This a thread for questions and anwsers for this guide
[GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)
This a thread for questions and anwsers for this guide
[GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)
Hi,
i have the following question: Where are the ssh keys of a user located in omv?
Normally i'd expect them in:
When you add a new user in omv, you don't have at first a "home". You have to activate the "home" in the settings section of the user administration and set a shared folder for the "homes". But even then the home folders remain empty and have no ".ssh" folder.
Even when you paste your generated public key in the "public key" field of the user setting, ssh logins work fine but the "home" folder still remains empty.
Where are the keys?
Regards,
Bebass
/var/lib/openmediavault/ssh/authorized_keys
Tested ans approved (by a semi-noob)
Excellent tip about security, thanks for share.
@tekkb or @subzero79: Can 2 SSH keys be added to one user? in "/var/lib/openmediavault/ssh/authorized_keys" it just has the username. I'm assuming that only the user with that username can use that key. How would I add a second pub key to same user?
I'm not sure. You could obviously with different users. I never open ssh to the internet. I use VPN. Subzero should know.
I don't know if the text field supports a return string. Authorized keys can be multiline only, so in this case I guess you can only add it by modifying the file in terminal. @votdev can give you a better answer if is possible or he designed one pub key per user.
you can test by pasting two pub keys in a text editor in two consecutive lines then paste it at the user ssh field..
Only one key is supported because it is converted from RFC 4716 SSH public key file format to OpenSSH compatible format.
Okay I had some issues when it came to creating the ssh public key so here is the solution for the format it wanted:
*After creating your key", run:
ssh-keygen -e -f .ssh/id_rsa << The path needs to point to your private_key
this will print out the key in the right format you need to copy & paste directly in.
I'll edit the guide. The format requirement was changed in between versions.
I think I am being an idiot, but how do I do this bit from a Windows 8 machine?
ZitatAlles anzeigenNow in the same linux desktop we can type in terminal
ssh ssh-user-access@IP_OF_NAS -i .ssh/privatekey
If the private key is pass phrase protected it will ask to provide it.
If we must perform root operations we type su in the console and type the root password.
To use ssh from Windows you need a Windows ssh client. Try PuTTY:
To use ssh from Windows you need a Windows ssh client. Try PuTTY:
Thank you - I figured out where I was going wrong. Forgot to add the Private key to PuTTY
Iv'e been trying to work out the whole ssh thing but i am very new to linux and terminals. OSX was used to create the sshremote.pub key.
I followed the guide and everything worked great until i get to this part (ssh ssh-user-access@IP_OF_NAS -i .ssh/privatekey).
I made a user with the same name ssh-user-access and put it in the ssh group and added the private key that i took from the terminal after using ssh-keygen -e -f /home/user/.ssh/sshremote.pub
I than went over to my OMV NAS and logged into root (i also tried using ssh-user-access) but i get an error "Warning: Identity file .ssh/privatekey not accessible: no such file or directory" and "Permission denied (publickey)"
Thanks for any help guys, this is driving me crazy
I'll introduce the correction, the error is pretty obvious the intend of the command was to point to the private key which is sshaccess (not sshaccess.pub), so is
ssh ssh-user-access@IP_OF_NAS -i .ssh/sshaccess
the private key always stays in the ssh client. The public key can travel through private messaging, email, clipboards etc.
oh wow, i get it now... sorry for the silly question and thanks for the quick reply!
everything is working perfect.
I'm having trouble getting my keys setup.
I get the following error at the specified step:
[fubz.LOCA_MACHINE] ➤ ssh ssh-user-access@192.168.1.135 -i .ssh/sshacess
Warning: Identity file .ssh/sshacess not accessible: No such file or directory.
I'm not sure how or when my sshacess file should have been created
You can list the directory to find out what files are there
ls -la ~/.ssh
Depends if you defined different output names for the keys
I think your command is missing the home folder shortcut
[fubz.LOCA_MACHINE] ➤ ssh ssh-user-access@192.168.1.135 -i ~/.ssh/sshacess
I've marked in red
I don't have sshacess
This command is suppose to be run on my local machine, correct?
[fubz.LOCAL_MACHINE] ➤ ls -a .ssh
. .. id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts
Also... what does the ssh-user-access part mean? That command looks like a connection command, is that suppose to be the user I created in OMV?
I figured it out, I tried to read through the instructions without taking the time to understand what I was doing.
ssh-user-access is in fact the user I created in OMV
the -i command needs me to point to my private key I created on my local machine.
Once I completed the guide now I can connect with a simple ssh user@host
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!