Happy

Why did you need to install togglessh?

There is no need to install the toggle ssh add-on (provides SSH access for support use only) or the EnableRootSSH add-on (provides SSH access for use by us end users). Only if you want to do stuff via the command line e.g. use "apt-get" do you need to enable SSH access.

Thanks mdgm. I was coming back here to post a reply (as I had learned a lot more since I made the above comment).

As you say, there are various other maintenance reasons that could cause a person familiar with the Linux OS to want to use ssh. After having installed EnableRootSSH, the ability to "toggle" - turn ssh on/off via the re-installation of ToggleSSH, is very useful from a security perspective.

The EnableRootSSH add-on is not a Toggle add-on. ToggleSSH add-on is to enable/disable SSH access for support use. I don't recommend using this add-on with EnableRootSSH. The proper thing to do is to set a password for SSH that is difficult (if not impossible to crack) and not port forward port 22 to your NAS so SSH isn't exposed to the web.

I see... Thanks.

Due to my circumstances I will be using ssh less than once in a blue moon, (possibly never again on the Duo) so I'll carry on with my improper solution.

Part of the point of having SSH access always enabled is so that you can use it when you need it once in a blue moon (e.g. if Frontview won't work and you need to e.g. remove an add-on via SSH).

This begs the question: What is "wrong" with using ToggleSSH to turn ssh on/off in these circumstances?

It seems to me that it offers more security using it this way under blue moon circumstances. I'd rather have my ssh turned off completely when I'm not using it than rely on hard passwords & uncommon ports.

ToggleSSH deactivates SSH for both tech support and the user or turns it on for tech support. It has been known to be problematic at times re-enabling SSH access using EnableRootSSH after using ToggleSSH.

Also if you lose access to Frontview you can't re-enable SSH access. What good is having SSH disabled when you need to use it to fix a problem so you can use Frontview again. You don't need to use an uncommon port for SSH. If you don't expose port 22 on the NAS to the internet (it won't be unless you configure it to be in your router) then someone would need to be on your local network to even be able to attempt to hack into your NAS using SSH.

Thanks mdgm, now I know. :)

My Duo is not exposed to the net, so on your advice I will enable ssh, & hope that I never have to use it to recover from a lost Frontview.

Your advice is much appreciated, I will modify a previous post accordingly.