It is not a verbatim translation, but the point is there, i hope it is not a problem. This is a tech related forum in Hungary where you can write your own blog if you want. Of course linking to your contetnt.įirst of all, here is the translated version: If i may: can i translate this tutorial to hungarian lanhuage? I’m from Hungary, and i think the synology community in Hungary could use this. I’m thinking if now that syno’s openSSH server is changed to “vanilla” openSSH server do you think we could change to allow SSH with only key based authentication to the Synology? And let’s hope with DSM7 it still stays this relatively simple, or at least we’ll have the right to allow other nonadmin users to SSH to the synology. I think it was the nonadminuser’s home folder with the non right permissions, but the other steps didn’t hurt either. Edit : Corrected sshd_config symlink command, thanks you for the awesome content! Now with the change of the symlink command everything works just as it should! At the end i had to set the permissions for nonadminuser’s ~, ~/.ssh folders and ~/.ssh/authorized_keys file, and after that the key auth is working great for nonadmin user too.Ssh-copy-id on unchaining your Diskstation! Let me know in the comments how you plan on sshing the station for fun and profit ⬇️. ssh # Copy keys from your machine for sshkey authentication ![]() ssh lives! Wipe the sweat off your forehead, pop the □ and add some finishing touches. Operation successful, patient dead? Let’s check the pulse. # Check the log to see if all that worked out # Stop the sshd service and kill remaining processes We will telnet to the diskstation, stop and kill all sshd processes, and finally replace and start our new sshd binary. Now comes the dicey part that scared me the most: The sshd heart transplantation. Time to try it out! Start the new sshd on a free port and see if you can connect to it from your machine. Sudo ln -s /etc/ssh/sshd_config /opt/etc/ssh/sshd_config Sudo mv /opt/etc/ssh/sshd_config /opt/etc/ssh/sshd_config.orig Make a link to the real sshd_config at the place where the new sshd will look. Sudo sed -i 's/#HostKey /HostKey /g' /etc/ssh/sshd_config Sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig Add the privilege-separated sshd userĮcho 'sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinĮcho 'sshd:x:74:' | sudo tee -a /etc/group We need to modify the system’s /etc/passwd, /etc/group, and /etc/ssh/sshd_config files. Now we’re getting into more dangerous territories. My Diskstation’s built-in /bin/sshd has version OpenSSH_7.4p1, OpenSSL 1.0.2u-fips, while opkg installed /opt/sbin/sshd with version OpenSSH_8.3p1, OpenSSL 1.1.1g. Sudo /opt/bin/opkg install openssh-server-pam Log in as admin to opkg update and opkg install openssh-server-pam (we’ll continue to use Synology’s pam modules like autoblock, so the new sshd needs pam support). Open up a new ssh connection to the Diskstation (mine has diskstation as hostname). The Control Panel allows to enable ssh – but only for admins. Next, make sure the ssh and telnet services (we need both!) are enabled in the Control Panel Terminal tab. You can find them at Entware (mipsel), and Optware-ng (mipsel-ng), respectively. To find out what version is offered, find out your Diskstation’s arch and check the respective package index. Choose the one with the more recent OpenSSH. You will have to decide between the Entware and Optware distribution. ![]() Add the Community Package Hub to the Package Cetner sources. Don’t forget to hit the reload button to fetch the new source. ![]() Make the Diskstation’s Package Center find EBI by adding as an additional package source. First, let’s install opkg itself via the Easy Bootstrap Installer (EBI). While it’s possible to cross-compile and install OpenSSH from source, we will go the easy route and install it via the Optware opkg package manager. In this post I will go over how to install a vanilla OpenSSH sshd which enables regular users to log in via ssh. In my use case I want to ssh to my diskstation from a server cronjob, so I would have to leave superuser credentials on an public-internet facing server □♂️. I don’t know how anybody at Synology thought that would be a good idea, because this just makes people assign superuser privileges to their regular user accounts. There is no setting or config file for this: Synology ship a custom version of OpenSSH that prevents anybody but root from logging in. Synology’s DSM 6 does support ssh logins – but only for administrator users.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |