Interstellar Posted April 12, 2014 Share Posted April 12, 2014 Guys, I'm struggling to work out how to disable Telnet and enable SSH key only login. (i.e. no passwords allowed!) I've got a .pub I've generated and I am using on other VMs for testing, so where do I put that, do I need to do any permission stuff, etc. Any help would be great. Cheers! Quote Link to comment
Interstellar Posted April 18, 2014 Author Share Posted April 18, 2014 See: http://lime-technology.com/forum/index.php?topic=20848.0 Quote Link to comment
overbyrn Posted April 18, 2014 Share Posted April 18, 2014 My unRAID system is in storage at the moment, so I don't have a reference system, but basically you need to take that .pub file and rename / create a duplicate called authorized_keys. This file needs to live in a directory called .ssh which resides under the home directory of whichever user you are authenticating with. So if root, then you're looking at something like /root/.ssh/authorized_keys, and if a user you have manually created - not from unRAID web gui as users created that way do not get assigned a shell / home dir - then it would be /home/youruser/.ssh/authorized_keys. Another thing to be aware of is that the permissions of the .ssh and authorized_keys file is extremely important, as get that wrong and you still won't be able to login and you'll spend ages tearing your hair out wondering why as you'll get no useful error message back. From memory, the authorized_keys file needs to be 600. So chmod 600 authorized_keys, should do the trick. Set the ownership whilst you're at it. In fact, try this; (assuming you are authenticating as user root)... chown -R root:root /root/.ssh chmod 700 /root/.ssh chmod 600 /root/.ssh/authorized_keys If you were doing this for a non-root user, then alter the chown to chown 700 yourusername:users /home/youruser/.ssh Other gotchas include making sure your sshd_config file is set correctly. If intending to login using root, then make sure you have "PERMITROOTLOGIN = yes". If you're planning on only using keys to authenticate, then you can make it more robust by adding "PASSWORDAUTHENTICATION = no". I can't remember how v6 unRAID handles the generating of public and private key pairs for the ssh service. I seem to recall it checks for the presence of existing keys on the flash and if not found creates them. eg. /etc/ssh/ssh_host_dsa_key etc. It copies these over to the flash so that you have a persistent set. Then every subsequent reboot the keys on flash are found and copied over. Otherwise you'd be constantly warned that your system keys have changed. You'll need to do something similar for the authorized_keys file, such as having a copy on flash and putting something in your go file to copy it to the users home directory. Hope the above gives you a steer. Regards, overbyrn Quote Link to comment
Interstellar Posted April 25, 2014 Author Share Posted April 25, 2014 See: http://lime-technology.com/forum/index.php?topic=20848.0 Quote Link to comment
Interstellar Posted July 16, 2014 Author Share Posted July 16, 2014 See: http://lime-technology.com/forum/index.php?topic=20848.0 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.