carmorales
Cadet
- Joined
- Jun 10, 2015
- Messages
- 2
Hi All,
I've been using this forum as a guest for quite a while and it has help me solve most of my issues, so I decided it was my time to contribute by adding a how to guide that I feel is missing for the new users/not very experienced ones.
I'm a very visual person so please don't take it the wrong way if you feel this guide is too dumbed down I just find it easier for me to explain.
I really hope this helps anyone having issues while trying to set it up.
Now down to business. If you are trying to use SSH for the first time it can be very confusing when trying to set it up to use Public/Private Keys, so this post is intended to give a step-by-step guide with pictures.
We will use PuTTY and PuTTYgen, versions 0.64.0.0 by the time this was written.
I've been using this forum as a guest for quite a while and it has help me solve most of my issues, so I decided it was my time to contribute by adding a how to guide that I feel is missing for the new users/not very experienced ones.
I'm a very visual person so please don't take it the wrong way if you feel this guide is too dumbed down I just find it easier for me to explain.
I really hope this helps anyone having issues while trying to set it up.
Now down to business. If you are trying to use SSH for the first time it can be very confusing when trying to set it up to use Public/Private Keys, so this post is intended to give a step-by-step guide with pictures.
We will use PuTTY and PuTTYgen, versions 0.64.0.0 by the time this was written.
- Download PuTTY and PuTTYgen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
- Open PuTTYgen and choose the desired type of key and bits. SSH-2 RSA and 2048 should be good enough now.
- Click on Generate. You'll need to move the mouse within the window.
- Once that’s done the keys will be generated.
- And you'll see the Public Key on the window.
Now your public and private keys are done. Believe it or not that was the hard part! :)
Leave the window open as we will need it later.
- Open your FreeNAS WebGUI and go to Services > SSH > wrench to configure.
- Pick a TCP Port if you want to change the default, I leave 22 as my server is inside the firewall.
Untick Login as Root with password, as we want to only use the keys to connect.
Untick Allow password Authentication, so no account can connect without a key.
Tick Allow TCP Port Forwarding, if you plan to do more than connect to the terminal.
Up to you if you want to tick Compress Connections.
No need to go in Advanced Mode
- Now go ahead and turn on the service.
- Head to Account > Users > edit root > find the SSH Public Key box. Note that you can add a Public Key for any user for it to gain the ability to connect through SSH.
Paste the key you see displayed on PuTTYgen on the Public key for pasting into OpenSSH authorized_keys file: box.
In this case the key is ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAzFNpp/wMkCslc8ns.......
It is really important to make sure the text that you paste is just one line
- Go ahead and click OK to save the changes. As mentioned before you can do this for any user and also you can add as many keys as you need to one user too, just one per line.
- Go back to PuTTYgen and now pick a passphrase and confirm it. This will be like your password also this prevents unwanted connections because if you don’t have one anyone with the Private Key will be able to connect to the server, so if someone gets a hold of your key there is still that extra level of security.
Tip: If you plan to have multiple keys you could use the Key comment box to add some kind of description that will help you identify them later and remove/change the right one.
- Save your Private Key by clicking on the Save private key button, keep in mind that if you’re going to use OpenSSH you’ll need to save it in another format (Conversions > Export OpenSSH key).
- Open PuTTY and under Session > Host Name type your server’s name or IP and port (selected on step 7).
- Under Connection > Data add the username details, for this example we'll use root
- Then go to SSH > Auth and add the Private Key saved on step 12.
- Go back to Session and if you want pick a name and hit Save so you don’t have to repeat these steps every time you want to connect. Then click Open.
- The first time you connect you'll be asked to cache the server's fingerprint with the following box, make sure you have the same info for your server's fingerprint as what you get when you run ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub on your server WebGUI Shell
If all looks fine Yes.
- Finally type the password/passphrase, you picked on step 11, and if all went well you’ll be connected.
- If you want to be able to connect from anywhere you can then forward a port from your router (I recommend to pick something else than 22) to your server’s IP.
Keep in mind that you’ll need to use your external IP and the port you picked to connect from outside, so if you don’t have a static IP from your ISP then you should think about enabling Dynamic DNS.
- If you want to be able to connect from anywhere you can then forward a port from your router (I recommend to pick something else than 22) to your server’s IP.
Last edited: