GUIDE: Change ssh configuration on OS 5

I will explain how to change your ssh configuration to allow other users (for e.g. filezilla, winscp or sshfs etc.) and optionally to disable password authentication.

Enable ssh and log in to the nas.

If you make a mistake during this process and need to reset ssh to the default settings so you can login, open the webgui and disable and re-enable ssh. Your config settings won’t be affected.

cp /etc/ssh/sshd_config /usr/local/config

edit /usr/local/config/sshd_config with vi or copy it to your computer, edit it, and copy it back.

Add the following:

AuthorizedKeysFile /usr/local/config/authorized_keys
PermitRootLogin yes
PubkeyAuthentication yes

Change the AllowUsers line to include the other users you want to allow, for example mine is:

AllowUsers sshd rkitover

If you want to disable passwords add the following:

PasswordAuthentication no
ChallengeResponseAuthentication no

From your computer copy the authorized_keys file with the keys you want to allow to the nas:

scp ~/.ssh/authorized_keys sshd@nas:/usr/local/config

MAKE SURE ALL KEYS ARE A SINGLE LINE WITH NO SPACES OR THEY WON’T WORK

Now, edit /usr/local/config/config.xml as described here, make sure to do this very VERY CAREFULLY because you can make your device unbootable.

Find the crond section and add another name entry, call it sshd_config, e.g.:

<name id="9">sshd_config</name>

Add it at the bottom with the next sequential id.

At the bottom of the crond section, add the new sshd_config section, like so:

<sshd_config>                     
    <item id="1">             
        <method>3</method>                                                
        <1>@reboot</1>                                                    
        <run>sleep 120; pkill sshd; /usr/sbin/sshd -E /var/log/sshd.log -f /usr/local/config/sshd_config &amp;</run>
    </item>         
</sshd_config>        

Now reboot the nas (e.g. with the reboot command) and wait about 5 minutes.

Your new ssh configuration should be active.

Thanks to dswv42 for the persistent system changes guide which I used to do this.

1 Like

Can someone please explain what is <method>3</method> and how many methods are there.

Regards