NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SSH enabled for user (but not for root)
I want to enable SSH to use SFTP (with FreeFileSync) to automate synchronisation between two NAS' in separate geolocations (i can post instructions if anyone interested) I have read about how to ...
redstamp wrote:
"The root password for SSH is the same as the admin user. Change from the default for security purposes. Not changing the default password and enabling SSH leaves you vulnerable to attack."
I still dont get what that last precautionary bullet is trying to warn against though.
It's saying two things. First, that if you want to access the linux shell via ssh you should use "root" as the username instead of "admin" - using the NAS admin password.
Second (the warning bit), that it is a really bad idea to leave that NAS admin password set to the default value of password. Even if you don't enable ssh you shouldn't use the default password.
John,
Thanks for your reply. I understand root access is enabled for that user when checking the "enable shell access" option.
I have created a specific user to use with my remote SSH access, allow shell access and set a public / private key combination, disabled password access for this user and set the port forward from a high external port number.
Perhaps it is my lack of knowledge but the penultimate bullet on the intro for this page: https://kb.netgear.com/30068/ReadyNAS-OS-6-SSH-access-support-and-configuration-guides
...says:
"The root password for SSH is the same as the admin user. Change from the default for security purposes. Not changing the default password and enabling SSH leaves you vulnerable to attack."
And i thought this means root password for any user maps to the admin password - however writing this down makes me feel slightly stupid now. I still dont get what that last precautionary bullet is trying to warn against though.
Thanks.
Jon
redstamp wrote:
"The root password for SSH is the same as the admin user. Change from the default for security purposes. Not changing the default password and enabling SSH leaves you vulnerable to attack."
I still dont get what that last precautionary bullet is trying to warn against though.
It's saying two things. First, that if you want to access the linux shell via ssh you should use "root" as the username instead of "admin" - using the NAS admin password.
Second (the warning bit), that it is a really bad idea to leave that NAS admin password set to the default value of password. Even if you don't enable ssh you shouldn't use the default password.
Thanks for the clarification.
So essentially to use freefilesync over SSH, I can disable shell access for the specific user I have set-up.
BTW - I have changed the default password for admin to something secure ;-)
Jon
Yes. You might want to set everything up on a PC on your local network first with a test share - it'll be simpler to get it working that way.
redstamp wrote:Thanks for the clarification.So essentially to use freefilesync over SSH, I can disable shell access for the specific user I have set-up.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
