NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Securely access your Bittorent Client from anywhere
This tip attempts to give a step by step guide to access your Bittorent client securely from anywhere (internet connection is a must of course)
As with my previous guides this assumes that:
1) You're running at least raidiator v4
2) You already have ssh access
3) You're router is configured to forward port 22 to your ReadyNAS
Ok here we go
Install Putty and generate you own private keys
=========================================
1) Download and install Putty
2) Open Puttygen, click on the SSH-2 RSA radio button and click on Generate. You may change the Key comment to anything you want. It would help to be descriptive.
3) Enter a Key passphrase. Make sure its a phrase and not a single word, also make sure it's known only to you. Then click on Save private key. Now you have a private, don't close Puttygen yet
Configure your login to use Public Keys
==================================
1) SSH into your ReadyNAS as root
2) Create the .ssh directory
3) Go back to Puttygen and copy the Public key for pasting into OpenSSH authorized_keys file:. It will look someting like:
4) Now in your SSH session create the authorized_keys file:
Then paste the public key that you copied from Puttygen.
6) Close Puttygen and make sure the authorized_keys are not accessible by anyone else
7) DON"T CLOSE YOUR CURRENT SSH SESSION YET! We still need to test out the keys you created using Putty. Type in the ip address of your ReadyNAS and choose SSH for connection type. Go to Category-> Connection-> SSH-> Auth then click on Browse and select the Private key you saved earlier. Now click on Open and try to login. You should be prompted with something like:
Now type in the passphrase you entered in Puttygen and you should be logged in. Hooray!
8 ) Then we need to edit the sshd_config so that we prevent anyone from logging in without the Private key
Look for the PasswordAuthentication option, uncomment it and make sure it looks like
9) Reload the sshd_config so that the changes are applied:
NOTE THAT MAKING THE ABOVE CHANGES TO sshd_config WILL PREVENT ANYONE FROM LOGGING IN TO YOUR READYNAS VIA SSH INCLUDING YOURSELF!
IF YOU LOSE YOUR KEYS YOU WILL HAVE NO WAY TO SSH INTO YOUR READYNAS (EXCEPT DOING A FIRMWARE RE-INSTALL??? - can anyone from the council confirm that a firmware re-install restores the sshd_config to default? I can't test right now :D )
Use SSH Forwarding to access your Bittorent client from any internet connected PC
===================================================================
1) Open up Putty and key in the remote ip of your router (or your router's dynamic dns name if you have one) load the private key as used in option 9 of Configure your login to use Public Keys above
2) Go to Category-> Connection-> SSH-> Tunnels
3) On your Source port enter 8080, on your Destination enter localhost:8080 and click on the Local radio button then click on Add
4) Click on Open and login
5) Once you're logged in, open your favorite browser and type in http://localhost:8080 in the address bar. You should now see your ReadyNAS bittorent client
Using the same setup you can also connect to
Frontview:
Squeezecenter:
TwonkyMedia:
Remote Desktop connection to your PC:
I'll also be posting this on my blog (see my sig). Have fun! cheers!
EDIT: Changed order of steps 7, 8 and 9 of Configure your login to use Public Keys to test the Private keys before changing the sshd_config
As with my previous guides this assumes that:
1) You're running at least raidiator v4
2) You already have ssh access
3) You're router is configured to forward port 22 to your ReadyNAS
Ok here we go
Install Putty and generate you own private keys
=========================================
1) Download and install Putty
2) Open Puttygen, click on the SSH-2 RSA radio button and click on Generate. You may change the Key comment to anything you want. It would help to be descriptive.
3) Enter a Key passphrase. Make sure its a phrase and not a single word, also make sure it's known only to you. Then click on Save private key. Now you have a private, don't close Puttygen yet
Configure your login to use Public Keys
==================================
1) SSH into your ReadyNAS as root
2) Create the .ssh directory
mkdir .ssh
chmod 700 .ssh
3) Go back to Puttygen and copy the Public key for pasting into OpenSSH authorized_keys file:. It will look someting like:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAje3r9k2PV1TyDOAZ0E/bG4t+NNxeH3c8hJmA1ayaFboA0Y
61bfnwKJaFh3eN8aCI7r5CgybTgPUP06KSb1mql2NR+m7L6rwtAnqrAUg9Kx6Ocr9zZ2DgCFnKlG
njte7rh8le05R8l+oThf3PQyvWu68sJUMtCW7P3Ka/ikwv7xM= rsa-key-20080605
4) Now in your SSH session create the authorized_keys file:
cd ~/.ssh
vi authorized_keys
Then paste the public key that you copied from Puttygen.
6) Close Puttygen and make sure the authorized_keys are not accessible by anyone else
chmod 600 authorized_keys
7) DON"T CLOSE YOUR CURRENT SSH SESSION YET! We still need to test out the keys you created using Putty. Type in the ip address of your ReadyNAS and choose SSH for connection type. Go to Category-> Connection-> SSH-> Auth then click on Browse and select the Private key you saved earlier. Now click on Open and try to login. You should be prompted with something like:
login as: root
Authenticating with public key "root@Corinthian"
Passphrase for key "root@Corinthian":
Now type in the passphrase you entered in Puttygen and you should be logged in. Hooray!
8 ) Then we need to edit the sshd_config so that we prevent anyone from logging in without the Private key
vi /etc/ssh/sshd_config
Look for the PasswordAuthentication option, uncomment it and make sure it looks like
PasswordAuthentication no
9) Reload the sshd_config so that the changes are applied:
/etc/init.d/ssh reload
NOTE THAT MAKING THE ABOVE CHANGES TO sshd_config WILL PREVENT ANYONE FROM LOGGING IN TO YOUR READYNAS VIA SSH INCLUDING YOURSELF!
IF YOU LOSE YOUR KEYS YOU WILL HAVE NO WAY TO SSH INTO YOUR READYNAS (EXCEPT DOING A FIRMWARE RE-INSTALL??? - can anyone from the council confirm that a firmware re-install restores the sshd_config to default? I can't test right now :D )
Use SSH Forwarding to access your Bittorent client from any internet connected PC
===================================================================
1) Open up Putty and key in the remote ip of your router (or your router's dynamic dns name if you have one) load the private key as used in option 9 of Configure your login to use Public Keys above
2) Go to Category-> Connection-> SSH-> Tunnels
3) On your Source port enter 8080, on your Destination enter localhost:8080 and click on the Local radio button then click on Add
4) Click on Open and login
5) Once you're logged in, open your favorite browser and type in http://localhost:8080 in the address bar. You should now see your ReadyNAS bittorent client
Using the same setup you can also connect to
Frontview:
Source port 443, Destination localhost:443, Local
https://localhost on your browser
Squeezecenter:
Source port 9000, Destination localhost:9000, Local
http://localhost:9000 on your browser
TwonkyMedia:
Source port 8100, Destination localhost:8100, Local
http://localhost:8100 on your browser
Remote Desktop connection to your PC:
Source port 3390, Destination <your PC's local ip i.e. 192.168.1.110>:3389, Local
localhost:3390 on your Remote Desktop Connection software
I'll also be posting this on my blog (see my sig). Have fun! cheers!
EDIT: Changed order of steps 7, 8 and 9 of Configure your login to use Public Keys to test the Private keys before changing the sshd_config
29 Replies
Replies have been turned off for this discussion
- Thanks Lrdshper. Just to let everyone know, when I copied my private key and pasted it. It did not paste the fist s in ssh-rsa. That was the hole problem. work like a champ now. :D
- FYI guys, you don't need to set up SSH keys for this to work. If you add in the tunneling in putty, once you successfully connect and establish a SSH session, it will work no matter what use you are. I personally like using my password and not SSH keys, but that's the security guy in me!
Doc doc wrote: FYI guys, you don't need to set up SSH keys for this to work. If you add in the tunneling in putty, once you successfully connect and establish a SSH session, it will work no matter what use you are. I personally like using my password and not SSH keys, but that's the security guy in me!
Doc
Yup, SSH keys are not needed. But he was asking for a secure way to do it which is why we configured to ReadyNAS to accept only private keys :D
By the way I forgot to mention that if you want to use a different user you would need to edit /etc/passwd and change the default shell /bin/false to /bin/bash for that user. I'll update the 1st post. Thanks- Great Guide
I have used Linux sparsely in projects in the past, but I'm otherwise a 100% Windows user.
I followed the guide step by step, and every thing works great.
Kudos - Thanks. Glad you found it helpful
- Is there a Mac alternative for the Puttygen software?
delhux wrote: Is there a Mac alternative for the Puttygen software?
Don't have a Mac and not sure if there are GUI alternatives but:
ssh-keygen -t rsa
Will generate SSH keys for you. You'll have two files created in your ~/.ssh dir:
id_rsa (Private key)
and id_rsa.pub (Public key)
For Step 3), you'd want to copy the contents of the id_rsa.pub to paste into your ReadyNAS' authorized_keys or you can use:
ssh-copy-id user@readynasip -- Works on most Linux machines, not sure if it will work on a mac)
or
cat ~/.ssh/id_rsa.pub | ssh user@readynasip 'cat >>.ssh/authorized_keys'
Cheers!- I followed the complete guide.
Log in works good with the key and configured the tunnel but can't go to webpages (https://localhost) - It allready works, I didn't knew that I had to change localhost for the NAS IP in the tunneling config.
How can I use this to access shares? and do I have to open putty everytime? isn't there a way so at bootup of windows 7 it automaticlly connects?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
