NAS: Enable SCP and password-less SSH login

DISCLAIMER: I am not going to educate about the risk of doing this with your root userid. This works for me, as I am behind a secure network. Once you have followed the instructions below, you will be able to logon to your NAS through SSH without using a password (as SSH will use your unique public key). You will also be able to use SCP (with the benefit of compression) from/to your NAS.

The necessary steps to give your NAS SCP – part I: Enable login via public key certificates:

  • On NAS: If you have a recent firmware (.640), then just enable SSH on the diskstation.
  • On NAS: Edit the file /etc/ssh/sshd_config and uncomment/insert the following line (#2) to enable public key authentication:


     
  • On NAS: If you are super-paranoid, you can disable password-login (doing this can potentially lock you out if you stuff up your public key):


     
  • On client: On you host computer (not the diskstation) open a terminal and run the following command:
    $ ssh-keygen -t rsa


     
  • On NAS: You need to create a directory with a file containing the the authorized keys of clients being able to connect:


     
  • On NAS: Paste the content of your id_rsa.pub-file from your Host-computer (the one you want to connect from) into the authorized_keys file.
  • On NAS: Change the file permissions of the authorized-key file:


     

After rebooting, you should be able to login without password via ssh [email protected] — if not, sorry for you, you did not follow the instructions properly.

Next part is to enable SCP. This requires you to have the bootstrap on the NAS installed and you need to have basic knowledge of IPKG:

  • Use ipkg download zlib to download zlib
  • untar via tar -xzvf zlib*.tar
  • untar the data file tar -zxvf data.tar.gz
  • You require two libraries for SCP compression to work. Use the following command to copy them: cp ./opt/lib/libz* /lib
  • Now you need to get openssh which contains the scp exectuable. Download via ipkg download openssh
  • untar via tar -xzvf openssh*.tar
  • untar the data file tar -zxvf data.tar.gz
  • Copy the scp-binary: cp ./opt/bin/scp /bin

You are done. You should now be able to do a simple scp filename [email protected]:/nasfolder without a password prompt.

Print Friendly, PDF & Email