ssh loginless connection security

Options
Andras
Andras Posts: 8  Freshman Member
Hi Guys,
Finally I could change the root's home dir using Twonky. Than I re-started to generate the key pair for passwordless login from my openhab server. It went well, key got copied to my nas. Hoever the ssh from the openhab keep asking password. Than applied chmod 700 for the .ssh and chmod 640 for the .ssh/authorized_keys but still no success. 
What is also interesteing that the ssh root@[nas ip] cd .ssh also not works. It does not let me to enter to the folder even typing the password.

So I guess the problem is with some security setup on my NAS.
Idea how to change it? 

All Replies

  • Mijzelf
    Mijzelf Posts: 2,638  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    What is the output of
    [code]
    pwd
    ls -la
    [/code]
    after logging in as root?
  • Andras
    Andras Posts: 8  Freshman Member
    Options
    Hi Mijzelf,
    I see this:

    root@NSA310:~# pwd
    /i-data/md0/admin
    root@NSA310:~# ls -la
    total 206300
    drwxrwxrwx 10 root  root          4096 Apr 13 09:42 .
    drwxrwxrwx 13 root  root          4096 Apr 13 09:42 ..
    -rw-------  1 root  root           480 Apr 13 19:24 .bash_history
    drwx------  2 root  root          4096 Apr 13 12:49 .ssh
    ...
    root@NSA310:~# ls .ssh -la
    total 12
    drwx------  2 root root 4096 Apr 13 12:49 .
    drwxrwxrwx 10 root root 4096 Apr 13 09:42 ..
    -rw-------  1 root root  744 Apr 13 12:49 authorized_keys

    "/i-data/md0/admin" what I set in Tweaks
    DRWX codes looks equivalen with the desired chmod codes (700 for .ssh and 640)


  • Mijzelf
    Mijzelf Posts: 2,638  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    authorized_key does not have permission 640, this is 600. 640 is -rw-r-------. Yet I don't know if that is a problem.
    You have a NSA310, so I assume you are using the dropbear package for ssh? That package is rather old, version 2014.63. Maybe it doesn't support the keypair you generated. You can try to use the provided dropbearkey (/usr/local/zy-pkgs/bin/dropbearkey) to generate your keypair.
  • Andras
    Andras Posts: 8  Freshman Member
    Options
    Changed to 600 but no success

    I use OpenSSL:
    root@NSA310:~# ssh -V
    OpenSSH_5.9p1, OpenSSL 1.0.0e 6 Sep 2011

  • Mijzelf
    Mijzelf Posts: 2,638  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Well, that one is even older. So if you created your key pair on another box, odds are that it's not compatible anymore.

    BTW, have you tried to login using 'ssh -vvv' to get more info?
  • Andras
    Andras Posts: 8  Freshman Member
    Options
    Do you have any suggestion hpw to upgrade it?

    This is what I can see:
    root@NSA310:~# ssh -vvv
    OpenSSH_5.9p1, OpenSSL 1.0.0e 6 Sep 2011
    usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
               [-D [bind_address:]port] [-e escape_char] [-F configfile]
               [-I pkcs11] [-i identity_file]
               [-L [bind_address:]port:host:hostport]
               [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
               [-R [bind_address:]port:host:hostport] [-S ctl_path]
               [-W host:port] [-w local_tun[:remote_tun]]
               [user@]hostname [command]


  • Mijzelf
    Mijzelf Posts: 2,638  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Do you have any suggestion hpw to upgrade it?
    You could use the ssh server from Entware-ng
    This is what I can see:
    That is not what I meant. If you on the other box execute

    ssh -vvv root@nsa310

    you might see why the key login doesn't work.

Consumer Product Help Center