How to enable SSH connections to the NAS

Moderator: Lillian.W@AST

Post Reply
User avatar
MarukoBG
Posts: 7
youtube meble na wymiar Warszawa
Joined: Mon Mar 29, 2021 5:51 pm

How to enable SSH connections to the NAS

Post by MarukoBG »

Hello,
I have a AS1002T-A346
All the PC in my company are Linux based.
I need to allow each user to connect to the NAS into a private home directory, in particular using SFTP protocol.
Unfortunately the NAS allows to connect with SSH only to administrators.
Do you have a workaround or an update supporting this feature ?

Thanks
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: How to enable SSH connections to the NAS

Post by father.mande »

Hi,

Install your own ssh server using Entware APKG (in App. Central) ... then configure each user able to use it ... even through public keys ...

if you want to keep the Asustor ssh server ... just change the port ... and forward it if necessary ...
hereafter a list of packages able to be installed thought opkg ... entware package manager

Code: Select all

openssh-client - 8.4p1-4 - OpenSSH client.
openssh-client-utils - 8.4p1-4 - OpenSSH client utilities.
openssh-keygen - 8.4p1-4 - OpenSSH keygen.
openssh-moduli - 8.4p1-4 - OpenSSH server moduli file.
openssh-server - 8.4p1-4 - OpenSSH server.
openssh-server-pam - 8.4p1-4 - OpenSSH server (with PAM support).
openssh-sftp-client - 8.4p1-4 - OpenSSH SFTP client.
openssh-sftp-server - 8.4p1-4 - OpenSSH SFTP server.
and eventually :

Code: Select all

sshfs - 3.7.1-1 - Mount remote system over sftp.
Entware have a start_at_boot mechanism ... to start automatically your server (/opt/etc/init.d/)
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
MarukoBG
Posts: 7
Joined: Mon Mar 29, 2021 5:51 pm

Re: How to enable SSH connections to the NAS

Post by MarukoBG »

father.mande wrote:Hi,

Install your own ssh server using Entware APKG (in App. Central) ... then configure each user able to use it ... even through public keys ...
.snip.

Philippe.
Hi Philippe,
thank you for answering.
I installed Entware and it looks very promising !!!
I needed to reboot the NAS to enable opkg but I don't understand what to do now.

Probably you mean doing something like this
https://wiki.qnap.com/wiki/Replace_ssh_ ... re_OpenSSH
but I'm very scared to follow that guide because is for another brand and I don't want to loose my NAS.

Would you mind to explain a bit more?
Thanks
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: How to enable SSH connections to the NAS

Post by father.mande »

Hi,

Entware is installed under /opt (and normally no need to restart the NAS ... just logout and login again to add PATH to Entware bin and sbin

hen installed it's native but not dependent of A.D.M. (the Asustor Linux embedded)
use opkg (package manager to install software)

opkg list ... list all packages available (long list (2500+) ... so use grep to select some software
opkg install package_name ... to install it and dependency
ex. : opkg install openssh-server

to update list and upgrade installed package do : opkg update and opkg upgrade

If the server need to start at boot a script is proposed (as Linux) in /opt/etc/init.d folder
... generally you can also see some configuration file in /opt/etc

if you use keys ... install keygen .. if you want to add sftp server use opkg to install also it.

Entware require a minimum of Linux knowledge ... the difference is : all is under /opt ... and not / as usual.

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
MarukoBG
Posts: 7
Joined: Mon Mar 29, 2021 5:51 pm

Re: How to enable SSH connections to the NAS

Post by MarukoBG »

father.mande wrote:Hi,
Entware is installed under /opt (and normally no need to restart the NAS ... just logout and login again to add PATH to Entware bin and sbin
Entware require a minimum of Linux knowledge ... the difference is : all is under /opt ... and not / as usual.
Philippe.
Hi Philippe,
thank you very much.
Every is working like a charm :D
I'm adding details below to help others 8-)

Instructions tested on AS1002T

1. Install Entware app from "App Central" and when it's finished you can install packages
2. Change system sshd to use any port other than 22. (Like 20222 or something)
3. Connect to the system as usual using ssh and the new port

Code: Select all

ssh admin@IPADDRESS -p 20222
4. Add new packages

Code: Select all

opkg install openssh-server
opkg install openssh-sftp-server
6. Run the following commands

Code: Select all

ssh-keygen -f /opt/etc/ssh/ssh_host_rsa_key -t rsa
ssh-keygen -f /opt/etc/ssh/ssh_host_dsa_key -t dsa
ssh-keygen -f /opt/etc/ssh/ssh_host_ecdsa_key -t ecdsa
ssh-keygen -f /opt/etc/ssh/ssh_host_ed25519_key -t ed25519
sudo useradd --system --no-create-home sshd
7. The system uses login with keys by default, therefore add your own public key to the file

Code: Select all

~/.ssh/authorized_keys
for each user in the system

8. Now you can login to the NAS using port 22 (managed by openssh-server)

Code: Select all

ssh normaluser@IPADDRESS
9. In case of emergency use port 20222 (using the Asustor default ssh system)
10. Reboot the NAS


Code: Select all

root@AS1002T-A346:/etc/init.d # opkg info openssh-server
Package: openssh-server
Version: 8.4p1-4
Depends: libc, libssp, librt, libpthread, libopenssl, zlib, openssh-keygen, libfido2
Status: install user installed
Section: net
Architecture: armv7-3.2
Size: 333600
Filename: openssh-server_8.4p1-4_armv7-3.2.ipk
Conffiles:
 /opt/etc/ssh/sshd_config 82c380eaeee6fd3415bf3378c9a8603569a83cbe4efe4928bab7f90816763961
Description: OpenSSH server.
Installed-Time: 1617095632

Code: Select all

root@AS1002T-A346:/etc/init.d # opkg files openssh-server
Package openssh-server (8.4p1-4) is installed on root and has the following files:
/opt/etc/init.d/S40sshd
/opt/sbin/sshd
/opt/etc/ssh/sshd_config
/opt/lib/upgrade/keep.d/openssh-server
Post Reply

Return to “[Official] For AS10XX Series”