Replace ssh with Qnapware OpenSSH: Difference between revisions
Jump to navigation
Jump to search
(Fleshing out instructions a bit, adding an init script (based on login.sh), and describing how to get authorized_keys support for normal users) |
(Making QNAPware a link) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Tested on: | |||
*TS-453 Pro, Firmware 4.2.0 | |||
Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something) | Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something) | ||
#Install QNAPware for opkg support (Note: This replaces both Entware and Optware) | #Install [http://wiki.qnap.com/wiki/Debian_Installation_On_QNAP QNAPware] for opkg support (Note: This replaces both Entware and Optware) | ||
#opkg install openssh-server | #opkg install openssh-server | ||
#echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended | #echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended | ||
| Line 14: | Line 16: | ||
#ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh | #ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh | ||
#Create /etc/init.d/openssh.sh | #Create /etc/init.d/openssh.sh | ||
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><nowiki>#!/bin/sh | <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><pre><nowiki>#!/bin/sh | ||
SSH=/Apps/opt/sbin/opensshd | SSH=/Apps/opt/sbin/opensshd | ||
| Line 29: | Line 31: | ||
start) | start) | ||
/bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow | /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow | ||
if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then | if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then | ||
echo -n "Starting OpenSSH (opensshd) service: " | echo -n "Starting OpenSSH (opensshd) service: " | ||
/sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT" | /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT" | ||
| Line 36: | Line 38: | ||
fi | fi | ||
;; | |||
stop) | stop) | ||
echo -n "Shutting down OpenSSH (opensshd) service: " | echo -n "Shutting down OpenSSH (opensshd) service: " | ||
| Line 43: | Line 45: | ||
rm -f /var/lock/subsys/opensshd | rm -f /var/lock/subsys/opensshd | ||
echo "OK" | echo "OK" | ||
;; | |||
restart) | restart) | ||
$0 stop | $0 stop | ||
$0 start | $0 start | ||
;; | |||
*) | *) | ||
echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}" | echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}" | ||
| Line 55: | Line 57: | ||
exit 0 | exit 0 | ||
</nowiki> | </nowiki></pre> | ||
</div> | </div> | ||
Finally, <code>/etc/init.d/openssh.sh start</code> to get up and running. | |||
Optionally, if you'd like users other than admin to log in with authorized_keys: | Optionally, if you'd like users other than admin to log in with authorized_keys: | ||
Latest revision as of 07:38, 1 January 2016
Tested on:
- TS-453 Pro, Firmware 4.2.0
Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something)
- Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
- opkg install openssh-server
- echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
- ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
- useradd --system --no-create-home sshd
- ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
- ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
- Create /etc/init.d/openssh.sh
#!/bin/sh
SSH=/Apps/opt/sbin/opensshd
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config
/sbin/test -f $SSHD || exit 0
[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=22
SSHKEY_CONFIG_DIR=/etc/config/ssh
case "$1" in
start)
/bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then
echo -n "Starting OpenSSH (opensshd) service: "
/sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
echo "OK"
touch /var/lock/subsys/opensshd
fi
;;
stop)
echo -n "Shutting down OpenSSH (opensshd) service: "
/sbin/daemon_mgr opensshd stop $SSH
/usr/bin/killall opensshd 2>/dev/null
rm -f /var/lock/subsys/opensshd
echo "OK"
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
exit 1
esac
exit 0
Finally, /etc/init.d/openssh.sh start to get up and running.
Optionally, if you'd like users other than admin to log in with authorized_keys:
- Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
- mkdir -p /opt/home/someuser/.ssh
- mkdir -p /opt/home -m 755
Run these for every user you want to be (replace someuser with your actual username):
- mkdir -m 700 -p /opt/home/someuser/.ssh
- touch /opt/home/someuser/.ssh/authorized_keys
- chmod 600 /opt/home/someuser/.ssh/authorized_keys