[GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)

Zitat von subzero79

You can list the directory to find out what files are there

ls -la ~/.ssh

Depends if you defined different output names for the keys

I think your command is missing the home folder shortcut

[fubz.LOCA_MACHINE] ➤ ssh ssh-user-access@192.168.1.135 -i ~/.ssh/sshacess

I've marked in red

Alles anzeigen

I'm having a similar issue.. I followed the guide. I can login to my nas using 'sshremote' but I can't with 'sshacess'. I get an error: "Warning: Identity file /Users/RS/.ssh/sshacess not accessible: No such file or directory.
Permission denied (publickey)."

The output from ls -la ~/.ssh reveals that I do not have sshacess (attached image).

Should I have it?

Does this guide still apply in OMV 2 and OMV 3?

Also, I'd like to make a new sudo account to SSH into so I'm not logged in as root, where I can accidentally mess things up. Is there a preferred "OMV" way of doing this, or should I follow Debian guides?

I'm mainly wondering what groups the new sudo user should belong to.

Thanks!

Is this what you are looking for: Creating a new 'admin' user for SSH ?

Hey, I posted that and I did get an answer for that part of the question.

I'm still curious if this OMV 1.0 guide is still good for 2 and 3, or if they are significantly different.

Sorry but I didn´t take care who has posted that. I thought I fits quite good to the second part of your question.

I'm running OMV 5.5.3.

Adding public keys to users through OMV web interface doesn't seem to produce any effect.

If I manually add the public key to ~/.ssh/authorized_keys of a user it works as expected (no password asked on ssh login).

If I add the public key through OMV web interface it has no effect... Password is still asked on ssh login.

Am I missing something or is this feature broken?

Thanks,

Bruno

My guide for accessing from Windows workstation:

RE: Certificates: only tears

Zitat von tekkb

/var/lib/openmediavault/ssh/authorized_keys

a good tip, but not complete, this is complete solution to fix the "public authentication key issue"

add all your public keys to the file under the authorized_keys directory, the file usually named "username" that you use to login webUI of OMV7

for example I use "pi" as the login user id, the file for my OMV7 is named "pi", so appending your public keys to this file by any methods you knew

How can i add a key to the root user? There is none in /var/lib/openmediavault/ssh/authorized_keys on my machine

Good evening everyone,

I have created an SSH access via public key for a user. Access via Putty and WinSCP works. However, I would very much like to create access via the Windows Powershell. Unfortunately, when I try to log in via ssh user@ip-address, I get the error message...

no such identity: C:\\Users\\user/.ssh/omv: No such file or directory

user@192.168.178.14: Permission denied (publickey).

Do you have a tip for me? Thanks in advance.

Any idea for me?

Zitat von fantozzi

[...]when I try to log in via ssh user@ip-address, I get the error message...

no such identity: C:\\Users\\user/.ssh/omv: No such file or directory

user@192.168.178.14: Permission denied (publickey).

Windows Powershell has always been counterintuitive to me, but one thing you could try doing is using the option that specifies the private key file, using

PowerShell Remoting Over SSH - PowerShell

Explains how to set up the SSH protocol for PowerShell remoting.

learn.microsoft.com

This article has more general information about how Powershell's OpenSSH handles keys: https://learn.microsoft.com/en…nt?source=recommendations

In particular you might try this section using ssh-agent and ssh-add to handle your private key (in an Admin Powershell). Before you copy it, this snippet assumes that your private key is called "id_ecdsa" and is in a hidden .ssh folder inside your User folder. If you have a different private key, it is probably a good idea to still copy it to that .ssh/ directory and change the 'ssh-add' line to point to your actual file. I think it should support more modern keys like id_ed25519 also.

# By default the ssh-agent service is disabled. Configure it to start automatically.
# Make sure you're running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Automatic

# Start the service
Start-Service ssh-agent

# This should return a status of Running
Get-Service ssh-agent

# Now load your key files into ssh-agent
ssh-add $env:USERPROFILE\.ssh\id_ecdsa

Let us know if you get it to work.

Thank you for your feedback. I will have a look at SSH-Agent in the coming days. I created a new key pair tonight with the command

ssh-keygen -t ed25519 -C “omv” -f $HOME\.ssh\omv_id_ed25519.

I then introduced the public key in the OMV GUI under user public private key. In Powershell, the command ssh user-ssh@ip-address -i ~/.ssh/omv_id_ed25519 followed. A login was possible. However, when I enter the command ssh -v user-ssh@ip-address I get the message Permission denied (publickey) at the end.

Where has the public key to be on the server? Normally in the file authorized_keys or not?

Zitat von fantozzi

However, when I enter the command ssh -v user-ssh@ip-address I get the message Permission denied (publickey) at the end.

Where has the public key to be on the server? Normally in the file authorized_keys or not?

You want to let the OMV gui handle the public keys as much as possible. In other distros you would put the public key in /home/user/.ssh/authorized_keys, but in OMV, you want to login to the webui, and copy it to `Users | Users | <USERNAME> | Edit | Public Keys.`

Take a look at the OMV ssh documentation for an example of what exactly to copy where. Also make sure you add that user to the appropriate `_ssh` and `sudo` groups, and anything else the docs say to do.

After this you should be able to ssh into that user.