NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
redstamp
Mar 19, 2018Apprentice
SSH enabled for user (but not for root)
I want to enable SSH to use SFTP (with FreeFileSync) to automate synchronisation between two NAS' in separate geolocations (i can post instructions if anyone interested) I have read about how to ...
- Apr 07, 2018
redstamp wrote:
"The root password for SSH is the same as the admin user. Change from the default for security purposes. Not changing the default password and enabling SSH leaves you vulnerable to attack."
I still dont get what that last precautionary bullet is trying to warn against though.
It's saying two things. First, that if you want to access the linux shell via ssh you should use "root" as the username instead of "admin" - using the NAS admin password.
Second (the warning bit), that it is a really bad idea to leave that NAS admin password set to the default value of password. Even if you don't enable ssh you shouldn't use the default password.
redstamp
Apr 07, 2018Apprentice
John,
Thanks for your reply. I understand root access is enabled for that user when checking the "enable shell access" option.
I have created a specific user to use with my remote SSH access, allow shell access and set a public / private key combination, disabled password access for this user and set the port forward from a high external port number.
Perhaps it is my lack of knowledge but the penultimate bullet on the intro for this page: https://kb.netgear.com/30068/ReadyNAS-OS-6-SSH-access-support-and-configuration-guides
...says:
"The root password for SSH is the same as the admin user. Change from the default for security purposes. Not changing the default password and enabling SSH leaves you vulnerable to attack."
And i thought this means root password for any user maps to the admin password - however writing this down makes me feel slightly stupid now. I still dont get what that last precautionary bullet is trying to warn against though.
Thanks.
Jon
StephenB
Apr 07, 2018Guru - Experienced User
redstamp wrote:
"The root password for SSH is the same as the admin user. Change from the default for security purposes. Not changing the default password and enabling SSH leaves you vulnerable to attack."
I still dont get what that last precautionary bullet is trying to warn against though.
It's saying two things. First, that if you want to access the linux shell via ssh you should use "root" as the username instead of "admin" - using the NAS admin password.
Second (the warning bit), that it is a really bad idea to leave that NAS admin password set to the default value of password. Even if you don't enable ssh you shouldn't use the default password.
- redstampApr 07, 2018Apprentice
Thanks for the clarification.
So essentially to use freefilesync over SSH, I can disable shell access for the specific user I have set-up.
BTW - I have changed the default password for admin to something secure ;-)
Jon
- StephenBApr 07, 2018Guru - Experienced User
Yes. You might want to set everything up on a PC on your local network first with a test share - it'll be simpler to get it working that way.
redstamp wrote:Thanks for the clarification.So essentially to use freefilesync over SSH, I can disable shell access for the specific user I have set-up.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!