NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Securely access your Bittorent Client from anywhere
This tip attempts to give a step by step guide to access your Bittorent client securely from anywhere (internet connection is a must of course)
As with my previous guides this assumes that:
1) You're running at least raidiator v4
2) You already have ssh access
3) You're router is configured to forward port 22 to your ReadyNAS
Ok here we go
Install Putty and generate you own private keys
=========================================
1) Download and install Putty
2) Open Puttygen, click on the SSH-2 RSA radio button and click on Generate. You may change the Key comment to anything you want. It would help to be descriptive.
3) Enter a Key passphrase. Make sure its a phrase and not a single word, also make sure it's known only to you. Then click on Save private key. Now you have a private, don't close Puttygen yet
Configure your login to use Public Keys
==================================
1) SSH into your ReadyNAS as root
2) Create the .ssh directory
3) Go back to Puttygen and copy the Public key for pasting into OpenSSH authorized_keys file:. It will look someting like:
4) Now in your SSH session create the authorized_keys file:
Then paste the public key that you copied from Puttygen.
6) Close Puttygen and make sure the authorized_keys are not accessible by anyone else
7) DON"T CLOSE YOUR CURRENT SSH SESSION YET! We still need to test out the keys you created using Putty. Type in the ip address of your ReadyNAS and choose SSH for connection type. Go to Category-> Connection-> SSH-> Auth then click on Browse and select the Private key you saved earlier. Now click on Open and try to login. You should be prompted with something like:
Now type in the passphrase you entered in Puttygen and you should be logged in. Hooray!
8 ) Then we need to edit the sshd_config so that we prevent anyone from logging in without the Private key
Look for the PasswordAuthentication option, uncomment it and make sure it looks like
9) Reload the sshd_config so that the changes are applied:
NOTE THAT MAKING THE ABOVE CHANGES TO sshd_config WILL PREVENT ANYONE FROM LOGGING IN TO YOUR READYNAS VIA SSH INCLUDING YOURSELF!
IF YOU LOSE YOUR KEYS YOU WILL HAVE NO WAY TO SSH INTO YOUR READYNAS (EXCEPT DOING A FIRMWARE RE-INSTALL??? - can anyone from the council confirm that a firmware re-install restores the sshd_config to default? I can't test right now :D )
Use SSH Forwarding to access your Bittorent client from any internet connected PC
===================================================================
1) Open up Putty and key in the remote ip of your router (or your router's dynamic dns name if you have one) load the private key as used in option 9 of Configure your login to use Public Keys above
2) Go to Category-> Connection-> SSH-> Tunnels
3) On your Source port enter 8080, on your Destination enter localhost:8080 and click on the Local radio button then click on Add
4) Click on Open and login
5) Once you're logged in, open your favorite browser and type in http://localhost:8080 in the address bar. You should now see your ReadyNAS bittorent client
Using the same setup you can also connect to
Frontview:
Squeezecenter:
TwonkyMedia:
Remote Desktop connection to your PC:
I'll also be posting this on my blog (see my sig). Have fun! cheers!
EDIT: Changed order of steps 7, 8 and 9 of Configure your login to use Public Keys to test the Private keys before changing the sshd_config
As with my previous guides this assumes that:
1) You're running at least raidiator v4
2) You already have ssh access
3) You're router is configured to forward port 22 to your ReadyNAS
Ok here we go
Install Putty and generate you own private keys
=========================================
1) Download and install Putty
2) Open Puttygen, click on the SSH-2 RSA radio button and click on Generate. You may change the Key comment to anything you want. It would help to be descriptive.
3) Enter a Key passphrase. Make sure its a phrase and not a single word, also make sure it's known only to you. Then click on Save private key. Now you have a private, don't close Puttygen yet
Configure your login to use Public Keys
==================================
1) SSH into your ReadyNAS as root
2) Create the .ssh directory
mkdir .ssh
chmod 700 .ssh
3) Go back to Puttygen and copy the Public key for pasting into OpenSSH authorized_keys file:. It will look someting like:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAje3r9k2PV1TyDOAZ0E/bG4t+NNxeH3c8hJmA1ayaFboA0Y
61bfnwKJaFh3eN8aCI7r5CgybTgPUP06KSb1mql2NR+m7L6rwtAnqrAUg9Kx6Ocr9zZ2DgCFnKlG
njte7rh8le05R8l+oThf3PQyvWu68sJUMtCW7P3Ka/ikwv7xM= rsa-key-20080605
4) Now in your SSH session create the authorized_keys file:
cd ~/.ssh
vi authorized_keys
Then paste the public key that you copied from Puttygen.
6) Close Puttygen and make sure the authorized_keys are not accessible by anyone else
chmod 600 authorized_keys
7) DON"T CLOSE YOUR CURRENT SSH SESSION YET! We still need to test out the keys you created using Putty. Type in the ip address of your ReadyNAS and choose SSH for connection type. Go to Category-> Connection-> SSH-> Auth then click on Browse and select the Private key you saved earlier. Now click on Open and try to login. You should be prompted with something like:
login as: root
Authenticating with public key "root@Corinthian"
Passphrase for key "root@Corinthian":
Now type in the passphrase you entered in Puttygen and you should be logged in. Hooray!
8 ) Then we need to edit the sshd_config so that we prevent anyone from logging in without the Private key
vi /etc/ssh/sshd_config
Look for the PasswordAuthentication option, uncomment it and make sure it looks like
PasswordAuthentication no
9) Reload the sshd_config so that the changes are applied:
/etc/init.d/ssh reload
NOTE THAT MAKING THE ABOVE CHANGES TO sshd_config WILL PREVENT ANYONE FROM LOGGING IN TO YOUR READYNAS VIA SSH INCLUDING YOURSELF!
IF YOU LOSE YOUR KEYS YOU WILL HAVE NO WAY TO SSH INTO YOUR READYNAS (EXCEPT DOING A FIRMWARE RE-INSTALL??? - can anyone from the council confirm that a firmware re-install restores the sshd_config to default? I can't test right now :D )
Use SSH Forwarding to access your Bittorent client from any internet connected PC
===================================================================
1) Open up Putty and key in the remote ip of your router (or your router's dynamic dns name if you have one) load the private key as used in option 9 of Configure your login to use Public Keys above
2) Go to Category-> Connection-> SSH-> Tunnels
3) On your Source port enter 8080, on your Destination enter localhost:8080 and click on the Local radio button then click on Add
4) Click on Open and login
5) Once you're logged in, open your favorite browser and type in http://localhost:8080 in the address bar. You should now see your ReadyNAS bittorent client
Using the same setup you can also connect to
Frontview:
Source port 443, Destination localhost:443, Local
https://localhost on your browser
Squeezecenter:
Source port 9000, Destination localhost:9000, Local
http://localhost:9000 on your browser
TwonkyMedia:
Source port 8100, Destination localhost:8100, Local
http://localhost:8100 on your browser
Remote Desktop connection to your PC:
Source port 3390, Destination <your PC's local ip i.e. 192.168.1.110>:3389, Local
localhost:3390 on your Remote Desktop Connection software
I'll also be posting this on my blog (see my sig). Have fun! cheers!
EDIT: Changed order of steps 7, 8 and 9 of Configure your login to use Public Keys to test the Private keys before changing the sshd_config
29 Replies
Replies have been turned off for this discussion
- Yes i have. I even started all over with new keys. I dont know must be doing something wrong.
blackbox:~/.ssh# /etc/init.d/ssh reload
Could not load host key: /etc/ssh/ssh_host_dsa_key
Reloading OpenBSD Secure Shell server's configuration.
blackbox:~/.ssh# cd /etc/ssh
blackbox:/etc/ssh# ls
moduli ssh_config sshd_config ssh_host_rsa_key ssh_host_rsa_key.pub
When I do a ssh reload it dont work. ssh_host_dsa_key is not there.- ric3125:
I also get the same message on my NV+ but the config changes are still successfully reloaded. Are you still unable to login using the private keys? What method are you using to login now? - No I cant use the private keys. I can still log in with a password. I never closed my first putty session. So I changed PasswordAuthentication back when it did not work.
ric3125 wrote: No I cant use the private keys. I can still log in with a password. I never closed my first putty session. So I changed PasswordAuthentication back when it did not work.
You're using the root id right? Can you do a pwd from the .ssh directory where you created the authorized_keys file?
The root id needs to have it's own home directory (i.e. /root). There are only 2 other things I can think of that may cause the ReadyNAS to refuse your private keys:
1) The root id has a home directory in / instead of /root and you created the .ssh directory in /
If this is the case you have to edit your /etc/passwd file to change root's home directory. It's the 2nd to the last fieldroot:*******:0:0:root:/root:/bin/bash
Change it to /root like in the example above then save it. Create the /root directory and move the .ssh directory to /rootroot@Matthew~# mkdir /root
root@Matthew~# mv .ssh /root
Then try to log in with your private keys again
OR
2) The root id has it's own home directory (i.e. root) but is writable by other users. Make sure /root is writable only by the root id (chmod 700 or chmod 755)root@Matthew/# ls -ld /root
drwx------ 5 root root 4096 May 30 01:11 /root
root@Matthew/#
Let me know how it goes and I'll try to reply back to you ASAP. Cheers!- Ok Thanks. I`am at work when I get home I will get the info for you.
blackbox:~/.ssh# pwd
/root/.ssh
blackbox:~/.ssh#
This is what I have.ric3125 wrote: blackbox:~/.ssh# pwd
/root/.ssh
blackbox:~/.ssh#
This is what I have.
What is the permission on /root? Have you checked? Please refer to my previous post on /root permissionsblackbox:~# ls -ld /root
drwx------ 4 root root 4096 Jun 4 16:32 /root
blackbox:~#ric3125 wrote: blackbox:~# ls -ld /root
drwx------ 4 root root 4096 Jun 4 16:32 /root
blackbox:~#
Can you send me your /etc/ssh/sshd_config via pm?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
