[[linux:readynas:enablerootssh]]
Trace: enablerootssh

Enable (and Disable) root ssh

WARNING : As indicated on the add-on page and forum enabling root ssh may result in Netgear denying support. Only proceed if you are happy with this (although what I describe below actually makes the system more secure than just using the add-on alone)

The ReadyNAS is great, but to have full access to all its features you need to be able to ssh into the box and have the CLI at your disposal.

The only way I could find to enable this was to install the EnableRootSSH as described. Once you've restarted your ReadyNAS as advised you will be able to ssh into it as root.

Disabling root ssh

Its is a bad idea to have root ssh enabled because it means that anyone who sniffs your password when connecting will be able to wreck havoc on your system (and this is no doubt why Netgear indicate that using this add-on may well deny support). If however you've decided that you want to take control of your ReadyNAS you should make it secure by disabling root ssh but permitting normal users to ssh in (from where you can su to root or use sudo).

  • You should have already have added a normal user account through the Frontview WebUI.
  • After installing EnableRootSSH ssh to the ReadyNAS. Substitute ... for the IP address of your ReadyNAS (your password is the same as the admin account as the add-on describes): <code bash> $ ssh root@... </code>
  • Because all EnableRootSSH has done is set the root password to be the same as admin we now want to change it to something more secure. This is done using passwd and enter a new password twice…: <code bash> ReadyNAS$ passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully </code>
  • Now edit the ssh config file with nano (nano /etc/ssh/sshd_config) and change the PermitRootLogin (on line 26) to no: <code bash> PermitRootLogin no </code>
  • Finally restart the ssh daemon so that it recognises this change in settings: <code bash> /etc/init.d/sshd restart </code>
  • All done, you should now have disabled root ssh login.
  • IMPORTANT - to ensure that you have disabled root ssh and left ssh enabled for normal user do NOT log out yet, instead try ssh'ing in as root from your computer, you should be denied access. Now try ssh'ing in as normal user, you should be able to login fine using the password you set via Frontview. One final check is to ensure that your user can su into the root account so check that…: <code bash> $ ssh root@... root@...'s password: Permission denied, please try again. $ ssh [user]@... [user]@ReadyNAS:~$ su Password: ReadyNAS:/c/home/[user]# </code>
  • If you can successfully ssh in using your normal user account and su to root, but you are continually denied access when trying to ssh as root then you have successfully set-up secure ssh access to your ReadyNAS and needn't worry about your root password being sniffed. You can now log out.

readynas ssh linux howto security

linux/readynas/enablerootssh.txt · Last modified: 2021/03/20 19:21 by 127.0.0.1
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0