Difference between revisions of "Replace ssh with Qnapware OpenSSH"

Latest revision as of 23:38, 31 December 2015

Tested on:

TS-453 Pro, Firmware 4.2.0

Recommend changing QNAP system sshd to use any port other than 22. (Like 2222 or something)

Install QNAPware for opkg support (Note: This replaces both Entware and Optware)
opkg install openssh-server
echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N -t rsa
ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N -t dsa
ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N -t ecdsa
ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N -t ed25519
useradd --system --no-create-home sshd
ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
Create /etc/init.d/openssh.sh

#!/bin/sh

SSH=/Apps/opt/sbin/opensshd
SSHD_CONF=/Apps/opt/etc/ssh/sshd_config

/sbin/test -f $SSHD || exit 0

[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp

DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
SSH_PORT=22
SSHKEY_CONFIG_DIR=/etc/config/ssh
case "$1" in
    start)
        /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
        if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE` != FALSE ]; then
                echo -n "Starting OpenSSH (opensshd) service: "
                /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
                echo "OK"
                touch /var/lock/subsys/opensshd
        fi

        ;;
    stop)
        echo -n "Shutting down OpenSSH (opensshd) service: " 
        /sbin/daemon_mgr opensshd stop $SSH
        /usr/bin/killall opensshd 2>/dev/null
        rm -f /var/lock/subsys/opensshd
        echo "OK"
        ;;

    restart)
        $0 stop
        $0 start
        ;;      
    *)
        echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
        exit 1
esac

exit 0

Finally, /etc/init.d/openssh.sh start to get up and running.

Optionally, if you'd like users other than admin to log in with authorized_keys:

Edit /Apps/opt/etc/ssh/sshd_config, set AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
mkdir -p /opt/home/someuser/.ssh
mkdir -p /opt/home -m 755

Run these for every user you want to be (replace someuser with your actual username):

mkdir -m 700 -p /opt/home/someuser/.ssh
touch /opt/home/someuser/.ssh/authorized_keys
chmod 600 /opt/home/someuser/.ssh/authorized_keys

@@ Line 1: / Line 1: @@
-Note: Work in progress.
+Tested on:
+*TS-453 Pro, Firmware 4.2.0
 Recommend changing QNAP system sshd to use any port other than 22. &nbsp;(Like 2222 or something)
-#Install Entware for opkg support (Note that this replaces the older non-supported as of Dec-2014 Optware)
+#Install [http://wiki.qnap.com/wiki/Debian_Installation_On_QNAP QNAPware] for opkg support (Note: This replaces both Entware and Optware)
 #opkg install openssh-server
-#ssh-keygen -t rsa -f ssh_host_rsa_key
+#echo 'export PATH=/Apps/opt/bin:/Apps/opt/sbin:$PATH' >> /etc/profile # Optional, but recommended
-#ssh-keygen -t dsa -f ssh_host_dsa_key
+#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_rsa_key -N ''-t rsa''
-#Add sshd user to /etc/passwd and sshd group to /etc/group
+#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_dsa_key -N ''-t dsa''
-#*echo sshd:x:74:>>/etc/group
+#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ecdsa_key -N ''-t ecdsa''
-#*echo sshd:x:74:74:Priviledge-separated SSH:/var/empty/sshd:/sbin/nologin>>/etc/passwd
+#ssh-keygen -f /Apps/opt/etc/ssh/ssh_host_ed25519_key -N ''-t ed25519''
-#
+#useradd --system --no-create-home sshd
+#ln -s ../init.d/openssh.sh /etc/init.d/S86openssh
+#ln -s ../init.d/openssh.sh /etc/rcK.d/K34openssh
+#Create /etc/init.d/openssh.sh
+<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><pre><nowiki>#!/bin/sh
+SSH=/Apps/opt/sbin/opensshd
+SSHD_CONF=/Apps/opt/etc/ssh/sshd_config
+/sbin/test -f $SSHD || exit 0
+[ -f "/bin/cmp" ] || ln -sf /bin/busybox /bin/cmp
+DEFAULT_SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
+SSH_PORT=22
+SSHKEY_CONFIG_DIR=/etc/config/ssh
+case "$1" in
+    start)
+        /bin/chmod 0640 /etc/config/shadow* /etc/default_config/shadow
+        if [ `/sbin/getcfg LOGIN "SSH Enable" -u -d TRUE`&nbsp;!= FALSE ]; then
+                echo -n "Starting OpenSSH (opensshd) service: "
+                /sbin/daemon_mgr opensshd start "$SSH -f ${SSHD_CONF} -p $SSH_PORT"
+                echo "OK"
+                touch /var/lock/subsys/opensshd
+        fi
+       &nbsp;;;
+    stop)
+        echo -n "Shutting down OpenSSH (opensshd) service: "
+        /sbin/daemon_mgr opensshd stop $SSH
+        /usr/bin/killall opensshd 2>/dev/null
+        rm -f /var/lock/subsys/opensshd
+        echo "OK"
+       &nbsp;;;
+    restart)
+        $0 stop
+        $0 start
+       &nbsp;;;
+    *)
+        echo "Usage: /etc/init.d/openssh.sh {start|stop|restart}"
+        exit 1
+esac
+exit 0
+</nowiki></pre>
+</div>
+Finally, <code>/etc/init.d/openssh.sh start</code>&nbsp;to get up and running.
+Optionally, if you'd like users other than admin to log in with authorized_keys:
+#Edit /Apps/opt/etc/ssh/sshd_config, set&nbsp;AuthorizedKeysFile to /opt/home/%u/.ssh/authorized_keys
+#mkdir -p /opt/home/someuser/.ssh
+#<span style="line-height: 20.8px;">mkdir -p /opt/home -m 755</span>
+<span style="line-height: 20.8px;">Run these for every user you want to be &nbsp;(replace someuser with your actual username):</span>
+#mkdir -m 700&nbsp;-p /opt/home/someuser/.ssh
+#touch&nbsp;<span style="line-height: 20.8px;">/opt/home/someuser/.ssh/authorized_keys</span>
+#<span style="line-height: 20.8px;">chmod 600&nbsp;/opt/home/someuser/.ssh/authorized_keys</span>
 [[Category:SSH]]

Difference between revisions of "Replace ssh with Qnapware OpenSSH"

Latest revision as of 23:38, 31 December 2015

Navigation menu

Search