Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Hardening SSH security on your ReadyNAS NV+
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2013-08-07
12:58 PM
2013-08-07
12:58 PM
Hardening SSH security on your ReadyNAS NV+
First I would like to give credit to Sven Dens who originally posted this howto.
He has provided more background addressing why you would want to do this.
I am simply documenting all the steps I had to add to get working on my vanilla ReadyNAS NV+.
There are a couple things we want to accomplish in this guide.
He has provided more background addressing why you would want to do this.
I am simply documenting all the steps I had to add to get working on my vanilla ReadyNAS NV+.
There are a couple things we want to accomplish in this guide.
- Create a new user that has access root permissions
- Make it impossible to login as the "root" user through SSH
- Change the default SSH port
- EnableRootSSH
- APT
- Login to your ReadyNAS as root via SSH
- Run the following commands
apt-get update
apt-get --reinstall install passwd
apt-get install nano - Run the following command (replace newUser with whatever name you like)
adduser newUser
You will only need to enter a password and confirm it; press enter for everything else to accept the defaults
- Give newUser root permissions
- Open the sudoers file in the nano editor
nano /etc/sudoers
- add a new line at the end of the file
newUser ALL=(ALL) ALL
- Save and exit (press Ctrl+X, Y, Return)
- Open the sudoers file in the nano editor
- Test newUser login
- Exit your SSH session by typing exit and hitting return
- Login to your ReadyNAS as newUser via SSH
- Notice you do not have root rights (missing the # sign after your username in the prompt)
- Ensure you can access the root shell
su
You could also execute a single command as root with the following syntax
sudo <command>
- Exit your SSH session by typing exit and hitting return
- If you haven't already, promote your shell to root
su
- Remove root user access via SSH and update the SSH port
- Open the sshd_config file in the nano editor
nano /etc/ssh/sshd_config
- Change the PermitRootLogin value from yes to no
PermitRootLogin no
- Change the Port value from 22 to something else (tip: 8200-49151)
Port 12345
- Save and exit (press Ctrl+X, Y, Return)
- Open the sshd_config file in the nano editor
- Restart the SSH daemon
/etc/init.d/ssh restart
I received an error after doing this, but everything runs fine - SSH into the ReadyNAS device on port 22
This should fail as the ReadyNAS device is no longer listening on port 22
- SSH into the ReadyNAS device as "root" on new port 12345 (or whatever you used)
You should be able to connect, but denied access even though you entered the correct root password
- SSH into the ReadyNAS device as "newUser" on new port 12345 (or whatever you used)
You should be able to connect and login with the ability to execute sudo or su commands
Ensure the following addons have been installed from the Add-ons for RAIDiator 4.1.3+ page
Install required packages
Now, let's create a new user with root permissions
Now, let's make it impossible to login as "root" through SSH and update the SSH port
You should now be able to try the following to validate everything is working as expected
Known Issues:
Rsync over SSH will not work... it requires root login and port 22 (If I find a workaround I'll post it)
Otherwise, enjoy 🙂
Message 1 of 2
Labels:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2013-08-12
07:02 PM
2013-08-12
07:02 PM
Re: Hardening SSH security on your ReadyNAS NV+
Also of note is that these changes will be overwritten on firmware upgrades.
Message 2 of 2