[GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)

  • I'm having a similar issue.. I followed the guide. I can login to my nas using 'sshremote' but I can't with 'sshacess'. I get an error: "Warning: Identity file /Users/RS/.ssh/sshacess not accessible: No such file or directory.
    Permission denied (publickey)."


    The output from ls -la ~/.ssh reveals that I do not have sshacess (attached image).


    Should I have it?

  • Does this guide still apply in OMV 2 and OMV 3?


    Also, I'd like to make a new sudo account to SSH into so I'm not logged in as root, where I can accidentally mess things up. Is there a preferred "OMV" way of doing this, or should I follow Debian guides?


    I'm mainly wondering what groups the new sudo user should belong to.


    Thanks!

  • Sorry but I didn´t take care who has posted that. ;) I thought I fits quite good to the second part of your question.

    OMV 3.0.100 (Gray style)

    ASRock Rack C2550D4I C0-stepping - 16GB ECC - 6x WD RED 3TB (ZFS 2x3 Striped RaidZ1) - Fractal Design Node 304 -

    3x WD80EMAZ Snapraid / MergerFS-pool via eSATA - 4-Bay ICYCube MB561U3S-4S with fan-mod

  • I'm running OMV 5.5.3.


    Adding public keys to users through OMV web interface doesn't seem to produce any effect.


    If I manually add the public key to ~/.ssh/authorized_keys of a user it works as expected (no password asked on ssh login).


    If I add the public key through OMV web interface it has no effect... Password is still asked on ssh login.


    Am I missing something or is this feature broken?



    Thanks,

    Bruno

  • /var/lib/openmediavault/ssh/authorized_keys

    a good tip, but not complete, this is complete solution to fix the "public authentication key issue"

    add all your public keys to the file under the authorized_keys directory, the file usually named "username" that you use to login webUI of OMV7

    for example I use "pi" as the login user id, the file for my OMV7 is named "pi", so appending your public keys to this file by any methods you knew

    OS: Debian GNU/Linux 12 (bookworm) x86_64

    Host: Z97X-UD7 TH

    Kernel: 6.1.0-16-amd64

    CPU: Intel i7-4790K (8) @ 4.400GHz

    GPU: AMD ATI Radeon RX 6600/6600 XT/6600M

    Memory: 891MiB / 31943MiB

    OMV Version: 7.0-20 (Sandworm)

    HDD: 20TB+ 44TB + 44TB


    OS: Raspbian GNU/Linux 11 (bullseye) aarch64

    Host: Raspberry Pi 4 Model B Rev 1.1

    Kernel: 6.1.21-v8+

    CPU: BCM2835 (4) @ 1.500GHz

    Memory: 475MiB / 3794MiB

    OMV Version: 6.9.11-2 (Shaitan)

    SSD: 512GB+4TB (all sata ssds)

  • Good evening everyone,


    I have created an SSH access via public key for a user. Access via Putty and WinSCP works. However, I would very much like to create access via the Windows Powershell. Unfortunately, when I try to log in via ssh user@ip-address, I get the error message...


    no such identity: C:\\Users\\user/.ssh/omv: No such file or directory

    user@192.168.178.14: Permission denied (publickey).


    Do you have a tip for me? Thanks in advance.


    Any idea for me?

    omv 7.7.5-1 sandworm | 64 bit |6.1.0-33-amd64

    plugins :: omvextrasorg 7.0.2 | flashmemory 7.0.1 | more to be added soon

    Einmal editiert, zuletzt von fantozzi ()

  • [...]when I try to log in via ssh user@ip-address, I get the error message...


    no such identity: C:\\Users\\user/.ssh/omv: No such file or directory

    user@192.168.178.14: Permission denied (publickey).

    Windows Powershell has always been counterintuitive to me, but one thing you could try doing is using the option that specifies the private key file, using


    PowerShell Remoting Over SSH - PowerShell
    Explains how to set up the SSH protocol for PowerShell remoting.
    learn.microsoft.com


    This article has more general information about how Powershell's OpenSSH handles keys: https://learn.microsoft.com/en…nt?source=recommendations


    In particular you might try this section using ssh-agent and ssh-add to handle your private key (in an Admin Powershell). Before you copy it, this snippet assumes that your private key is called "id_ecdsa" and is in a hidden .ssh folder inside your User folder. If you have a different private key, it is probably a good idea to still copy it to that .ssh/ directory and change the 'ssh-add' line to point to your actual file. I think it should support more modern keys like id_ed25519 also.


    Let us know if you get it to work.

  • Thank you for your feedback. I will have a look at SSH-Agent in the coming days. I created a new key pair tonight with the command

    ssh-keygen -t ed25519 -C “omv” -f $HOME\.ssh\omv_id_ed25519.

    I then introduced the public key in the OMV GUI under user public private key. In Powershell, the command ssh user-ssh@ip-address -i ~/.ssh/omv_id_ed25519 followed. A login was possible. However, when I enter the command ssh -v user-ssh@ip-address I get the message Permission denied (publickey) at the end.


    Where has the public key to be on the server? Normally in the file authorized_keys or not?

    omv 7.7.5-1 sandworm | 64 bit |6.1.0-33-amd64

    plugins :: omvextrasorg 7.0.2 | flashmemory 7.0.1 | more to be added soon

  • However, when I enter the command ssh -v user-ssh@ip-address I get the message Permission denied (publickey) at the end.


    Where has the public key to be on the server? Normally in the file authorized_keys or not?

    You want to let the OMV gui handle the public keys as much as possible. In other distros you would put the public key in /home/user/.ssh/authorized_keys, but in OMV, you want to login to the webui, and copy it to `Users | Users | <USERNAME> | Edit | Public Keys.`


    Take a look at the OMV ssh documentation for an example of what exactly to copy where. Also make sure you add that user to the appropriate `_ssh` and `sudo` groups, and anything else the docs say to do.


    After this you should be able to ssh into that user.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!