Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Hi,
first try with SSH and RSA-Keys on the two DNS-323, want to work with keys with empty passphrase.....
[root at "backup" to log on as root at "daten"]
Short Summary
1] SSH works
2] did copy public rsa-key from "backup" to "daten" towards ~/.ssh.
3] did import into authorized_keys2
4] did use standard sshd on target "daten", only changed "PermitEmptyPasswords" to "yes"
5] still need passwords to access per ssh
=> I did something wrong. I did google quite a bit, now. I am not sure where the problem is.
SSH-Settings:
access settings [0700 at ".ssh"-directory]:
root@backup:/mnt/usbstorage/home/root/.ssh# ls -al total 32 drwx------ 2 root root 4096 Jan 30 18:13 . drwxr-xr-x 3 root root 4096 Jan 30 16:10 .. -rw------- 1 root root 1204 Jan 30 16:34 authorized_keys2 -rw-r--r-- 1 root root 111 Jan 30 17:00 config -rw-r--r-- 1 root root 403 Jan 30 18:48 known_hosts -rw-r--r-- 1 root root 600 Jan 30 16:12 ssh-dsa-root-daten-key.pub_integrated -rw------- 1 root root 1675 Jan 30 18:13 ssh-rsa-root-backup-key -rw-r--r-- 1 root root 393 Jan 30 18:13 ssh-rsa-root-backup-key.pub root@backup:/mnt/usbstorage/home/root/.ssh#
root@daten:/mnt/usbstorage/home/root/.ssh# ls -al total 20 drwx--S--- 2 root root 4096 Jan 30 18:18 . drwsr-sr-x 4 root root 4096 Jan 29 12:19 .. -rw------- 1 root root 401 Jan 30 19:05 authorized_keys2 -rw-r--r-- 1 root root 396 Jan 29 00:13 known_hosts -rw-r--r-- 1 root root 393 Jan 30 19:08 ssh-rsa-root-backup-key.pub root@daten:/mnt/usbstorage/home/root/.ssh#
sshd.conf on "daten" the target looks like this [default plus "PermitEmptyPasswords yes"]:
#RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /ffp/etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes PermitEmptyPasswords yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes
System
- ffp 0.5
- optware
- usb-install, only fun_plug on HDD
Changes in /ffp/etc/fun_plug.local
#START OF OWN CHANGES #make hosts permanent rm /etc/hosts ln -snf /mnt/usbstorage/ffp/etc/hosts /etc/hosts # set symlinks for /home rm /home -R ln -snf /mnt/usbstorage/home /home # reset /home/HOMEDIRS usermod -d /home/yyyyyyyyy yyyyyyyyy usermod -d /home/backup backup usermod -d /home/xxxxxxx xxxxxxx
Thanks in advantage,
Volker
Last edited by vschlenk (2011-01-30 23:57:15)
Offline
You don't have a .ssh/id_rsa file on your machine called backup. Your key seems to be in ssh-rsa-root-backup-key. ssh on backup does not know how to find your key.
The default names for the rsa key files in the .ssh dir are id_rsa and id_rsa.pub. ssh will look for the keys in the default files unless you tell it otherwise.
You can do this in several ways:
1) Rename or copy or link your key file to use the default name (id_rsa).
2) Provide the key file name as a command line option to the ssh command. (Sorry, I don't know the option, but you can look it up on a man page for ssh)
3) Create a .ssh/config file that specifies the pathname of the key file. This is logically the same as (2), but saves you the trouble of typing the option each time you start ssh.
Empty passphrases are different from empty passwords. I'd remove that change. Not needed, as you can still use keys with empty passphrases.
Offline
Thanks a lot. I will test and verify this, today.
UPDATE: I did verify. It worked [with the default filename, just have to go a bit more into the manpage to find the right options for use with keys named other than standard].
Volker
Last edited by vschlenk (2011-01-31 10:54:25)
Offline
Wasnt sure what I was doing wrong at first, but I couldnd make pub/priv key authentication work. The ssh daemon would not care about my public key. In the end, not restarting ssh but instead restarting the entire NAS ( NSA 325 in my case ) looks like it made the ssh daemon properly re-read the sshd_config. Also beware after rebooting, incase you previously had /etc/passwd modified as the reboot somehow resets this file and also resets the /root directory. I added a file to root@NSA325:~# cat /ffp/start/mountroot.sh
mkdir /root/.ssh
mount -o bind /ffp/home/root/.ssh/ /root/.ssh/
and of course chmod +x to this file.
Offline