Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Remote SSH access on N4310 with regular users
#1
Hi,

after the thread N4310 - clueless
has been dormant and became also a bit confusing, I try it again with a new thread. I try to connect to the N4310 via SSH over the Internet. I do not want root access but registered users access. I did the following:

  1. Added users as required
  2. made shared folders non public and gave the respective users read/write privileges
  3. activated SSH (built in) with another port than 22
  4. forwarded the appropriate port on the router to the NAS
  5. worte a line into the /etc/ssh/sshd_config at the very end "AllowUsers user1,user2"
  6. restarted SSH
  7. connected alright as root (but not wanted), and could not connect as any of the registered users on the NAS
Using putty, I enter in the shell the username and the appropriate password, but get always an "access denied" response.
What is missing???
I tried the same procedure with FaJoSSHD which I let run over port 22, but with that I can also not log in as any of the registered users (I edited the file /raid0/data/module/FaJoSSHD/system/etc/ssh/sshd_config accordingly as in point 5 above). Root login is also not possible.
I have restarted the NAS several times (but soft reboot doesn't work well - the reboot button from the control center causes a hang of the NAS).
I can connect to the NAS control panel over the Internet just fine.
Reply
#2
I will explain you once more.
1. stop SSH service from Thecus WebUI
2. From FaJoSSHD module check config on which port is running (default 10022). If you want to change the port, edit the line "Port 10022", hit Apply and the Stop-Start daemon

[Image: FAJO.png]

3. Edit the file /etc/passwd using vi from terminal connected as root or WinSCP from Windows
   For the user you want to give SSH access, change from /sbin/nologin to /bin/bash

[Image: passwd.png]

4. Open SSH connection and connect with username and password..connection done and straight to your user home folder. Notice the user will have access on all folders based on their attributes. If you want you can edit config to have the user jailed on his home folder

[Image: ssh.png]


I hope is clear enough now
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum https://pirinel.ro
Reply
#3
(06-02-2017, 05:01 AM)outkastm Wrote: I hope is clear enough now

Yes, and thank you. I found that my etc/passwd file looks completely different. I had made those changes - forgot to mention it in the first post. There a line looks like this:

Code:
<username>:x:<UID>:<GID>:<username>:/dev/null:/bin/bash

and originally it was:
Code:
<username>:x:<UID>:<GID>:<username>:/dev/null:/dev/null

I notice that in your passwd file there is more info, like user's home path. I wonder about the "Linux User..." item in your file, what that is for.

I haven't made any further changes than the last "/dev/null" changed into "/bin/bash"
Reply
#4
I just made another attempt, editing the /etc/passwd file line for the user to:

Code:
<username>:x:<UID>:<GID>:<username>:/raid0/data/<unsername>:/bin/bash

but that didn't help, I still get "Access denied"
I triple-checked the password, it's correct. What else can be wrong?
I tried to find a SSH log file, but the only thing I get from the NAS UI is the one that keeps log of login attempts, but no verbose error messages. just "login ok" or "login failed".
And one more note: I disable the ssh access in the NAS UI and by deactivating the FaJoSSHD module, and then turning them on again.
Reply
#5
your /etc/passwd looks different because your NAS is on OS6, my screenshot is from OS7.
Are you sure you are using FaJoSSHD module and not the internal ssh service ?
Just made a test on OS6 system and the connection is OK. Did you use the latest FaJoSSHD module ? Does it say is running ?

[Image: fajo.png]

[Image: passwd.png]

[Image: ssh.png]
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum https://pirinel.ro
Reply
#6
Thank you for your effort in trying to help me. Hope it will yield positive results. I'm already frustrated, because I seem to do everything right. But still "Access denied".

(06-02-2017, 08:24 PM)outkastm Wrote: your /etc/passwd looks different because your NAS is on OS6, my screenshot is from OS7.

ok

(06-02-2017, 08:24 PM)outkastm Wrote: Are you sure you are using FaJoSSHD module and not the internal ssh service ?

Pretty sure, both use different ports, but I also tries with the built-in SSH disabled, still no luck.


(06-02-2017, 08:24 PM)outkastm Wrote: Just made a test on OS6 system and the connection is OK. Did you use the latest FaJoSSHD module ? Does it say is running ?

Yes, it's running, but it seems not as recent as yours:

[Image: Fa_Jo_SSHD_20170602_181813.png]

I'm still wondering: could the problem be caused by the thecuslink.com URL? But on the other hand: I get to the NAS, I just can't login, it tells me "access denied". And I don#t know why... :-(
Reply
#7
Well, as long as this is a critical software for security i really recommend you to uodate to latest version.
You can download it from here and give it another try
http://s.go.ro/rgo008co
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum https://pirinel.ro
Reply
#8
Sorry, I was really busy the last days and then PC broke, half day no Internet....

I installed the more current module (how would I, without your help, know where to find it? The Thecus 3rd party repository seems in several aspects quite outdated):

[Image: Fa_Jo_SSHD_20170604a.png]

The next attempt to login was, however, again not permittet (= Access denied).

I now tried also to connect by simply using the terminal and entering
Code:
ssh -vv <username>@<ThecusID>.thecuslink.com 22
The result shows that
Code:
Authentications that can continue: publickey,password,keyboard-interactive
I assume that this means that logging in with the password I set is possible. I tried also a simpler password without any special characters, still I can't get access.
Reply
#9
To eliminate a wrong configuration of router, did you tried to connect locally by using IP and port, and not using Thecus DNS ?
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum https://pirinel.ro
Reply
#10
(06-05-2017, 12:17 AM)outkastm Wrote: To eliminate a wrong configuration of router, did you tried to connect locally by using IP and port, and not using Thecus DNS ?
Odd, a few days ago it was working, now it doesn't (I was trying sshfs etc.). Simply doesn't allow access. But I am pretty sure I get to the server, because I am asked for the password. All necessary ports are forwarded to the NAS.
Reply
#11
log files are located at /raid/NAS_Public/syslog
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum https://pirinel.ro
Reply
#12
(06-05-2017, 03:28 AM)outkastm Wrote: log files are located at /raid/NAS_Public/syslog
Hm, there is not a single file in this folder, and I have enabled logging in the WebUI.
One more observation: secure connection via webdav is working. But it's extremely slow, far too slow to use. But at least it tells me that the password I am using is correct. And I observed one thing: I cannot edit the files in the user's folder. It seems that they are all set to root, even though I had uploaded them as user (when I was connecting within the local network).
Reply
#13
(06-05-2017, 12:17 AM)outkastm Wrote: To eliminate a wrong configuration of router, did you tried to connect locally by using IP and port, and not using Thecus DNS ?
One more note to this: I can login from a remote PC using the root login. That's why I'm pretty sure that it's not a problem of the router settings.
Reply
#14
I just noticed something that may be of interest (even though I wonder why it works then): As the default path, it says:
Code:
PATH=/raid/data/module/FaJoSSHD/system/bin:/usr/sbin:/bin:/usr/bin:/opt/bin
However, this path wouldn't work. "/raid" is a symlink to "/raid/data", so correctly the path should be:
Code:
PATH=/raid0/data/module/FaJoSSHD/system/bin:/usr/sbin:/bin:/usr/bin:/opt/bin
or
Code:
PATH=/raid/module/FaJoSSHD/system/bin:/usr/sbin:/bin:/usr/bin:/opt/bin
becaus when I login as root, when I go to the folder /raid, I'm directly in the folder /raid0/data.

However, as already said, I wonder why it then works. Because then it generally shouldn't start, as it doesn't have any access to the module settings. Or does it just take the defaults? Then it would be no wonder that users can't login because the line "AllowedUsers" isn't there.

Edit: Just noticed that in /raid there is also a symlink called "data" that leads to /raid0/data

So that won't be the cause of the problems Sad
Reply
#15
Even though I have the impression that I am talking more or less to myself here, maybe this information is helpful:
I was able now to establish a connection using putty as a non-root user. The mistake that Ihad  made was simple, but not obvious. I wrote in the sshd-config-file the line "AllowUsers" in the wrong format. The usernames should have been separated by spaces, I separated them by commas.

Now I am trying to connect using sshfs, and that's the next hurdle: after a long while I get the error message
Code:
read: Connection reset by peer
I was trying to connect with
Code:
-o sshfs_debug
in the hope that this will give a hint at the cause of this.
But it didn't...

I just (3 hours later) tried sshfs also within the local network, there the connection is established in no time with no problem.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)