Ssh security: no root login

My Cloud OS 3 Personal & Network Attached Storage My Cloud
1

Hello there,

I want to be able to ssh login as my admin user, since I have a total aversion of allowing root login on a machine. Due to the potential WD specifics I am not completely sure about where I should not tread. So I have a couple of questions:

  1. Can I (read: w/o risk) disallow root login in the sshd_config file?
  2. Can I instead allow only my admin user to login via ssh?
  3. Do I need to set a new password for my user – i.e. will the web interface password I set for the admin user be sufficient for ssh or is that merely some special smb or similar password?
  4. Is there anything else I should think about, O thou pros of the WD Community?

Thanks a lot for any input!

2
  1. Yes. SSH Not used by WD. (Its only for user)
  2. You can do what you want with SSH daemon because p.1
  3. Yes. Due security reasons all users need a passwords. But i dont known WD users is system users too? (Create one and see in /etc/passwd. Must be something like " UserName:x:1000:100:,:/home/UserName:/bin/bash" for your user and password hashed in /etc/shadow)
  4. Sorry, I didn’t understand a question.
1 Like
3

knyckis wrote:

Hello there,

 

I want to be able to ssh login as my admin user, since I have a total aversion of allowing root login on a machine. Due to the potential WD specifics I am not completely sure about where I should not tread. So I have a couple of questions:

 

  1. Can I (read: w/o risk) disallow root login in the sshd_config file?
    Yes you can, in sshd_config file change “PermitRootLogin no”.
  2. Can I instead allow only my admin user to login via ssh?
    Yes you can, set “PermitRootLogin no” and “AllowUsers yourAdminUser”.
  3. Do I need to set a new password for my user – i.e. will the web interface password I set for the admin user be sufficient for ssh or is that merely some special smb or similar password?
    The password you set in the web interface will change all passwords i.e. webdav (remote access) via htpasswd and the rest ssh/ftp/smb/nfs/afc etc. via PAM.
  4. Is there anything else I should think about, O thou pros of the WD Community?
    If you open ssh to the internet, I would recommend you to disable root login or “PermitRootLogin without-password” (key exchange only), but gives your admin user sudo access “yourAdminUser ALL=(ALL) NOPASSWD: ALL”.

Thanks a lot for any input!

1 Like
4

Thanks a lot guys, it all worked as a charm!