NAS: Enable SCP and password-less SSH login

DISCLAIMER: I am not going to educate about the risk of doing this with your root userid. This works for me, as I am behind a secure network. Once you have followed the instructions below, you will be able to logon to your NAS through SSH without using a password (as SSH will use your unique public key). You will also be able to use SCP (with the benefit of compression) from/to your NAS.

The necessary steps to give your NAS SCP – part I: Enable login via public key certificates:

  • On NAS: If you have a recent firmware (.640), then just enable SSH on the diskstation.
  • On NAS: Edit the file /etc/ssh/sshd_config and uncomment/insert the following line (#2) to enable public key authentication:

    #RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys

     

  • On NAS: If you are super-paranoid, you can disable password-login (doing this can potentially lock you out if you stuff up your public key):

    # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no

     

  • On client: On you host computer (not the diskstation) open a terminal and run the following command:
    $ ssh-keygen -t rsa

    Generating public/private rsa key pair. Enter file in which to save the key (/home/magicdude/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_rsa Your public key has been saved in id_rsa.pub The key fingerprint is: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [email protected]

     

  • On NAS: You need to create a directory with a file containing the the authorized keys of clients being able to connect:

    # cd /root mkdir .ssh touch .ssh/authorized_keys vi .ssh/authorized_keys 

     

  • On NAS: Paste the content of your id_rsa.pub-file from your Host-computer (the one you want to connect from) into the authorized_keys file.
  • On NAS: Change the file permissions of the authorized-key file:

    chmod 700 .ssh chmod 644 .ssh/authorized_keys

     

After rebooting, you should be able to login without password via ssh [email protected] — if not, sorry for you, you did not follow the instructions properly.

Next part is to enable SCP. This requires you to have the bootstrap on the NAS installed and you need to have basic knowledge of IPKG:

  • Use ipkg download zlib to download zlib
  • untar via tar -xzvf zlib*.tar
  • untar the data file tar -zxvf data.tar.gz
  • You require two libraries for SCP compression to work. Use the following command to copy them: cp ./opt/lib/libz* /lib
  • Now you need to get openssh which contains the scp exectuable. Download via ipkg download openssh
  • untar via tar -xzvf openssh*.tar
  • untar the data file tar -zxvf data.tar.gz
  • Copy the scp-binary: cp ./opt/bin/scp /bin

You are done. You should now be able to do a simple scp filename [email protected]:/nasfolder without a password prompt.

Print Friendly, PDF & Email