hugo_backup/public/post/enable-synology-public-ssh/index.html

<!doctype html>
<html class="no-js" lang="tw">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta name="author" content="Eric Chang">
        <meta name="description" content="What’s the Worst That Could Happen?">
        <meta name="keywords" content="linux,blog,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
        <meta name="generator" content="Hugo 0.50" />
        <title> 筆記- 啟用群暉NAS (Synology NAS)的SSH Server  透過Publickey 認證免密碼登入 | MCの飄狂山莊㊣</title>
        <meta name="description" content="筆記- 啟用群暉NAS (Synology NAS)的SSH Server  透過Publickey 認證免密碼登入 - What’s the Worst That Could Happen?">
        <meta itemprop="name" content="筆記- 啟用群暉NAS (Synology NAS)的SSH Server  透過Publickey 認證免密碼登入">
        <meta itemprop="description" content="筆記- 啟用群暉NAS (Synology NAS)的SSH Server  透過Publickey 認證免密碼登入 - What’s the Worst That Could Happen?">
        <meta property="og:title" content="筆記- 啟用群暉NAS (Synology NAS)的SSH Server  透過Publickey 認證免密碼登入">
        <meta property="og:description" content="筆記- 啟用群暉NAS (Synology NAS)的SSH Server  透過Publickey 認證免密碼登入 - What’s the Worst That Could Happen?">
        <meta property="og:image" content="https://i.imgur.com/jcDQmI1.png">
        <meta property="og:url" content="https://h.cowbay.org/post/enable-synology-public-ssh/">
        <meta property="og:site_name" content="MCの飄狂山莊㊣">
        <meta property="og:type" content="article">
        <link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
        <link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">

	

        
        
        
        
        <link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.a89dfa577f701bffe9659f476ef61241cb2a3452b913e793463b0074a10c0a59.css">

        

        
            
                <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
            
        
    </head>
    <body class="bilberry-hugo-theme">
        
<nav class="permanentTopNav">

    <div class="container">
        <ul class="topnav">
            
        </ul>

        
            <div id="search-box" class="search">
                <i class="fa fa-search"></i>
                <input id="search" type="text" placeholder="">
            </div>
        
    </div>
</nav>


        <header>
    <div class="container">
        <div class="logo">
            <a href="/" class="logo">
                
                    <img src="https://www.gravatar.com/avatar/e4eb1f8e016ffb73e9889f87d16e15f0?d=mm&size=200" alt="">
                

                <span class="overlay"><i class="fa fa-home"></i></span>
            </a>
        </div>
        <div class="titles">
            <h3 class="title"><a href="/">MCの飄狂山莊㊣</a></h3>
            
                <span class="subtitle">What’s the Worst That Could Happen?</span>
            
        </div>

    

        
        <div class="toggler permanentTopNav">
        
            <i class="fa fa-bars" aria-hidden="true"></i>
        </div>
    </div>
</header>


        <div class="main container">
            
     
    <div class="article-wrapper u-cf single">
        
            <a class="bubble" href="/post/enable-synology-public-ssh/">
    <i class="fa fa-fw fa-pencil"></i>
</a>

<article class="default article">
    
    <div class="featured-image">
        <a href="/post/enable-synology-public-ssh/">
            <img src="https://i.imgur.com/jcDQmI1.png" alt="">
        </a>
    </div>


    <div class="content">
    <h3><a href="/post/enable-synology-public-ssh/">筆記- 啟用群暉NAS (Synology NAS)的SSH Server  透過Publickey 認證免密碼登入</a></h3>
    <div class="meta">
        
            
                <span class="date moment">2018-11-05</span>
            
        

        

        
            <span class="categories">
                
                    <a href="/categories/%E7%AD%86%E8%A8%98">筆記</a>
                
            </span>
        

        
            <span class="author"><a href="/author/eric-chang">Eric Chang</a></span>
        
    </div>

    
        <p>公司內有幾台NAS，其中有一台用來放開發人員的postgresql dump file
之前都是主要的開發人員上傳到google drive，分享出來 ，然後其他人去抓回來</p>

<p>這樣子有個問題是，當server要存取這些檔案時，就沒辦法了，除非透過一些 3rd party的軟體
像是這篇</p>

<p><a href="https://www.omgubuntu.co.uk/2017/04/mount-google-drive-ocamlfuse-linux">https://www.omgubuntu.co.uk/2017/04/mount-google-drive-ocamlfuse-linux</a></p>

<p>或者是這篇</p>

<p><a href="https://www.maketecheasier.com/mount-google-drive-ubuntu/">https://www.maketecheasier.com/mount-google-drive-ubuntu/</a></p>

<p>但是手邊的伺服器，原則上除非有必要，不然都沒有開放internet
所以導致明明檔案就在那邊，但是要取得就是很麻煩</p>

<p></p>

<p>Dev_A upload to google drive &mdash;&gt; Dev_B Download from google drive &mdash;&gt; Dev_B scp download file to me &mdash;&gt; I upload to server.</p>

<p>有沒有？是不是很stupid (講話一定要烙英文)</p>

<p>既然有現成的NAS在那邊，幹嘛不用呢？(攤手)</p>

<p>聽說之前的人一直沒成功弄出來，讓Server可以直接去NAS存取檔案的方式，我記得這個不是很難啊
就順手整理一下</p>

<h3 id="新增使用者帳號-確認家目錄存在">新增使用者帳號/ 確認家目錄存在</h3>

<p>在NAS 的管理界面上新增一個帳號，假設叫 eric 好了</p>

<p><del>建立時，注意一下要指定家目錄路徑</del></p>

<p>更正： 群暉的界面好像不能指定家目錄</p>

<p>預設的路徑如下</p>

<pre><code>eric:x:1071:100::/var/services/homes/eric:/sbin/nologin
</code></pre>

<p>不過我覺得怪怪的，因為在我手邊的幾台NAS底下 /var/services/homes 都切不過去
確認一下路徑，發現那個 <code>@fake_home_link</code> 根本就不存在啊！</p>

<pre><code>admin@storage:/volume1$ ls -lart /var/services/homes 
lrwxrwxrwx 1 root root 24 May 23 14:14 /var/services/homes -&gt; /volume1/@fake_home_link
admin@storage:/volume1$
</code></pre>

<p>我在想是不是之前的人有改過什麼..
anyway ，反正先不管這邊，直接修改 /etc/passwd檔案</p>

<pre><code>sudo vim /etc/passwd
</code></pre>

<p>修正到正確的路徑，順便把shell 也改掉，不然不能登入</p>

<pre><code>eric:x:1071:100::/volume1/homes/eric:/bin/sh
</code></pre>

<h3 id="修改-etc-ssh-sshd-config">修改 /etc/ssh/sshd_config</h3>

<p>再來修正預設沒有啟用 Publickey 驗證的 ssh</p>

<pre><code>sudo vim /etc/ssh/sshd_config
</code></pre>

<p>確認底下三行存在</p>

<pre><code>RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys
</code></pre>

<h3 id="將key傳到-nas上">將KEY傳到 NAS上</h3>

<p>先建立相關目錄，順便修正一下目錄權限</p>

<pre><code>chmod 755 /volume1/homes/eric
mkdir -p /volume1/homes/eric/.ssh
chmod 700 /volume1/homes/eric/.ssh
</code></pre>

<p>再來把Publickey 傳到NAS，複製貼上也好，ssh-copy-id也可以，同時修正權限</p>

<pre><code>vim /volume1/homes/eric/.ssh/authorized_keys 
chmod 0600 /volume1/eric/.ssh/authorized_keys
</code></pre>

<h3 id="重啟ssh">重啟SSH</h3>

<p>本來這個步驟應該可以用</p>

<pre><code>synoservicectl --restart sshd
</code></pre>

<p>來解決
但是實際上這個指令只會把你踢出 SSH session &hellip;.( WTF!!! )</p>

<p>所以還是要去NAS的管理界面，去關閉再打開SSH (有點蠢..)
<img src="https://i.imgur.com/jcDQmI1.png" alt="Synology WEB UI" /></p>

<p>然後就可以測試用Publickey 來登入NAS了</p>

<pre><code>2018-11-05 14:47:12 [mini@s009 ansiblecontrol]$ ssh admin@storage 
admin@storage:~$ 
</code></pre>

<p>確認免密碼登入無誤了！</p>
    
</div>

    
<div class="footer">


    
        <div class="tags">
            <i class="fa fa-tags"></i>
            <div class="links">
                
                    <a href="/tags/%E7%AD%86%E8%A8%98">筆記</a>
                
                    <a href="/tags/synology">synology</a>
                
                    <a href="/tags/nas">NAS</a>
                
                    <a href="/tags/ssh">SSH</a>
                
            </div>
        </div>
    

    
</div>

</article>

        
    </div>

    
        <div id="disqus_thread"></div>
<script type="application/javascript">
    var disqus_config = function () {
    
    
    
    };
    (function() {
        if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
            document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
            return;
        }
        var d = document, s = d.createElement('script'); s.async = true;
        s.src = '//' + "h-cowbay-org-1" + '.disqus.com/embed.js';
        s.setAttribute('data-timestamp', +new Date());
        (d.head || d.body).appendChild(s);
    })();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
    

     

        </div>

        
<footer>
    <div class="container">

        
        <div class="recent-posts">
            <strong></strong>
                <ul>
                
                    <li>
                        <a href="/post/inx-collect-detail-hardware-info/">[筆記] inxi 蒐集詳盡的硬體資訊 / inxi Collect Detail Hardware Info</a>
                    </li>
                
                    <li>
                        <a href="/post/log-all-bash-commands/">[筆記] 紀錄所有下過的指令、時間 / Log All commands with timestamp</a>
                    </li>
                
                    <li>
                        <a href="/post/fix-zpool-device-busy-using-dmsetup/">[筆記] 解決無法建立zpool 的錯誤 / Fix Zpool Device Busy Using dmsetup</a>
                    </li>
                
                    <li>
                        <a href="/post/transfer-cent62-using-rsync/">[筆記] 用rsync 移轉 centos 6.2的老機器 Transfer Cent6.2 using rsync</a>
                    </li>
                
                    <li>
                        <a href="/post/command_to_test_main_ssl/">[筆記] 測試mail server 的SSL憑證的指令 Command to test mailserver SSL</a>
                    </li>
                
                    <li>
                        <a href="/post/install-timeshift-on-ubuntu1804/">Install Timeshift on Ubuntu1804</a>
                    </li>
                
                    <li>
                        <a href="/post/install-ubuntu1804-on-dell-6ir-raid-controller/">用DELL 6 i/R 建立RAID，並在上面安裝ubuntu 18.04 </a>
                    </li>
                
                </ul>
        </div>
        

        
        <div class="categories">
            <a href="/categories/"><strong></strong></a>
                <ul>
                
                    <li>
                        <a href="/categories/%E7%AD%86%E8%A8%98">筆記 (18)</a>
                    </li>
                
                    <li>
                        <a href="/categories/ps">Ps (1)</a>
                    </li>
                
                    <li>
                        <a href="/categories/%E7%A2%8E%E5%BF%B5">碎念 (1)</a>
                    </li>
                
                    <li>
                        <a href="/categories/%E7%BE%A4%E6%9A%89">群暉 (1)</a>
                    </li>
                
            </ul>
        </div>
        

        <div class="right">
            
            <div class="external-profiles">
                <strong></strong>

                
                    <a href="https://www.facebook.com/mariahchang" target="_blank"><i class="fa fa-facebook-adblock-proof"></i></a>
                
                
                    <a href="https://twitter.com/changchichung" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>
                
                
                
                
                
                
                
                
                
                    <a href="https://github.com/changchichung" target="_blank"><i class="fa fa-github"></i></a>
                
                
            </div>
            

            
        </div>
    </div>
</footer>


<div class="credits">
    <div class="container">
        <div class="copyright">
            <a href="https://github.com/Lednerb" target="_blank">
                &copy;
                
                    2017
                
                by Lednerb
            </a>
	    
        </div>
        <div class="author">
            <a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Bilberry Hugo Theme</a>
        </div>
    </div>
</div>


        
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
	window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
	ga('create', 'UA-138954876-1', 'auto');
	
	ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>


        

        
        
        <script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>

        
        
        <script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>

        <script>
            $(".moment").each(function() {
                $(this).text(
                    moment( $(this).text() )
                        .locale( "tw" )
                        .format('LL')
                );
            });

            $(".footnote-return sup").html("");
        </script>

        
            
        

        
            <script>
    var client = algoliasearch("2XL0P8XDCY", "4ef65b37b627bb886b46c34a10e63aa6");
    var index = client.initIndex("h_cowbay_org");

    $('#search').autocomplete({ hint: false, autoselect: true, debug: false },
      [
        {
          
            source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 10 }),
          
          displayKey: function(suggestion) {
            return suggestion.title || suggestion.author
          },
          templates: {
            suggestion: function(suggestion) {
                return "<span class='entry " + suggestion.type + "'>"
                      + "<span class='title'>" + suggestion.title + "</span>"
                      + "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
                  + "</span>"
                ;
            },
            empty: function() {
              return "<span class='empty'></span>"
            },
            footer: function() {
              return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
            }

          },
        }
      ])
      .on('autocomplete:selected', function(event, suggestion, dataset) {
        window.location = (suggestion.url);
      })
      .keypress(function (event, suggestion) {
        if (event.which == 13) {
          window.location = (suggestion.url);
        }
      });
</script>

        


    </body>
</html>