====== Enable (and Disable) root ssh ======

**WARNING : As indicated on the [[http://www.readynas.com/?p=4203|add-on page]] and [[http://www.readynas.com/forum/viewtopic.php?p=111042#p111042|forum]] enabling ''root'' ssh may result in Netgear denying support.  Only proceed if you are happy with this (although what I describe below actually makes the system more secure than just using the add-on alone)**

The ReadyNAS is great, but to have full access to all its features you need to be able to [[wp>Secure shell|ssh]] into the box and have the [[wp>Command line|CLI]] at your disposal.

The only way I could find to enable this was to install the [[http://www.readynas.com/?p=4203|EnableRootSSH]] as [[readynas#add-ons|described]].  Once you've restarted your ReadyNAS as advised you will be able to ssh into it as root.

===== Disabling root ssh =====

Its is a bad idea to have ''root'' ssh enabled because it means that anyone who sniffs your password when connecting will be able to wreck havoc on your system (and this is no doubt why Netgear indicate that using this add-on may well [[http://www.readynas.com/forum/viewtopic.php?p=111042#p111042|deny support]]).  If however you've decided that you want to take control of your ReadyNAS you should make it secure by disabling ''root'' ssh but permitting normal users to ssh in (from where you can ''su'' to root or use ''sudo'').

  - You should have already have [[readynas#add_a_normal_user|added a normal user account]] through the Frontview WebUI.
  - After installing //EnableRootSSH// ssh to the ReadyNAS. Substitute ''*.*.*.*'' for the IP address of your ReadyNAS (your password is the same as the ''admin'' account as the add-on describes): <code bash>
$ ssh root@*.*.*.*
</code>
  - Because all EnableRootSSH has done is set the ''root'' password to be the same as ''admin'' we now want to change it to something more secure.  This is done using ''passwd'' and enter a new password twice...: <code bash>
ReadyNAS$ passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
</code>
  - Now edit the ssh config file with nano (''nano /etc/ssh/sshd_config'') and change the ''PermitRootLogin'' (on line 26) to ''no'': <code bash>
PermitRootLogin no
</code>
  - Finally restart the ssh daemon so that it recognises this change in settings: <code bash>
/etc/init.d/sshd restart
</code>
  - All done, you should now have disabled ''root'' ssh login.
  - **IMPORTANT** - to ensure that you have disabled ''root'' ssh and left ssh enabled for normal user do **NOT** log out yet, instead try ssh'ing in as ''root'' from your computer, you should be denied access.  Now try ssh'ing in as normal user, you should be able to login fine using the password you set via Frontview.  One final check is to ensure that your user can ''su'' into the ''root'' account so check that...: <code bash>
$ ssh root@*.*.*.*
root@*.*.*.*'s password: 
Permission denied, please try again.
$ ssh [user]@*.*.*.*
[user]@ReadyNAS:~$ su
Password: 
ReadyNAS:/c/home/[user]# 
</code>
  - If you can successfully ssh in using your normal user account and ''su'' to ''root'', but you are continually denied access when trying to ssh as ''root'' then you have successfully set-up secure ssh access to your ReadyNAS and needn't worry about your ''root'' password being sniffed.  You can now log out.

{{tag> readynas ssh linux howto security}}