Posts by mikeyww
-
-
Thank you for the link. Through trial and error, I was able to make this work. Below, I have provided the guide.
OpenMediaVault SSH setup for local Windows workstation to bypass login passwords
- Windows working directory for key files: c:\Users\[username]\.ssh\
Puttygen
- Generate keys on the local Windows computer
- Save public key as id_rsa.pub
-- This SSH2 public key is not needed. It will lead to a harmless error message upon ssh login. To prevent this error message, move this file to a different directory, or rename it.
- Save private key as id_rsa.ppk
-- This can be used with Putty and WinSCP (see below).
- Conversions -> Export OpenSSH key -> id_rsa
-- Windows will use this RSA private key upon ssh login, instead of asking for the user's password.
-- Put this private key into c:\Users\[username]\.ssh\
- Copy and paste public key from Puttygen's edit field into a new file called authorized_keys
OMV Web interface
- Add user: ssh-user-access
- Add to group: ssh
- In /etc/passwd, find the path to this user's directory
- Example: /srv/dev-disk-by-label-[filesystemlabel]/public/ssh-user-access
- Create directory .ssh in that directory
- Copy authorized_keys to this .ssh directory
Access SSH from CMD or Powershell
- ssh root@192.168.1....
- ssh ssh-user-access@192.168.1....
- Other users will require a password
Access from Putty & WinSCP
- Putty: in SSH -> Auth, provide the path to id_rsa.ppk
- WinSCP: Edit -> Advanced -> SSH -> Authentication -> Private key file -> provide the path to id_rsa.ppk
References
[GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)
[GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)
-
I have a new DIY NAS with OMV, works well. I have spent hours trying to generate and use a certificate instead of the SSH login for root (also tried with another user), so that I can log in and update OMV automatically by a Plink + shell script. No matter what I try-- having searched the Internet many times-- I get "Cannot use the certificate" or "Certificate refused" kinds of errors upon SSH login attempts. I tried certs imported into the OMV Web interface as well as ones that were just added there anew. The certs appear to be saved without errors in OMV. I am then specifying a local private key in Putty or a Plink command line-- and neither works.
Guides on this are hard to find and vary widely in the instructions. Some of the guides and posts available online simply do not work. I tried a variety of keygen commands. From what I can tell, I can successfully generate the private & public key pairs, and the special Putty format, but I am still not succeeding.
My goal is to be able to use a certificate from one of my computers, so that I am not prompted for the SSH login password, which I also do not want to save or use in a command line on that computer. I'd like to preserve the password login for other computers.
I'm starting to think that this is not possible. Am I wrong? What is the way?
