NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Securely access your Bittorent Client from anywhere
This tip attempts to give a step by step guide to access your Bittorent client securely from anywhere (internet connection is a must of course)
As with my previous guides this assumes that:
1) You're running at least raidiator v4
2) You already have ssh access
3) You're router is configured to forward port 22 to your ReadyNAS
Ok here we go
Install Putty and generate you own private keys
=========================================
1) Download and install Putty
2) Open Puttygen, click on the SSH-2 RSA radio button and click on Generate. You may change the Key comment to anything you want. It would help to be descriptive.
3) Enter a Key passphrase. Make sure its a phrase and not a single word, also make sure it's known only to you. Then click on Save private key. Now you have a private, don't close Puttygen yet
Configure your login to use Public Keys
==================================
1) SSH into your ReadyNAS as root
2) Create the .ssh directory
3) Go back to Puttygen and copy the Public key for pasting into OpenSSH authorized_keys file:. It will look someting like:
4) Now in your SSH session create the authorized_keys file:
Then paste the public key that you copied from Puttygen.
6) Close Puttygen and make sure the authorized_keys are not accessible by anyone else
7) DON"T CLOSE YOUR CURRENT SSH SESSION YET! We still need to test out the keys you created using Putty. Type in the ip address of your ReadyNAS and choose SSH for connection type. Go to Category-> Connection-> SSH-> Auth then click on Browse and select the Private key you saved earlier. Now click on Open and try to login. You should be prompted with something like:
Now type in the passphrase you entered in Puttygen and you should be logged in. Hooray!
8 ) Then we need to edit the sshd_config so that we prevent anyone from logging in without the Private key
Look for the PasswordAuthentication option, uncomment it and make sure it looks like
9) Reload the sshd_config so that the changes are applied:
NOTE THAT MAKING THE ABOVE CHANGES TO sshd_config WILL PREVENT ANYONE FROM LOGGING IN TO YOUR READYNAS VIA SSH INCLUDING YOURSELF!
IF YOU LOSE YOUR KEYS YOU WILL HAVE NO WAY TO SSH INTO YOUR READYNAS (EXCEPT DOING A FIRMWARE RE-INSTALL??? - can anyone from the council confirm that a firmware re-install restores the sshd_config to default? I can't test right now :D )
Use SSH Forwarding to access your Bittorent client from any internet connected PC
===================================================================
1) Open up Putty and key in the remote ip of your router (or your router's dynamic dns name if you have one) load the private key as used in option 9 of Configure your login to use Public Keys above
2) Go to Category-> Connection-> SSH-> Tunnels
3) On your Source port enter 8080, on your Destination enter localhost:8080 and click on the Local radio button then click on Add
4) Click on Open and login
5) Once you're logged in, open your favorite browser and type in http://localhost:8080 in the address bar. You should now see your ReadyNAS bittorent client
Using the same setup you can also connect to
Frontview:
Squeezecenter:
TwonkyMedia:
Remote Desktop connection to your PC:
I'll also be posting this on my blog (see my sig). Have fun! cheers!
EDIT: Changed order of steps 7, 8 and 9 of Configure your login to use Public Keys to test the Private keys before changing the sshd_config
As with my previous guides this assumes that:
1) You're running at least raidiator v4
2) You already have ssh access
3) You're router is configured to forward port 22 to your ReadyNAS
Ok here we go
Install Putty and generate you own private keys
=========================================
1) Download and install Putty
2) Open Puttygen, click on the SSH-2 RSA radio button and click on Generate. You may change the Key comment to anything you want. It would help to be descriptive.
3) Enter a Key passphrase. Make sure its a phrase and not a single word, also make sure it's known only to you. Then click on Save private key. Now you have a private, don't close Puttygen yet
Configure your login to use Public Keys
==================================
1) SSH into your ReadyNAS as root
2) Create the .ssh directory
mkdir .ssh
chmod 700 .ssh
3) Go back to Puttygen and copy the Public key for pasting into OpenSSH authorized_keys file:. It will look someting like:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAje3r9k2PV1TyDOAZ0E/bG4t+NNxeH3c8hJmA1ayaFboA0Y
61bfnwKJaFh3eN8aCI7r5CgybTgPUP06KSb1mql2NR+m7L6rwtAnqrAUg9Kx6Ocr9zZ2DgCFnKlG
njte7rh8le05R8l+oThf3PQyvWu68sJUMtCW7P3Ka/ikwv7xM= rsa-key-20080605
4) Now in your SSH session create the authorized_keys file:
cd ~/.ssh
vi authorized_keys
Then paste the public key that you copied from Puttygen.
6) Close Puttygen and make sure the authorized_keys are not accessible by anyone else
chmod 600 authorized_keys
7) DON"T CLOSE YOUR CURRENT SSH SESSION YET! We still need to test out the keys you created using Putty. Type in the ip address of your ReadyNAS and choose SSH for connection type. Go to Category-> Connection-> SSH-> Auth then click on Browse and select the Private key you saved earlier. Now click on Open and try to login. You should be prompted with something like:
login as: root
Authenticating with public key "root@Corinthian"
Passphrase for key "root@Corinthian":
Now type in the passphrase you entered in Puttygen and you should be logged in. Hooray!
8 ) Then we need to edit the sshd_config so that we prevent anyone from logging in without the Private key
vi /etc/ssh/sshd_config
Look for the PasswordAuthentication option, uncomment it and make sure it looks like
PasswordAuthentication no
9) Reload the sshd_config so that the changes are applied:
/etc/init.d/ssh reload
NOTE THAT MAKING THE ABOVE CHANGES TO sshd_config WILL PREVENT ANYONE FROM LOGGING IN TO YOUR READYNAS VIA SSH INCLUDING YOURSELF!
IF YOU LOSE YOUR KEYS YOU WILL HAVE NO WAY TO SSH INTO YOUR READYNAS (EXCEPT DOING A FIRMWARE RE-INSTALL??? - can anyone from the council confirm that a firmware re-install restores the sshd_config to default? I can't test right now :D )
Use SSH Forwarding to access your Bittorent client from any internet connected PC
===================================================================
1) Open up Putty and key in the remote ip of your router (or your router's dynamic dns name if you have one) load the private key as used in option 9 of Configure your login to use Public Keys above
2) Go to Category-> Connection-> SSH-> Tunnels
3) On your Source port enter 8080, on your Destination enter localhost:8080 and click on the Local radio button then click on Add
4) Click on Open and login
5) Once you're logged in, open your favorite browser and type in http://localhost:8080 in the address bar. You should now see your ReadyNAS bittorent client
Using the same setup you can also connect to
Frontview:
Source port 443, Destination localhost:443, Local
https://localhost on your browser
Squeezecenter:
Source port 9000, Destination localhost:9000, Local
http://localhost:9000 on your browser
TwonkyMedia:
Source port 8100, Destination localhost:8100, Local
http://localhost:8100 on your browser
Remote Desktop connection to your PC:
Source port 3390, Destination <your PC's local ip i.e. 192.168.1.110>:3389, Local
localhost:3390 on your Remote Desktop Connection software
I'll also be posting this on my blog (see my sig). Have fun! cheers!
EDIT: Changed order of steps 7, 8 and 9 of Configure your login to use Public Keys to test the Private keys before changing the sshd_config
29 Replies
Replies have been turned off for this discussion
- Great tip!
- In step 7 I get this.
blackbox:~/.ssh# /etc/init.d/ssh reload
Could not load host key: /etc/ssh/ssh_host_dsa_key
Reloading OpenBSD Secure Shell server's configuration.
I`am new to this and never done this before. thanks - I just tried it on my ReadyNAS and I got the same message but the changes to sshd_config were reloaded successfully. Try logging in now with your private keys
- No it did not work.
"Server refused your key" - it works fine for me
- did you have this :
R2-D2:~/.ssh# ls
authorized_keys known_hosts
R2-D2:~/.ssh# pwd
/root/.ssh
R2-D2:~/.ssh# - Her is mine.
blackbox:~/.ssh# ls
authorized_keys
blackbox:~/.ssh# pwd
/root/.ssh
blackbox:~/.ssh# ric3125 wrote: Her is mine.
blackbox:~/.ssh# ls
authorized_keys
blackbox:~/.ssh# pwd
/root/.ssh
blackbox:~/.ssh#
Did you change the permission on your .ssh directory and authorized_keys file?
root@Matthew~# ls -ld .ssh
drwx------ 2 root root 4096 Mar 13 17:25 .ssh
root@Matthew~# cd .ssh
root@Matthew~/.ssh# ls -l
total 8
-rw------- 1 root root 228 Oct 28 2007 authorized_keys
-rw-r--r-- 1 root root 1179 Apr 22 23:54 known_hosts
Did you copy the public key properly? If you changed the Key comment field in Puttygen the public key will change as well. Open up Puttygen, load your private key and copy the public key again into the authorized_keys file.- Ok this is what I have.
blackbox:~# ls -ld .ssh
drwx------ 2 root root 4096 Jun 5 18:57 .ssh
blackbox:~# cd .ssh
blackbox:~/.ssh# ls -l
total 4
-rw------- 1 root root 226 Jun 5 20:48 authorized_keys
blackbox:~/.ssh# - Have you tried copying the Public keys again? Please refer to my previous post
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
