With OpenSSH, by default all users can log in, which means that the user "guest" with the default password "guest" can also log in and this may be undesirable to you.<strike>You may then want to remove this account with "deluser guest" from the command line with the admin account</strike> Verry bad idea as at least the qnap admin webinterface and FTP stoped working on 4.0.2. By pure luck SSH still works and restoring the user fixes the problem. You can also give it a password with "passwd guest" instead.
</p><span class="fck_mw_category" _fcknotitle="true">SSH</span>
 
== Contributions to documentation ==
 
This howto was written by Papengut and edited by stevebow and jk42 then later re-written by patbaker82. See the ''Page History'' link for more contributors.
 
Note: This article overlaps with [[Replace_ssh_with_Qnapware_OpenSSH|Replace ssh]]. The two articles should probably get merged.
 
<a _fcknotitle="true" href="Category:SSH">SSH</a>
  [[Category:SSH]]

Latest revision as of 03:35, 19 April 2020

Overview

I've seen many different solutions to implement OpenSSH, but none really brought a full switch over to openssh. While the many documents out there reflect how to replace the binary and get the openssh system to start up, most fail to show how to repoint underlying QNAP links to the /opt/etc/openssh configurations. With that said most implementations use hostkeys/keys that were generated under the old system possiblity leaving it unsecure.

High level features of this implementation

  • Enhanced the original start scripts provided from QNAP.
  • Creates initial 'admin' home directory as specified in /etc/passwd
  • Use of configuration parameters set in the GUI. The ports you set in the GUI will be the ones that openssh will use. Further you can disable/enable openssh via the GUI.
  • Support for firmware 3.3 of enabling/disabling SFTP via the GUI
  • Persistent script. Restarts via the GUI will use the new code, IE enabling/disabling of SSH or telnet.
  • Script ensures, upon booting, that it waits for the system QNAP ssh system to start before attempting to start openssh to replace the QNAP SSH daemon. This is important as we do not want competing SSHD processes.

The Alternative way

The port which the standard Qnap sshd listens to is configurable from the web interface... Change it to something else, then run OpenSSH on port 22. You don't need to fiddle with system config files or replace the sshd binary, just leave them be and edit /opt/etc/openssh/* to your liking.

Then you can either run OpenSSH sshd binary in the autorun.sh script (it daemonizes by default), or you can make sure that "/opt/etc/init.d/" files are correctly started on start up (follow instructions in Install_Optware_IPKG).

Installation

NOTE: This will require you to be either logged into the QNAP via Telnet or SSH in order to execute the commands denoted as #.

# ipkg update
# ipkg install openssh
  • mount /tmp/config, following the instructions in the article Running Your Own Application at Startup.
  • Copy the script below, login.sh, to /tmp/config/login.sh
  • Make /tmp/config/login.sh executable
# chmod +x /tmp/config/login.sh
  • Create or Edit /tmp/config/autorun.sh and add the following
/bin/cp /tmp/config/login.sh /tmp ; /bin/sh /tmp/login.sh restart &
  • Ensure /tmp/config/autorun.sh is executable
# chmod +x /tmp/config/autorun.sh
  • Reboot
# reboot

[Tested on TS-410, TS-459, TS-509 and TS-869.]

login.sh

Updated for Firmware 3.4.3

 #!/bin/sh
SLEEP_MAX=600
SSHD=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config
SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`

generte_ssh_key()
{
    [ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
    if [ -f /opt/bin/ssh-keygen  ]; then
        if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
            /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
            /opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
            /bin/sync
        fi
        if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
            /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
            /opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
            /bin/sync
        fi
        if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
            /bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
            /opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
            /bin/sync
        fi
    fi

}

update_sshd_config()
{
    ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

    if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
        /bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
        if [ $?&nbsp;!= 0 ]; then
            /bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
            /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
        fi
    else
        /bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
        if [ $? = 0 ]; then
            /bin/sed "/\/usr\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
            /bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
            /bin/rm ${SSHD_CONF}.tmp
        fi
    fi
}

enable_openssh()
{
    # Check to see if we already copied the old sshd
    if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
        mv /usr/sbin/sshd /usr/sbin/sshd_orig
        cp /opt/sbin/sshd /usr/sbin/sshd
    fi
    
    # Finally, replace the current login script if neccessary so further restarts via the web interface work
    /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
    if [ $?&nbsp;!= 0 ]; then
        if [ -e $0 ]; then
            cp $0 /etc/init.d/login.sh
        fi
    fi
    
    # Make sure we have a home directory on a persistent drive
    # Note, this will only create the admin home directory
    if [&nbsp;! -e "/share/MD0_DATA/home" ]; then
        /bin/mkdir /share/MD0_DATA/home
        /bin/mkdir /share/MD0_DATA/home/admin
        /bin/chmod og-rx /share/MD0_DATA/home/admin
    fi
    
    # Link persistent home directory to referenced home dirs in /etc/passwd
    if [&nbsp;! -e "/share/homes" ]; then
        ln -s /share/MD0_DATA/home /share/homes
    fi
}


# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
        sleep 1
        let "SLEEP_COUNTER += 1"
done

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

case "$1" in
    start)
    if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
        echo "Starting sshd services: disabled."
    else
        echo -n "Starting sshd services: "
        enable_openssh
        generte_ssh_key
        update_sshd_config
        /sbin/daemon_mgr sshd start "$SSHD -f ${SSHD_CONF} -p $SSH_PORT"
        echo "sshd."
        touch /var/lock/subsys/sshd
    fi

    if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
        echo "Starting telnet services: disabled."
    else
        echo -n "Starting telnet services: "
        /sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
        echo "utelnetd."
        touch /var/lock/subsys/utelnetd
    fi

   &nbsp;;;
    stop)
    echo -n "Shutting down sshd services:" 
    /sbin/daemon_mgr sshd stop $SSHD
    /usr/bin/killall sshd
    rm -f /var/lock/subsys/sshd
    echo "sshd"

    echo -n "Shutting down telnet services:"
    /sbin/daemon_mgr utelnetd stop $TELNET
    rm -f /var/lock/subsys/utelnetd
    echo "utelnetd"
   &nbsp;;;

    restart)
    $0 stop
    $0 start
   &nbsp;;;    
    *)
        echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
        exit 1
esac

exit 0


TS-212

Firmware 3.5.2 Build 1126T

Created with some melding of the above script with that found by default on the 3.5.2 Build 1126T firmware (on mtdblock5), the following script seems to work as intended on a TS-212.

#!/bin/sh
SLEEP_MAX=600
SSHD=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
generte_ssh_key()
{
	[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
	if [ -f /opt/bin/ssh-keygen ]; then
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
			/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
			/bin/sync
		fi
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
			/bin/sync
		fi
	
		/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa2=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa2=$?

		[ $retrsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key /etc/ssh/
		[ $retrsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub /etc/ssh/
		[ $retdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key /etc/ssh/
		[ $retdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub /etc/ssh/

		if [ -d /etc/config/ssh ]; then
			/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
			/bin/ln -sf /etc/config/ssh /root/.ssh
			[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
			[ -f /etc/config/ssh/id_rsa.pub ] || /bin/ln -sf ssh_host_rsa_key.pub /etc/config/ssh/id_rsa.pub
		fi
		
		if [ "x${BOOT_CONF}" = "xTS-NASX86" ] &amp;&amp; [&nbsp;! -f /etc/config/ssh_key.fla ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*	2&gt;&gt;/dev/null
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
			/usr/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/usr/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
		fi
	fi

}

update_sshd_config()
{
	ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

	if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
		/bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
		if [ $?&nbsp;!= 0 ]; then
			/bin/sed '107i\Subsystem sftp \/usr\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
		fi
	else
		/bin/grep "/usr/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
		if [ $? = 0 ]; then
			/bin/sed "/\/usr\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
			/bin/rm ${SSHD_CONF}.tmp
		fi
	fi
}

enable_openssh()
{
    # Check to see if we already copied the old sshd
    if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
        mv /usr/sbin/sshd /usr/sbin/sshd_orig
        cp /opt/sbin/sshd /usr/sbin/sshd
    fi
    
    # Finally, replace the current login script if neccessary so further restarts via the web interface work
    /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
    if [ $?&nbsp;!= 0 ]; then
        if [ -e $0 ]; then
            cp $0 /etc/init.d/login.sh
        fi
    fi
    
    # Make sure we have a home directory on a persistent drive
    # Note, this will only create the admin home directory
    if [&nbsp;! -e "/share/MD0_DATA/home" ]; then
        /bin/mkdir /share/MD0_DATA/home
        /bin/mkdir /share/MD0_DATA/home/admin
        /bin/chmod og-rx /share/MD0_DATA/home/admin
    fi
    
    # Link persistent home directory to referenced home dirs in /etc/passwd
    if [&nbsp;! -e "/share/homes" ]; then
        ln -s /share/MD0_DATA/home /share/homes
    fi
}


# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
        sleep 1
        let "SLEEP_COUNTER += 1"
done

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

case "$1" in
    start)
	if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
		echo "Starting sshd services: disabled."
	else
		echo -n "Starting sshd services: "
		enable_openssh
		generte_ssh_key
		update_sshd_config
		/sbin/daemon_mgr sshd start "$SSHD -f ${SSHD_CONF} -p $SSH_PORT"
		echo "sshd."
		touch /var/lock/subsys/sshd
	fi

	if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting telnet services: disabled."
	else
		echo -n "Starting telnet services: "
		/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
		echo "utelnetd."
		touch /var/lock/subsys/utelnetd
	fi

	if [ `/sbin/getcfg "TFTP Server" "Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting opentftpd services: disabled."
	else
		/etc/init.d/opentftp.sh start
	fi

	;;
    stop)
	echo -n "Shutting down sshd services:" 
	/sbin/daemon_mgr sshd stop $SSHD
	/usr/bin/killall sshd
	rm -f /var/lock/subsys/sshd
	echo "sshd"

	echo -n "Shutting down telnet services:"
	/sbin/daemon_mgr utelnetd stop $TELNET
	rm -f /var/lock/subsys/utelnetd
	echo "utelnetd"
	;;

    restart)
	$0 stop
	$0 start
	;;	
    *)
        echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
        exit 1
esac

exit 0

Firmware 4.0.5

It seems that the default sshd shipped with this version allows users other than admin. It is only needed to add the allowed usernames (including admin) to the AllowUsers directive in /etc/ssh/sshd_config.

AllowUsers admin USERNAME

Unfortunately, changes to that file are not persistent across reboot. Copying the modified sshd_config script to /tmp/config, and making the autorun.sh script copy it back in /etc/ssh on boot should work.

If using the Optware-provided OpenSSH is still required, the following additional changes are needed.

Sometimes between 3.5.x and 4.0.5, OpenSSH seems to have started expecting ECDSA keys. The login.sh script needs to generate them too in generte_ssh_keys [sic].

		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
			/bin/touch /etc/config/ssh_key.fla
			/bin/sync
		fi


TS-419P+ with Firmware 3.6.1 Build 0302T

#!/bin/sh
SSH=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config

SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
SLEEP_MAX=300

generte_ssh_key()
{
[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
if [ -f /opt/bin/ssh-keygen ]; then
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ];
then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
fi
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ];
then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
/bin/sync
fi
[ -d $SSHKEY_CONFIG_DIR/root ] || /bin/mkdir $SSHKEY_CONFIG_DIR/root
if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/root/id_rsa.pub ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/root/id_rsa*
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/root/id_rsa -N ""
/bin/touch /opt/etc/openssh/root/ssh_key.fla
/bin/sync
fi
if [ -d /opt/etc/openssh ]; then
/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
/bin/ln -sf /opt/etc/openssh/root /root/.ssh
fi
if [&nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key* 2&gt;&gt;/dev/null
/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
fi
if [&nbsp;! -f /opt/etc/openssh/root/ssh_key.fla ]; then
/bin/rm -f ${SSHKEY_CONFIG_DIR}/id_rsa* 2&gt;&gt;/dev/null
/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/id_rsa -N ""
/bin/touch /opt/etc/openssh/ssh_key.fla
fi
fi
}

update_sshd_config()
{
ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
/bin/grep "/opt/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
/bin/sed '107i\Subsystem sftp \/opt\/libexec\/sftp-server' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
else
/bin/grep "/opt/libexec/sftp-server" ${SSHD_CONF} &gt; /dev/null
if [ $? == 0 ]; then
/bin/sed "/\/opt\/libexec\/sftp-server/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
fi
fi
}

enable_openssh()
{
# Check to see if we already copied the old sshd
if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
mv /usr/sbin/sshd /usr/sbin/sshd_orig
cp /opt/sbin/sshd /usr/sbin/sshd
fi

# Finally, replace the current login script if neccessary so further restarts via the web interface work
/bin/grep "enable_openssh" ${SSHD_CONF} &gt; /dev/null
if [ $?&nbsp;!= 0 ]; then
if [ -e /tmp/login.sh ]; then
cp /tmp/login.sh /etc/init.d/login.sh
fi
fi
}

# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
sleep 1
let "SLEEP_COUNTER += 1"
done

/sbin/test -f $SSH || exit 0
/sbin/test -f $TELNET || exit 0

case "$1" in
start)

if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
echo "Starting sshd services: disabled."
else
echo -n "Starting sshd services: "
enable_openssh
generte_ssh_key
update_sshd_config
/sbin/daemon_mgr sshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
echo "sshd."
touch /var/lock/subsys/sshd
fi

if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
echo "Starting telnet services: disabled."
else
echo -n "Starting telnet services: "
/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
echo "utelnetd."
touch /var/lock/subsys/utelnetd
fi

;;
stop)
echo -n "Shutting down sshd services:"
/sbin/daemon_mgr sshd stop $SSH
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
echo "sshd"

echo -n "Shutting down telnet services:"
/sbin/daemon_mgr utelnetd stop $TELNET
rm -f /var/lock/subsys/utelnetd
echo "utelnetd"
;;

restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
exit 1
esac

exit 0

 

TS-119 with 3.8.3 Build 20130426

Works with OpenSSH_5.9p1 and the QPKG-based method from <a href="Running%20Your%20Own%20Application%20at%20Startup">Running Your Own Application at Startup</a>.

#!/bin/sh
SSH=/opt/sbin/sshd
TELNET=/bin/utelnetd
SSHD_CONF=/opt/etc/openssh/sshd_config

/sbin/test -f $SSHD || exit 0
/sbin/test -f $TELNET || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
DEAFULT_TELNET_PORT=`/sbin/getcfg -f /var/default LOGIN "TELNET Port" -d 13131`
TELNET_PORT=`/sbin/getcfg LOGIN "TELNET Port" -d $DEAFULT_TELNET_PORT`
SSHKEY_CONFIG_DIR=/opt/etc/openssh
BOOT_CONF=`/bin/cat /etc/default_config/BOOT.conf`
SLEEP_MAX=300

generte_ssh_key()
{
	[ -d $SSHKEY_CONFIG_DIR ] || /bin/mkdir $SSHKEY_CONFIG_DIR
	if [ -f /opt/bin/ssh-keygen ]; then
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*
			/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
			/bin/sync
		fi
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key*
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
			/bin/sync
		fi
		if [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key ] || [&nbsp;! -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key*
			/opt/bin/ssh-keygen -t ecdsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
			/bin/sync
		fi
		
		/bin/cmp /etc/ssh/ssh_host_rsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retrsa2=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa1=$?
		/bin/cmp /etc/ssh/ssh_host_dsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retdsa2=$?
		/bin/cmp /etc/ssh/ssh_host_ecdsa_key ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retecdsa1=$?
		/bin/cmp /etc/ssh/ssh_host_ecdsa_key.pub ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
		retecdsa2=$?

		[ $retrsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key /etc/ssh/
		[ $retrsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key.pub /etc/ssh/
		[ $retdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key /etc/ssh/
		[ $retdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key.pub /etc/ssh/
		[ $retecdsa1 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key /etc/ssh/
		[ $retecdsa2 -eq 0 ] || /bin/cp -a ${SSHKEY_CONFIG_DIR}/ssh_host_ecdsa_key.pub /etc/ssh/

		if [ -d /opt/etc/openssh ]; then
			/bin/rm -rf /root/.ssh 1&gt;&gt;/dev/null 2&gt;&gt;/dev/null
			/bin/ln -sf /opt/etc/openssh/root /root/.ssh
			[ -f /etc/config/ssh/id_rsa ] || /bin/ln -sf ssh_host_rsa_key /etc/config/ssh/id_rsa
			[ -f /etc/config/ssh/id_rsa.pub ] || /bin/ln -sf ssh_host_rsa_key.pub /etc/config/ssh/id_rsa.pub
		fi
		
		if [ "x${BOOT_CONF}" = "xTS-NASX86" ] &amp;&amp; [&nbsp;! -f /opt/etc/openssh/ssh_key.fla ]; then
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key*	2&gt;&gt;/dev/null
			/bin/rm -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key* 2&gt;&gt;/dev/null
			/opt/bin/ssh-keygen -t rsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_rsa_key -N ""
			/opt/bin/ssh-keygen -t dsa -f ${SSHKEY_CONFIG_DIR}/ssh_host_dsa_key -N ""
			/bin/touch /opt/etc/openssh/ssh_key.fla
		fi
	fi

}

update_sshd_config()
{
	ENABLED_SFTP=`/sbin/getcfg LOGIN "SFTP Enable" -u -d TRUE`

	if [ "x${ENABLED_SFTP}" = "xTRUE" ]; then
		/bin/grep "internal-sftp" ${SSHD_CONF} &gt; /dev/null
		if [ $?&nbsp;!= 0 ]; then
			/bin/sed '107i\Subsystem sftp internal-sftp' ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
		fi
	else
		/bin/grep "internal-sftp" ${SSHD_CONF} &gt; /dev/null
		if [ $? = 0 ]; then
			/bin/sed "/internal-sftp/d" ${SSHD_CONF} &gt; ${SSHD_CONF}.tmp
			/bin/cp -f ${SSHD_CONF}.tmp ${SSHD_CONF}
		fi
	fi
}

enable_openssh()
{
    # Check to see if we already copied the old sshd
    if [&nbsp;! -e /usr/sbin/sshd_orig ]; then
        mv /usr/sbin/sshd /usr/sbin/sshd_orig
        cp /opt/sbin/sshd /usr/sbin/sshd
    fi
    
    # Finally, replace the current login script if necessary so further restarts via the web interface work
    /bin/grep "enable_openssh" /etc/init.d/login.sh &gt; /dev/null
    if [ $?&nbsp;!= 0 ]; then
        if [ -e $0 ]; then
            cp $0 /etc/init.d/login.sh
        fi
    fi
    
    # Make sure we have a home directory on a persistent drive
    # Note, this will only create the admin home directory
    if [&nbsp;! -e "/share/HDA_DATA/home" ]; then
        /bin/mkdir /share/HDA_DATA/home
        /bin/mkdir /share/HDA_DATA/home/admin
        /bin/chmod og-rx /share/HDA_DATA/home/admin
    fi
    
    # Link persistent home directory to referenced home dirs in /etc/passwd
    if [&nbsp;! -e "/share/homes" ]; then
        ln -s /share/HDA_DATA/home /share/homes
    fi
}

# Wait $SLEEP seconds or determine if the system is done booting before proceeding
SLEEP_COUNTER=0
while [[&nbsp;! -e /tmp/.boot_done &amp;&amp; $SLEEP_COUNTER -le $SLEEP_MAX ]]; do
        sleep 1
        let "SLEEP_COUNTER += 1"
done

case "$1" in
    start)
	if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` = FALSE ]; then
		echo "Starting sshd services: disabled."
	else
		echo -n "Starting sshd services: "
        enable_openssh
		generte_ssh_key
		update_sshd_config
		/sbin/daemon_mgr sshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
		echo "sshd."
		touch /var/lock/subsys/sshd
	fi

	if [ `/sbin/getcfg LOGIN "TELNET Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting telnet services: disabled."
	else
		echo -n "Starting telnet services: "
		/sbin/daemon_mgr utelnetd start "$TELNET -p $TELNET_PORT &amp;"
		echo "utelnetd."
		touch /var/lock/subsys/utelnetd
	fi

	if [ `/sbin/getcfg "TFTP Server" "Enable" -u -d FALSE` = FALSE ]; then
		echo "Starting opentftpd services: disabled."
	else
		/etc/init.d/opentftp.sh start
	fi

	;;
    stop)
	echo -n "Shutting down sshd services:" 
	/sbin/daemon_mgr sshd stop $SSH
	/usr/bin/killall sshd
	rm -f /var/lock/subsys/sshd
	echo "sshd"

	echo -n "Shutting down telnet services:"
	/sbin/daemon_mgr utelnetd stop $TELNET
	rm -f /var/lock/subsys/utelnetd
	echo "utelnetd"
	;;

    restart)
	$0 stop
	$0 start
	;;	
    *)
        echo "Usage: /etc/init.d/login.sh {start|stop|restart}"
        exit 1
esac

exit 0

Configuration

Configuration files are maintained in /opt/etc/openssh, such as the sshd_config

Restarting openssh without rebooting

Once the system is setup, it might be useful to make changes to the sshd_config and restart the daemon without rebooting. You can do this one of two ways.

GUI

  1. Untick the box in the GUI to disable SSH and hit apply
  2. Re-enable and hit apply

Disabling guest account

With OpenSSH, by default all users can log in, which means that the user "guest" with the default password "guest" can also log in and this may be undesirable to you.You may then want to remove this account with "deluser guest" from the command line with the admin account Verry bad idea as at least the qnap admin webinterface and FTP stoped working on 4.0.2. By pure luck SSH still works and restoring the user fixes the problem. You can also give it a password with "passwd guest" instead.

Contributions to documentation

This howto was written by Papengut and edited by stevebow and jk42 then later re-written by patbaker82. See the Page History link for more contributors.

Note: This article overlaps with Replace ssh. The two articles should probably get merged.

<a _fcknotitle="true" href="Category:SSH">SSH</a>