I chose to do things a bit differently for my EX2 Ultra. Although entware now gives you a persistent /home folder which will preserve its authorized_keys file between reboots, the built in ssh server configuration is in /etc/ssh, which will be lost after a reboot. So, Iâd be stuck with password authentication still being acceptable after a reboot, which is a security hole. My goal was to restrict it to accepting certificate only connections and make it survive a reboot.
After using the bintray.com link above to install entware for OS 5, I used opkg to install dropbear, a lightweight ssh server.
# opkg install dropbear
I copied the keys I wanted authorized from another ssh server computer to:
/opt/etc/dropbear/authorized_keys
and I made sure I could ssh in after using the web interface to switch off the built in ssh server. Then I edited:
/opt/etc/config/dropbear.conf
to include the line:
DROPBEAR_EXTRA_ARGS=â-sâ
This will disallow password based logins. I still ssh to the built in user account sshd, even after switching off the built in ssh server. To restart dropbear after changing the conf file, use this command:
# /opt/etc/init.d/S51dropbear restart
This will survive a reboot and even a firmware update. It uses ecdsa, rsa, or ed25519 host keys.
I found one more trick. There can be a lot of typing to navigate the storage folders, so an alias can help.
# nano /shares/Volume_1/Nas_Prog/entware/profile
Put in whatever alias command you want, for example:
alias cdv1=âcd /mnt/HD/HD_a2/Vol1â
Save the file, then reboot the NAS to use the alias.