New firmware is working

I applied the new firmware released today and so far everything looks good.

It downloaded 100+ Mb and then a few minutes to apply it and it rebooted.

All is good.

I use SFTP to reach my drive from work and this part of it is working.

I connect from one mac to another by IP address. File Sharing is turned off. Remote access is turned on.

The WD is at my home where it shows up in the sidebar of my finder windows. I click on the WD and the share that is inside shows up  on the desktop. This is the drive I connect to from work through SFTP using Fetch or Filezilla. I have access to all my drives connected to the computer.as well as the WD drive.

I do not use the streaming, SSH, web access, I have all those turned off, so I cannot vouch for those services.

I also cannot vouch or whether the drive is any safer form the security bug, but time will tell.

The question is: This firmware fixed any of the several problems that we have ?
Because it looks like a quick fix for the heartbeed, and nothing else. Heartbleed is on the midia. Its just to protect the company name ?

BDavis wrote:

…

I use SFTP to reach my drive from work and this part of it is working.

…

I think you meant FTPS and not SFTP. They are NOT the same thing.

It’s not easy to implement SFTP though I have done it on the EX2 →   http://community.wd.com/t5/WD-My-Cloud-EX2/SFTP-possible-on-EX2/m-p/715812#M253

Cybernut1 wrote:

---

BDavis wrote:

…

I use SFTP to reach my drive from work and this part of it is working.

…

---

I think you meant FTPS and not SFTP. They are NOT the same thing.

It’s not easy to implement SFTP though I have done it on the EX2 →   http://community.wd.com/t5/WD-My-Cloud-EX2/SFTP-possible-on-EX2/m-p/715812#M253

yeah his statement is confusing, sftp is not supported yet. looks like he is using it through his coomputer.  he says he can access all his drives on his computer and the mycloud.

Yes it is SFTP. I go in through my mac, not a direct connection.

I can also use FTP, but worry about security.

SFTP is not perfect, but it is better than FTP.

The WD is connected to the internet with high ports facing the internet open on the router redirected to the hidden lower ports for the WD.

Using FTP I can get it directly from the internet. 

Using SFTP , again first through different high ports , forwarded to different lower ports, then to my mac, then since the WD is on my mac’s network, AND I have the share I want to use  already mounted as a network drive, I can then access it. No noticeable speed difference. 

Once it is all set up it is just a click on the address in fetch and it pops up every time. Nothing else to do.

Yes it is a roundbout way of working, but it works without going through the official WD servers. The only connection is between one computer and the other.

And it works ALL the time with no hassles.

I have also played with using VPN to tunnel the SFTP connection but that seems to be a little hassle than it is worth.

It works, it is just more steps every time I want to connect.

MAybe when I get more paranoid about security than I already am.

I am sure there are other ways of doing this, but in reading the pages of the forum, I was able to piece together a strategy that did not involve going into SSH, had decent security, zero maintenence,  works with my router setup at home and is quick and easy to use.  My uptime with this has been perfect which I cannot say about the WD method of going through their servers.

If you didn’t dive into ssh, then you didn’t setup the keys. So it’s not SFTP. Google people, Google.

It is SFTP from the office mac to the home mac using the SFTP (part of the SSH in the two macs)  for what we call remote access, and then it is using the local file sharing to access the Drive which is mounted as a local network drive to the mac. 

So, no, you are corect, it is not SFTP all the way, but once I am behind the firewall and the routers, I am good to go with whatever is behind there.

Just not using the SSH in the WD, not having to mess with it there at all.

The only ports that show open to the world are the high ports, (9000’s) and port 80.

So I feel better  most of the time about people getting in.

Why is everyone insisting that he didnt use SFTP… 

Its very simple… takes 1 min to setup… No keys are needed unless you want password less access…

Those suggesting to google, please google SFTP your self first.

SFTP is a byproduct of enabling SSH on the drive… nothing special to it.

I’ve been using it forever on routers, nas and also on my mycloud drives.

EDIT: now that i read OP’s last comment, where is he says “Just not using the SSH in the WD, not having to mess with it there at all.”

If he’s not using SSH on the WD drive, then he is not SFTPing into that drive.

If you are only remotely accessing your Mac graphically and you did not setup keys then it is definitely NOT SFTP…not even the partial way. You’d know if you have done sftp if you generated keys, etc. If you haven’t and you’re only remote desktop ing into a Mac then that’s not done via SSH nor is it SFTP. If you were accessing it via port 22 then yes, but definitely you’re not accessing via that port based on your description…you obviously are confused as to what SFTP is.

EDIT: The previous poster is right…I apologize…yes, you certainly can use password for sftp…I never do…always set up keys. So yes, you can SFTP without setting up keys…my mistake.

The only challenge with this way of sftp’ing is that you can only sftp as the admin user (unless you are willing to distribute the admin password to multiple users). In my mind I was basically thinking about sftp for all the users you setup to access My Cloud. That’s the real tricky part.

Cybernut1 wrote:
The only challenge with this way of sftp’ing is that you can only sftp as the admin user (unless you are willing to distribute the admin password to multiple users). In my mind I was basically thinking about sftp for all the users you setup to access My Cloud. That’s the real tricky part.

correct. There is no SFTP for users and their share, only FTP. you can use SSH but for root only. I rather not as well. There is a request to support SFTP for shares.

http://community.wd.com/t5/ideas/v1/ideaexchangepage/blog-id/cloud_idea/page/2

1 third of the way down.

What I understood from the OP is that he is doing sftp to his PC and mycloud is just a share, which negates the point of having a NAS if you want to leave PC on but I understand why he is doing it, for security.

Indeed. As far as I know, only way to sftp for non-root users have only been done by me as described here → http://community.wd.com/t5/WD-My-Cloud-EX2/SFTP-possible-on-EX2/m-p/715812#M253

Yes, it’s on the EX2, not My Cloud which has a different codebase but I’d suspect a similar hack could be implemented on the single bay My Cloud. And yes, I am well aware of the sftp request on the new ideas thread…I voted for that change myself several weeks ago…just days before I was able to solve the challenge for myself. I suspect that sftp isn’t going to arrive anytime soon, if at all…because I studied what the big boys of QNAP and Synology are doing and they offer FTPS support in their firmware but not SFTP. So if they, who have more advanced platforms, aren’t offering it, I doubt WD ever will.

Why can’t we comment int he actual thread of the firmware post?

If that is all they have fixed…pass!

setting up SFTP for other non root, non admin users is relatively easy if you know a bit about linux.

Just a few commands, to add a new user, allow ssh/sftp for him and then allow that user access to whatever share you want.

alirz1 - Knowing “just a bit of Linux” isn’t going to do help you setup non root, non admin users with My Cloud products. The SSH is locked down…you cannot add non admin, non-root users.

The golden rule: if you need to interfer in the product then it is not working as it is uspposed to or you are not supposed to meddle. Get the manufacturer to fix it and you keep your warranty and all benefits from the fix.

jamalaya - oh, I agree very much with your last post…but at the same time I also realize WD will very likely never provide an SFTP facility in My Cloud products…including the prosumer EX2/EX4 models. None of the more pricier and more sophisticated NAS products from QNAP, Synology, Thecus, etc. provide sftp either…at best some provide FTPS. But I personally like SFTP way better than anything else…not to mention sftp is already running on the box. So the key for me was to be able to figure out a way to add non root users to login via ssh, which isn’t as trivial a task as the other poster Imagines, as anyone who knows “a bit of linux” can do that. It’s not a normal linux situation. The locked down shell is hardcoded into the firmware. But certainly, modding the firmware likely voids the warranty…and isn’t for the faint of heart…nor can anyone who knows a bit of linux will actually be able to do it. It takes a good amount of skill to accomplish sftp for non root users.

OK I typed a LOOOOOOONG reply and then when i sent it,  it said some sort of error so this is what you  get before it times out. I will type it in a different program next time. lesson learned. again.

It works for me. SFTP is the secure way in behind two routers, two different subnets. firewall rules on both plus the mac.  One user. Nasty password.

FTP is the back door in case the power cycles at home in spite of battery backup. Restart defaults to password request, but obviusly I would not be there to type it in, thus FTP to the rescue.

SFTP requires the mac, FTP does not, on my setup.

Mac uses SFTP with one box to check in a control panel, why can;t the WD.

FTP is behind the two routers using high ports. ports are forwarded in the 2nd router to the 20, 21, 22, 1723. (I think I have the 1723 right, I am not at home right now).

On the WD:

WD web acces is OFF, 

FTP is ON.

SSH is OFF.

Streaming is OFF.

Pretty much all else is OFF.

One user, ME

Sleep is OFF.  After reading here, I have never turned it on.

On the mac:

File sharing is OFF, ( I Think I remember that is so)

remote access is on and restricted to ME. with password authentication. 

The share is (macspeak here) mounted on the desktop,  I forget what the proper term is.

It is accessible at home through the finder (macspeak) .

It is accessible through FTP  also at home. FTP is SO MUCH FASTER at home compared to using the finder.

All common service ports are closed to the outside world.

Sophos antivirus running in backgound on mac. 

Mac Host file updated every couple of months from a bad IP address list website.

So it has the convenience, speed, easy access, no maintenence, nothing to ro-do when there is a restart or firmware update, yet works 24 hours a day with no down time.

My main concern is keeping the bad guys OUT with my limited knowledge and limited time to learn.

I am a busy guy. I think i have done about everything in that regard that I can do without a huge learning curve, without increasing maintenece, expense,  loss of sleep at night.

My original concern with the topic was simply to report that the firmware update did not brick mine, and that all functions I use were still working. I did not have to do anything after the update to get back up and running. All the settings were still there.

However, I appreciate that the topic turned to SFTP. I had been looking for info on the topic, when setting this up, but found it to not be sufficient or anything I could actually implement. 

This setup works for me in its roundabout way, and I wish indeed there was a more convenient one click method to make it work in the WD.

SFTP is  inherently more secure, and is behind the secure network and one more step going through the mac, but no slowdown like there was with tunneling VPN. 

FTP is behind the same security on the network as the SFTP but does not go through the mac.

However it is not inherently secure, so it is not used except in emergency.

I have had several concerns with the security on the WD. default username/ password in SSh is not changeable in the control panel, but warranty is voided if I go into SHH  and make a diferent password and fiddle about, Web access supposedly works better with UPNP, yeah right like I am going to turn that on, FTP is the only option , are you kidding me??, Wanting to use default low open ports for WEB ACCESS . Glad they at least allow you to change them.

Which again is why I have it set up the way I have it set up.

Ok, I understand your setup much better now. The only part I’m unclear about is the setting up of sftp access from one click in Mac OS’ control panel. I unfortunately don’t have a Mac so am not too familiar with it but a friend of mine does and I’d look at her Mac when I get a chance. She has Mavericks as her OS…hopefully you do too. If you could tell me which control panel exactly where you turn it on, I’ll just check it out of curiosity.

But based on my updated understanding, it sounds like you have a very secure connection (and I perfectly understand your macspeak by what you meant by having the My Cloud mounted on your desktop…in Windows we call the same thing mapping to a share).

I myself don’t have the single disk My Cloud but I have the 2-disk EX2. I do have sleep turned on. I don’t know what issue(s) the My Cloud regular has with sleep on, but my EX2 doesn’t have any issues with keeping it on. It is strongly advisable for any NAS to leave sleep enabled, to have a longer life on the NAS.

I’m not sure if you looked at my SFTP thread (linked here in an earlier post)…when you refer to not finding enough info to implement it. But yes, the way I discussed the implementation of sftp for non admin users is not easy to implement. I agree with you that it should be more easy to do so…but I suspect WD has security concerns in opening up SSH access to non-admin users (other NAS from competing firms don’t offer it either). In an ideal NAS, setting up SSH access would be as simple as checking of a box on that user’s setup page from the dashboard. Under normal situations on Linux machines (and probably even on Macs) it can be done very easily my making a simple change to sshd_config file.

But in My Cloud (at least for the EX products) that sshd_config is sorta locked down…by that, I mean you can change the file itself to add non admin users to have SSH access. But when you reboot the NAS in order for the updated sshd_config to take effect, a fresh sshd_config is copied over in that location (from the firmware code) with only the admin user (sshd) having access and thus your changes to enable SSH access for non-admin users are lost and thereby their ability to ssh in and thereby their ability to sftp in.

BTW, I don’t know about My Cloud but for my EX2, I can change the password for the admin user. And as far as I know you don’t void the warranty by simply enabling SSH and connecting to your device via SSH and looking around. You would void warranty only if you change things from the SSH…but even then if it’s a minor change to a config file or something, no one’s gonna know if you change it back to the default file should your warranty be needed…in fact it’ll be trying to find needle in a haystack (for WD folks) to actually conclusively prove that you have indeed changed one setting in one of many config files…so for most harmless changes you’d be okay. But in order to actually implement sftp for non admin users, you would have to change the firmware, which is neither trivial nor for the faint of heart and will most certainly void the warranty.

But if it is just you, who wants to sftp in, you certainly can sftp in directly to your My Cloud, if you enable SSH access…you won’t have to do ANYTHING ELSE to sftp directly from outside. Once you enable SSH access, you can download a free app on an iPad if you have one, called WebSSH (from a company called Itimeteo) to test out your sftp access. You can test both ssh and sftp access using your ssh admin password from that iPad app. There are other iPad/iPhone apps that probably will work as well, but that’s the one I used to test and can vouch for. The only issue is it’s only a workable solution for just the owner/admin. I wanted my friends, with whom I exchange files on my NAS to come in via sftp, and I don’t obviously want to share my admin (sshd username) password…and thus I had to figure out how to enable this hack I devised in the firmware.

Go to the Black apple icon in the farthest upper left hand corner. Click and hold. look for Sysytem Preferences .

In that window, look for sharing .

In that window, make a check appear in the Remote Login box  ( I though it said remote access )

You will also see allow all users and Only these users. USe Only these users.

Click the + symbol under the blank white box to add user.   A box will appear and it should have her name in it. Click to add.

The password will be the same as her system login.  Not likely to forget that. I am sure you will make sure she has a secure password. 

You are essentially logging into your mac from the outside when you do this.  It is viewed as being the same.

I have ports 20, 21, 22 open on the router… I do not have 1723 open. That was being used for PPTP which I am not using anymore so it is closed…

Experiment with dropping off the port 20,21, and see if it will work without it. 22 is the port just for SFTP.

Of course t o the outside world those are not the ports to point your FTP client to. I hav the incoming ports in the 9000’s.

Sorry I would type more but I gotta go.

That should get you started.