Replace ssh with Qnapware OpenSSH: Difference between revisions

From QNAPedia
Jump to navigation Jump to search
(Fleshing out instructions a bit, adding an init script (based on login.sh), and describing how to get authorized_keys support for normal users)
m (Wiki formatting shows differently in the editor/preview than live-- fixing code block)
Line 14: Line 14:
#ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
#ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
#Create /etc/init.d/openssh.sh
#Create /etc/init.d/openssh.sh
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><nowiki>#!/bin/sh
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><nowiki><pre><code>#!/bin/sh


SSH=/Apps/opt/sbin/opensshd
SSH=/Apps/opt/sbin/opensshd
Line 55: Line 55:


exit 0
exit 0
</nowiki>
</code></pre></nowiki>
</div>
</div>
Optionally, if you'd like users other than admin to log in with authorized_keys:
Optionally, if you'd like users other than admin to log in with authorized_keys:

Revision as of 07:30, 1 January 2016

Note: Work in progress.

Recommend changing QNAP system sshd to use any port other than 22.  (Like 2222 or something)

  1. Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
  2. opkg install openssh-server
  3. echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
  4. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
  5. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
  6. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
  7. ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
  8. useradd --system --no-create-home sshd
  9. ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
  10. ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
  11. Create /etc/init.d/openssh.sh
<pre><code>#!/bin/sh SSH=/Apps/opt/sbin/opensshd SSHD_CONF=/Apps/opt/etc/ssh/sshd_config /sbin/test -f $SSHD || exit 0 [ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22` SSH_PORT=22 SSHKEY_CONFIG_DIR=/etc/config/ssh case "$1" in start) /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then echo -n "Starting OpenSSH (opensshd) service: " /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT" echo "OK" touch /var/lock/subsys/opensshd fi  ;; stop) echo -n "Shutting down OpenSSH (opensshd) service: " /sbin/daemon_mgr opensshd stop $SSH /usr/bin/killall opensshd 2>/dev/null rm -f /var/lock/subsys/opensshd echo "OK"  ;; restart) $0 stop $0 start  ;; *) echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}" exit 1 esac exit 0 </code></pre>

Optionally, if you'd like users other than admin to log in with authorized_keys:

  1. Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
  2. mkdir -p /opt/home/someuser/.ssh
  3. mkdir -p /opt/home -m 755

Run these for every user you want to be  (replace someuser with your actual username):

  1. mkdir -m 700 -p /opt/home/someuser/.ssh
  2. touch /opt/home/someuser/.ssh/authorized_keys
  3. chmod 600 /opt/home/someuser/.ssh/authorized_keys