DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2011-01-30 21:12:06

vschlenk
Member
Registered: 2011-01-27
Posts: 25

SSH starter problems

Hi,
first try with  SSH and RSA-Keys on the two DNS-323, want to work with keys with empty passphrase.....
[root at "backup" to log on as root at "daten"]

Short Summary

1] SSH works
2] did copy  public rsa-key from "backup" to "daten" towards ~/.ssh.
3] did import into authorized_keys2
4] did use standard sshd on target "daten", only changed "PermitEmptyPasswords" to "yes"
5] still need passwords to access per ssh

=> I did something wrong. I did google quite a bit, now. I am not sure where the problem is.


SSH-Settings:

access settings [0700 at ".ssh"-directory]:

Code:

root@backup:/mnt/usbstorage/home/root/.ssh# ls -al
total 32
drwx------ 2 root root 4096 Jan 30 18:13 .
drwxr-xr-x 3 root root 4096 Jan 30 16:10 ..
-rw------- 1 root root 1204 Jan 30 16:34 authorized_keys2
-rw-r--r-- 1 root root  111 Jan 30 17:00 config
-rw-r--r-- 1 root root  403 Jan 30 18:48 known_hosts
-rw-r--r-- 1 root root  600 Jan 30 16:12 ssh-dsa-root-daten-key.pub_integrated
-rw------- 1 root root 1675 Jan 30 18:13 ssh-rsa-root-backup-key
-rw-r--r-- 1 root root  393 Jan 30 18:13 ssh-rsa-root-backup-key.pub
root@backup:/mnt/usbstorage/home/root/.ssh#

Code:

root@daten:/mnt/usbstorage/home/root/.ssh# ls -al
total 20
drwx--S--- 2 root root 4096 Jan 30 18:18 .
drwsr-sr-x 4 root root 4096 Jan 29 12:19 ..
-rw------- 1 root root  401 Jan 30 19:05 authorized_keys2
-rw-r--r-- 1 root root  396 Jan 29 00:13 known_hosts
-rw-r--r-- 1 root root  393 Jan 30 19:08 ssh-rsa-root-backup-key.pub
root@daten:/mnt/usbstorage/home/root/.ssh#

sshd.conf on "daten" the target looks like this [default plus "PermitEmptyPasswords yes"]:

Code:

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile    .ssh/authorized_keys
# For this to work you will also need host keys in /ffp/etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

System

- ffp 0.5
- optware
- usb-install, only fun_plug on HDD

Changes in /ffp/etc/fun_plug.local

Code:

#START OF OWN CHANGES
#make hosts permanent
rm /etc/hosts
ln -snf /mnt/usbstorage/ffp/etc/hosts /etc/hosts

# set symlinks for /home
rm /home -R
ln -snf /mnt/usbstorage/home /home

# reset /home/HOMEDIRS
usermod -d /home/yyyyyyyyy yyyyyyyyy
usermod -d /home/backup backup
usermod -d /home/xxxxxxx xxxxxxx

Thanks in advantage,
Volker

Last edited by vschlenk (2011-01-30 23:57:15)

Offline

 

#2 2011-01-31 05:01:27

karlrado
Member
Registered: 2009-12-07
Posts: 229

Re: SSH starter problems

You don't have a .ssh/id_rsa file on your machine called backup.  Your key seems to be in ssh-rsa-root-backup-key.  ssh on backup does not know how to find your key.

The default names for the rsa key files in the .ssh dir are id_rsa and id_rsa.pub.  ssh will look for the keys in the default files unless you tell it otherwise.

You can do this in several ways:

1) Rename or copy or link your key file to use the default name (id_rsa).
2) Provide the key file name as a command line option to the ssh command.  (Sorry, I don't know the option, but you can look it up on a man page for ssh)
3) Create a .ssh/config file that specifies the pathname of the key file.  This is logically the same as (2), but saves you the trouble of typing the option each time you start ssh.


Empty passphrases are different from empty passwords.   I'd remove that change.  Not needed, as you can still use keys with empty passphrases.


DNS-323 FW 1.07 : 2 1TB WD Caviar Green SATA : fun_plug: utelnet + optware (no ffp)

Offline

 

#3 2011-01-31 07:35:49

vschlenk
Member
Registered: 2011-01-27
Posts: 25

Re: SSH starter problems

Thanks a lot. I will test and verify this, today.

UPDATE: I did verify. It worked [with the default filename, just have to go a bit more into the manpage to find the right options for use with keys named other than standard].

Volker

Last edited by vschlenk (2011-01-31 10:54:25)

Offline

 

#4 2013-09-16 23:43:37

Redrocket
New member
Registered: 2013-09-16
Posts: 1

Re: SSH starter problems

Wasnt sure what I was doing wrong at first, but I couldnd make pub/priv key authentication work. The ssh daemon would not care about my public key. In the end, not restarting ssh but instead restarting the entire NAS ( NSA 325 in my case ) looks like it made the ssh daemon properly re-read the sshd_config. Also beware after rebooting, incase you previously had /etc/passwd modified as the reboot somehow resets this file and also resets the /root directory. I added a file to root@NSA325:~# cat /ffp/start/mountroot.sh
mkdir /root/.ssh
mount -o bind /ffp/home/root/.ssh/ /root/.ssh/

and of course chmod +x to this file.

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB