Access OMV from outside

  • Hello everybody,


    I've got a RPi4 with OMV 5 + docker.

    I use NextCloud for my files, but sometimes I need to restart the container in docker, cause sometimes it doesn't work. When I'm at home no problem but when I'm outside it's very annoying. So I wanted to know if there was a way ton access OMV from outside?


    Thanx in advance for your help!

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

  • Well thanx for your fast answer, but I'll need more explanations.

    SSH is activated in OMV. When I'm home I can use the terminal and write "sudo ssh pi@192...", but how to do when i'm outside?


    Thanx.

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

  • I recommend not using port 22 as well. Forward port 12345 (or whatever) to port 22. Then the bots won't constantly be trying to get in.

    omv 5.5.23 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.5
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Ok, let's imagine I succeed to forward the port 12345 (or anything else) to port 22 in my router, what have I to use to access OMV? Do I need a shell or anything else? What command do I have to write? Sorry I'm a noob!?(

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

  • I use WinSCP & Putty to conect from outside.



    WinSCP to copy & Move files


    Putty To use as remote shell for OMV


    and Chrome or Firefox or Edge to login on OMV webGUI ( redirect port xxx to port 80 of your NASIP)

  • Make sure to enable "key authentification" and disable "password authentification" for ssh. (after testing key authentification)

    Plain (unencrypted) http traffic from outside to your OMV is no good idea.

    Either use https or enable ssh port forwarding for http access to your OMV through the secure ssh tunnel.


    Cheers,

    Thomas

  • Ouch thanx for all these advices, but unless I've got a tutorial for all of that, I think I'm not able to follow this... I'm really noob... 8o

    This is what search engines are for.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • I found that on YouTube


    It’s a Techno Dad Life tutorial using Mediaguard.


    Do you think it’s a good solution? It seems to be easy, but is it secure? Thanx

    If all you need to do is restart a docker container, ssh is all you need, is already on the system, and is the simplest solution. Login and type one command. Done.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

    Edited once, last by gderf ().

  • The original post of this thread brings up a question I have often searched for the answer with very little success. Reading the OMV5 Documentation on SSH, and this Guide by subzero79 would indicate that SSH tunneling is possible, but I have never been able to pull it off. I have been able to generate a public key in my Access Rights Management—>user—>Public keys in the RFC4716 format, and I am able to store my private key in ~/.ssh on my laptop. I have my port forwarded on my router in the five-digit range and all the buttons flipped the right way in the SSH tab. But when I try to connect via terminal on my laptop I get permission denied (publickey). I can’t see that I am missing anything in the guide, although it is a bit dated (2015 & OMV2).


    Don’t get me wrong. I’m not complaining. I am just curious about the way this topic appears on this forum. Is it old school, low tech, or just plain unsafe? I appreciate the other options mentioned in this thread, but what if you don’t want to mess with a VPN? Why is there so little real material on this subject on the forum and why do some warn that it is unsafe to expose SSH to the Internet even with high-number port forwarding, and others do not. Asking for a friend. :D

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    OMV 5 (current) - Hardware: Thinkserver TS140, Nextcloud, Plex, Airsonic, Navidrome, Ubooquity, Digikam, & Heimdall - NanoPi M4 (v.1), backup - Odroid XU4, Pi-Hole (DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2. Mac user trying to convert to Linux on a HP dx2400, Debian 10 XFCE.

  • There is nothing low tech or unsafe about ssh access to remote systems if implemented properly.


    Have you looked in OMV's logs for sshd specific errors?


    One thing that can be an 'invisible' factor is that if you use Windows Notepad and possibly other word processing programs on your key files, the CRLFs are not *nix compatible. You can't tell this by looking.


    I used the procedure here to generate a key on my Linux Mint machine and send the public key to my OMV machine. I didn't use any portion of OMV's WebGUI to do this. It was all done from the remote machine.


    https://www.howtoforge.com/lin…all-ssh-keys-on-the-shell

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • I can hear your point of view. But I keep thinking it’s really easier to follow a tutorial like Techno dad life for a noob like me. I don’t say it’s a better way to do what I wanted to do but it’s definitely easier...

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

  • I can hear your point of view. But I keep thinking it’s really easier to follow a tutorial like Techno dad life for a noob like me. I don’t say it’s a better way to do what I wanted to do but it’s definitely easier...

    What are you going to do if you need remote shell access?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!