Enable HTTPS over SSH

bfrd

bfrd

Cadet
Joined
Jan 12, 2019
Messages
3
Hello there,

We have freenas running outside our network with only http on the web interface. I am wondering how I might secure the interface without sending a private key over http, I have root access to ssh and would prefer to do this via ssh. From what I've found via google there is no easy way to do this, but that's okay, I don't need it to be easy. I imagine it's just a matter of inserting the certificate and private keys into a database somewhere, changing some parameters that tell the daemon to load the certs and restarting these daemons.

If you know of any way to securely set up https without leaking anything I would greatly appreciate the help.

Thanks!
 
DrKK

DrKK

FreeNAS Generalissimo
Joined
Oct 15, 2013
Messages
3,630
Sir, a couple of us are sitting in the Mumble server, reading your post, we've read it like ten times, and we have no idea what you're saying.

What does this mean: "We have freenas running outside our network", for example?
 
bfrd

bfrd

Cadet
Joined
Jan 12, 2019
Messages
3
Dear DrKK and Mumble server buddies,

Essentially it has an IP address and I don't want to send private keys or passwords via HTTP to said IP address.
 
R

Rob Townley

Dabbler
Joined
May 1, 2017
Messages
19
Assuming you can do the same in FreeNAS as in Linux, you want ssh port forwarding such that connections other than ssh itself use the ssh tunnel:
  1. On the FreeNAS, turn off http and https on all IP addresses except for localhost. In fact, turn off everything on the internet except for tcp22/ssh
  2. (from client box)> ssh-copy-id username@freenasOnInternet
  3. FreeNas$ vi /etc/sshd turn off using password to logon from remote
  4. (from client box)> ssh -L 127.127.127.127:80:FreeNasIP:80 username@freenasOnInternet
  5. On client box, open a web browser and point it to http://127.127.127.127:80/ Should bring up the remote FreeNas webpage on your client web browser.
  6. I am doing this completely from memory so i probably made a typo or did not take into account some detail of FreeNas.
 
bfrd

bfrd

Cadet
Joined
Jan 12, 2019
Messages
3
Hey, thanks Rob, that's an interesting solution. Sorry for the confusion DrKK and Mumble server buddies but I was just trying to setup https without first sending secrets in plain-text. Rob gets it.

I ended up logging in via http, creating CA and self-signed certificates, reconnecting via https, changing root password, swapping in real certs, then deleting the CA and self-signed certs. Not perfect as the credentials were transmitted plain-text but good enough in my case.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Enable HTTPS over SSH"

Similar threads

Cosmo_Kramer
  • Locked
How to replace the SSL certificates via the API or SSH
Replies
3
Views
6K
forbiddenlake
F
Beran Muden
  • Locked
Configuring SSH for Putty/FireFTP
Replies
5
Views
7K
AaronZac
AaronZac
M
  • Locked
Rsync and Deltacopy over SSH. Windows to FreeNAS push. Connection Issues.
2
Replies
20
Views
21K
enemy85
E
O
  • Locked
SSH - RSA still prompting for password?
Replies
1
Views
2K
dlavigne
D
J
  • Locked
Rsync over ssh
Replies
1
Views
2K
fracai
fracai
Top