chchang
/
hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a726820c4b'
${ noResults }
hugo_backup/public/post/enable-synology-public-ssh/index.html

708 lines
21 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html lang="en-us">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<script type="application/ld+json">
{
"@context" : "http://schema.org",
"@type" : "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https:\/\/h.cowbay.org"
},
"articleSection" : "post",
"name" : "筆記- 啟用群暉NAS (Synology NAS)的SSH Server 透過Publickey 認證免密碼登入",
"headline" : "筆記- 啟用群暉NAS (Synology NAS)的SSH Server 透過Publickey 認證免密碼登入",
"description" : "\x3cp\x3e公司內有幾台NAS其中有一台用來放開發人員的postgresql dump file\n之前都是主要的開發人員上傳到google drive分享出來 ,然後其他人去抓回來\x3c\/p\x3e\n\n\x3cp\x3e這樣子有個問題是當server要存取這些檔案時就沒辦法了除非透過一些 3rd party的軟體\n像是這篇\x3c\/p\x3e\n\n\x3cp\x3e\x3ca href=\x22https:\/\/www.omgubuntu.co.uk\/2017\/04\/mount-google-drive-ocamlfuse-linux\x22\x3ehttps:\/\/www.omgubuntu.co.uk\/2017\/04\/mount-google-drive-ocamlfuse-linux\x3c\/a\x3e\x3c\/p\x3e\n\n\x3cp\x3e或者是這篇\x3c\/p\x3e\n\n\x3cp\x3e\x3ca href=\x22https:\/\/www.maketecheasier.com\/mount-google-drive-ubuntu\/\x22\x3ehttps:\/\/www.maketecheasier.com\/mount-google-drive-ubuntu\/\x3c\/a\x3e\x3c\/p\x3e\n\n\x3cp\x3e但是手邊的伺服器原則上除非有必要不然都沒有開放internet\n所以導致明明檔案就在那邊但是要取得就是很麻煩\x3c\/p\x3e",
"inLanguage" : "en",
"author" : "Eric Chang",
"creator" : "Eric Chang",
"publisher": "Eric Chang",
"accountablePerson" : "Eric Chang",
"copyrightHolder" : "Eric Chang",
"copyrightYear" : "2018",
"datePublished": "2018-11-05 14:16:54 \x2b0800 CST",
"dateModified" : "2018-11-05 14:16:54 \x2b0800 CST",
"url" : "https:\/\/h.cowbay.org\/post\/enable-synology-public-ssh\/",
"wordCount" : "145",
"image" : "https://h.cowbay.orghttps://i.imgur.com/jcDQmI1.png"",
"keywords" : [ ""筆記"",""synology"",""NAS"",""SSH"","Blog" ]
}
</script>
<title>筆記- 啟用群暉NAS (Synology NAS)的SSH Server 透過Publickey 認證免密碼登入 </title>
<meta name="description" content="some articles about job,food,passion sisters" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="all,follow">
<meta name="googlebot" content="index,follow,snippet,archive">
<link rel="stylesheet" id="ct-tracks-google-fonts-css" href="https://fonts.googleapis.com/css?family=Raleway%3A400%2C700&amp;subset=latin%2Clatin-ext&amp;ver=4.7.2" type="text/css" media="all">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
<link href="https://h.cowbay.org/css/style.css?v=1577410044" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/custom.css?v=1577410044" rel="stylesheet" type='text/css' media='all'>
<link rel="shortcut icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<link rel="icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-138954876-1', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
</head>
<body class="post-template-default single single-post single-format-standard ct-body singular singular-post not-front standard">
<div id="overflow-container" class="overflow-container">
<a class="skip-content" href="#main">Skip to content</a>
<header id="site-header" class="site-header" role="banner">
<div class='top-navigation'>
<div class='container'>
<div id="menu-secondary" class="menu-container menu-secondary" role="navigation">
<button id="toggle-secondary-navigation" class="toggle-secondary-navigation"><i class="fas fa-plus"></i></button>
<div class="menu">
<ul id="menu-secondary-items" class="menu-secondary-items">
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/"></a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/ansible">ansible</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/linux">linux</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/proxmox">proxmox</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/ps">ps</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%A2%8E%E5%BF%B5">碎念</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%AD%86%E8%A8%98">筆記</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%BE%A4%E6%9A%89">群暉</a>
</li>
</ul>
</div>
</div>
<ul class="social-media-icons">
<li>
<a href="full%20Social%20profile%20url%20in%20facebook" data-animate-hover="pulse" class="facebook" target="_blank">
<i class="fab fa-facebook-square" title="facebook"></i>
<span class="screen-reader-text">facebook</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20googleplus" data-animate-hover="pulse" class="gplus" target="_blank">
<i class="fab fa-google-plus-g" title="googleplus"></i>
<span class="screen-reader-text">googleplus</span>
</a>
</li>
<li>
<a href="chang0206" data-animate-hover="pulse" class="twitter" target="_blank">
<i class="fab fa-twitter-square" title="twitter"></i>
<span class="screen-reader-text">twitter</span>
</a>
</li>
<li>
<a href="chang0206" data-animate-hover="pulse" class="instagram" target="_blank">
<i class="fab fa-instagram" title="instagram"></i>
<span class="screen-reader-text">instagram</span>
</a>
</li>
<li>
<a href="mailto:mc@hotshraingmy.info" data-animate-hover="pulse" class="email">
<i class="fas fa-envelope" title="email"></i>
<span class="screen-reader-text">email</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20linkedin" data-animate-hover="pulse" class="linkedin" target="_blank">
<i class="fab fa-linkedin-in" title="linkedin"></i>
<span class="screen-reader-text">linkedin</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20stackoverflow" data-animate-hover="pulse" class="stackoverflow" target="_blank">
<i class="fab fa-stack-overflow" title="stackoverflow"></i>
<span class="screen-reader-text">stackoverflow</span>
</a>
</li>
<li>
<a href="changchichung" data-animate-hover="pulse" class="github" target="_blank">
<i class="fab fa-github" title="github"></i>
<span class="screen-reader-text">github</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20pinterest" data-animate-hover="pulse" class="pinterest" target="_blank">
<i class="fab fa-pinterest" title="pinterest"></i>
<span class="screen-reader-text">pinterest</span>
</a>
</li>
<li>
<a href="https://h.cowbay.org/index.xml" data-animate-hover="pulse" class="rss" target="_blank">
<i class="fas fa-rss" title="rss"></i>
<span class="screen-reader-text">rss</span>
</a>
</li>
</ul></div>
</div>
<div class="container">
<div id="title-info" class="title-info">
<div id='site-title' class='site-title'>
<a href="/"> MC部落 </a>
</div>
</div>
<button id="toggle-navigation" class="toggle-navigation">
<i class="fas fa-bars"></i>
</button>
<div id="menu-primary-tracks" class="menu-primary-tracks"></div>
<div id="menu-primary" class="menu-container menu-primary" role="navigation">
<p class="site-description">Whats the Worst That Could Happen?</p>
<div class="menu">
<ul id="menu-primary-items" class="menu-primary-items">
<li class='menu-item menu-item-type-custom menu-item-object-custom '>
<a href="https://h.cowbay.org/">Home</a>
</li>
<li class='menu-item menu-item-type-post_type menu-item-object-page '>
<a href="https://h.cowbay.org/about/">About</a>
</li>
<li class='menu-item menu-item-type-post_type menu-item-object-page '>
<a href="https://h.cowbay.org/contact/">Get in touch</a>
</li>
</ul>
</div>
</div>
</div>
</header>
<div id="main" class="main" role="main">
<div id="loop-container" class="loop-container">
<div class="post type-post status-publish format-standard has-post-thumbnail hentry category-design tag-design tag-standard-2 tag-tagalicious tag-travel entry full-without-featured odd excerpt-1">
<div class='featured-image lazy lazy-bg-image' data-background="https://i.imgur.com/jcDQmI1.png">
</div>
<div class="entry-meta">
<span class="date">05 November</span> <span> / </span>
<span class="author">
<a href="https://github.com/changchichung" title="Posts by Eric Chang" rel="author">Eric Chang</a>
</span>
<span class="category">
<span> / </span>
<a href="/categories/%E7%AD%86%E8%A8%98">筆記</a>
</span>
</div>
<div class='entry-header'>
<h1 class='entry-title'> 筆記- 啟用群暉NAS (Synology NAS)的SSH Server 透過Publickey 認證免密碼登入</h1>
</div>
<div class="entry-container">
<div class="entry-content">
<article>
<p>公司內有幾台NAS其中有一台用來放開發人員的postgresql dump file
之前都是主要的開發人員上傳到google drive分享出來 ,然後其他人去抓回來</p>
<p>這樣子有個問題是當server要存取這些檔案時就沒辦法了除非透過一些 3rd party的軟體
像是這篇</p>
<p><a href="https://www.omgubuntu.co.uk/2017/04/mount-google-drive-ocamlfuse-linux">https://www.omgubuntu.co.uk/2017/04/mount-google-drive-ocamlfuse-linux</a></p>
<p>或者是這篇</p>
<p><a href="https://www.maketecheasier.com/mount-google-drive-ubuntu/">https://www.maketecheasier.com/mount-google-drive-ubuntu/</a></p>
<p>但是手邊的伺服器原則上除非有必要不然都沒有開放internet
所以導致明明檔案就在那邊,但是要取得就是很麻煩</p>
<p>Dev_A upload to google drive &mdash;&gt; Dev_B Download from google drive &mdash;&gt; Dev_B scp download file to me &mdash;&gt; I upload to server.</p>
<p>有沒有是不是很stupid (講話一定要烙英文)</p>
<p>既然有現成的NAS在那邊幹嘛不用呢(攤手)</p>
<p>聽說之前的人一直沒成功弄出來讓Server可以直接去NAS存取檔案的方式我記得這個不是很難啊
就順手整理一下</p>
<h3 id="新增使用者帳號-確認家目錄存在">新增使用者帳號/ 確認家目錄存在</h3>
<p>在NAS 的管理界面上新增一個帳號,假設叫 eric 好了</p>
<p><del>建立時,注意一下要指定家目錄路徑</del></p>
<p>更正: 群暉的界面好像不能指定家目錄</p>
<p>預設的路徑如下</p>
<pre><code>eric:x:1071:100::/var/services/homes/eric:/sbin/nologin
</code></pre>
<p>不過我覺得怪怪的因為在我手邊的幾台NAS底下 /var/services/homes 都切不過去
確認一下路徑,發現那個 <code>@fake_home_link</code> 根本就不存在啊!</p>
<pre><code>admin@storage:/volume1$ ls -lart /var/services/homes
lrwxrwxrwx 1 root root 24 May 23 14:14 /var/services/homes -&gt; /volume1/@fake_home_link
admin@storage:/volume1$
</code></pre>
<p>我在想是不是之前的人有改過什麼..
anyway ,反正先不管這邊,直接修改 /etc/passwd檔案</p>
<pre><code>sudo vim /etc/passwd
</code></pre>
<p>修正到正確的路徑順便把shell 也改掉,不然不能登入</p>
<pre><code>eric:x:1071:100::/volume1/homes/eric:/bin/sh
</code></pre>
<h3 id="修改-etc-ssh-sshd-config">修改 /etc/ssh/sshd_config</h3>
<p>再來修正預設沒有啟用 Publickey 驗證的 ssh</p>
<pre><code>sudo vim /etc/ssh/sshd_config
</code></pre>
<p>確認底下三行存在</p>
<pre><code>RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
</code></pre>
<h3 id="將key傳到-nas上">將KEY傳到 NAS上</h3>
<p>先建立相關目錄,順便修正一下目錄權限</p>
<pre><code>chmod 755 /volume1/homes/eric
mkdir -p /volume1/homes/eric/.ssh
chmod 700 /volume1/homes/eric/.ssh
</code></pre>
<p>再來把Publickey 傳到NAS複製貼上也好ssh-copy-id也可以同時修正權限</p>
<pre><code>vim /volume1/homes/eric/.ssh/authorized_keys
chmod 0600 /volume1/eric/.ssh/authorized_keys
</code></pre>
<h3 id="重啟ssh">重啟SSH</h3>
<p>本來這個步驟應該可以用</p>
<pre><code>synoservicectl --restart sshd
</code></pre>
<p>來解決
但是實際上這個指令只會把你踢出 SSH session &hellip;.( WTF!!! )</p>
<p>所以還是要去NAS的管理界面去關閉再打開SSH (有點蠢..)
<img src="https://i.imgur.com/jcDQmI1.png" alt="Synology WEB UI" /></p>
<p>然後就可以測試用Publickey 來登入NAS了</p>
<pre><code>2018-11-05 14:47:12 [mini@s009 ansiblecontrol]$ ssh admin@storage
admin@storage:~$
</code></pre>
<p>確認免密碼登入無誤了!</p>
</article>
</div>
<div class='entry-meta-bottom'>
<div class="entry-categories"><p><span>Categories</span>
<a href="/categories/%E7%AD%86%E8%A8%98" title="View all posts in 筆記">筆記</a>
</p>
</div>
<div class="entry-tags"><p><span>Tags</span>
<a href="/tags/%E7%AD%86%E8%A8%98" title="View all posts tagged 筆記">筆記</a>
<a href="/tags/synology" title="View all posts tagged synology">synology</a>
<a href="/tags/nas" title="View all posts tagged NAS">NAS</a>
<a href="/tags/ssh" title="View all posts tagged SSH">SSH</a>
</p></div> </div>
<div class="author-meta">
<div class="author">
<img alt='Eric Chang' src="https://www.gravatar.com/avatar/23f8ed94e007297499ac8df1641b3ff5?s=100&d=identicon" class='avatar avatar-72 photo' height='72' width='72'>
<span>
Written by:<a href="https://github.com/changchichung" title="Posts by Eric Chang" rel="author">Eric Chang</a> </span>
</div>
<div class="bio">
<p>塵世裡一個迷途小書僮</p>
<a class="facebook" target="_blank"
href="full%20Social%20profile%20url%20in%20facebook">
<i class="fab fa-facebook-f"
title="facebook icon"></i>
</a>
<a class="googleplus" target="_blank"
href="full%20profile%20url%20in%20googleplus">
<i class="fab fa-google-plus-g"
title="googleplus icon"></i>
</a>
<a class="twitter" target="_blank"
href="chang0206">
<i class="fab fa-twitter-square"
title="twitter icon"></i>
</a>
<a class="linkedin" target="_blank"
href="full%20profile%20url%20in%20linkedin">
<i class="fab fa-linkedin"
title="linkedin icon"></i>
</a>
<a class="email" target="_blank"
href="mailto:mc@hotshraingmy.info">
<i class="fas fa-envelope"
title="email icon"></i>
</a>
<a class="instagram" target="_blank"
href="chang0206">
<i class="fab fa-instagram"
title="instagram icon"></i>
</a>
<a class="stackoverflow" target="_blank"
href="full%20profile%20url%20in%20stackoverflow">
<i class="fab fa-stack-overflow"
title="stackoverflow icon"></i>
</a>
<a class="github" target="_blank"
href="changchichung">
<i class="fab fa-github"
title="github icon"></i>
</a>
<a class="pinterest" target="_blank"
href="full%20profile%20url%20in%20pinterest">
<i class="fab fa-pinterest"
title="pinterest icon"></i>
</a>
</div>
</div>
</div>
</div>
<section id="comments" class="comments">
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "h-cowbay-org-1" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</section>
</div>
</div>
<footer id="site-footer" class="site-footer" role="contentinfo">
<h1>
<a href=""> MC部落 </a>
</h1>
<p class="site-description">Whats the Worst That Could Happen?</p>
<div id="menu-footer" class="menu-container menu-footer" role="navigation">
<div class="menu">
<ul id="menu-footer-items" class="menu-footer-items">
</ul>
</div> </div>
<ul class="social-media-icons">
<li>
<a class="facebook" target="_blank"
href="full%20Social%20profile%20url%20in%20facebook" >
<i class="fab fa-facebook-f" title="facebook"></i>
<span class="screen-reader-text">facebook</span>
</a>
</li>
<li>
<a class="googleplus" target="_blank"
href="full%20profile%20url%20in%20googleplus" >
<i class="fab fa-google-plus-g" title="googleplus"></i>
<span class="screen-reader-text">googleplus</span>
</a>
</li>
<li>
<a href="chang0206" class="twitter" target="_blank">
<i class="fab fa-twitter-square" title="twitter"></i>
<span class="screen-reader-text">twitter</span>
</a>
</li>
<li>
<a href="chang0206" class="instagram" target="_blank">
<i class="fab fa-instagram" title="instagram"></i>
<span class="screen-reader-text">instagram</span>
</a>
</li>
<li>
<a href="mailto:mc@hotshraingmy.info" class="email">
<i class="fas fa-envelope" title="email"></i>
<span class="screen-reader-text">email</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20linkedin" class="linkedin" target="_blank">
<i class="fab fa-linkedin-in" title="linkedin"></i>
<span class="screen-reader-text">linkedin</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20stackoverflow" class="stackoverflow" target="_blank">
<i class="fab fa-stack-overflow" title="stackoverflow"></i>
<span class="screen-reader-text">stackoverflow</span>
</a>
</li>
<li>
<a href="changchichung" class="github" target="_blank">
<i class="fab fa-github" title="github"></i>
<span class="screen-reader-text">github</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20pinterest" class="pinterest" target="_blank">
<i class="fab fa-pinterest" title="pinterest"></i>
<span class="screen-reader-text">pinterest</span>
</a>
</li>
<li>
<a href="https://h.cowbay.org/index.xml" data-animate-hover="pulse" class="rss" target="_blank">
<i class="fas fa-rss" title="rss"></i>
<span class="screen-reader-text">rss</span>
</a>
</li>
</ul> <div class="design-credit">
<p>&copy; 2018 Göran Svensson</p>
<p>Nederburg Hugo Theme by <a href="https://appernetic.io">Appernetic</a>.</p>
<p>A port of Tracks by Compete Themes.</p>
</div>
</footer>
</div>
<script src="https://h.cowbay.org/js/jquery.min.js"></script>
<script src="https://h.cowbay.org/js/jquerymigrate.js"></script>
<script src="https://h.cowbay.org/js/production.min.js?v=1577410044"></script>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink