SSH RSA key authentication FreeNAS 9.3

Status
Not open for further replies.
wr00

wr00

Dabbler
Joined
Jan 31, 2015
Messages
13
First off, I am by no means an expert of FreeNAS. This was just something that caused me a few problems while setting it up. I noticed a lot of the guides I ran across on Google tended to be confusing.

Somethings I am going to assume:
1.) You know how to operate (generally) a SSH client like Bitvise
2.) You already have access via SSH with a password
3.) You are logged in as root (please, don’t be exposed to the internet)
4.) You have sort of text editor, like nano
5.) This is a fresh install

First thing, login the SSH as root. Once in, type the following command:
Code:
ssh-keygen -t rsa


From there, it will ask
Code:
Enter file in which to save the key (/root/.ssh/id_rsa):

Just leave this blank and press enter

Next, it is going to ask for a passphrase. You can leave this empty, though I suggest against it.
Code:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:


Ok, great; the keys have been created. Let's jump over to the .ssh directory:
Code:
cd ~/.ssh


Now we need to open the file containing our private key. I will be using nano:
Code:
nano id_rsa


Copy the key that was located in that file, then head to your FreeNAS GUI. From there, go to Services (at the top), then click configure on the SSH service, click "Advanced Mode" and paste the key you copied in the box for "Host Private Key"

freenas-ssh.png


While you're there, I suggest changing the port from the default 22 to something else.

Great, were almost done. Now we need to go back to our SSH client and copy the public key to the authorized_keys file. (assuming you are still in the /.ssh directory)
Code:
cp id_rsa >> authorized_keys


Finally, delete the id_rsa file if you'd like
Code:
rm id_rsa


And you're done. I would suggest restarting SSH from the server GUI.

If you have any questions, feel free to ask, I'll do my best to answer them.
 
Last edited:
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
I'm not quite sure what you're trying to accomplish here, but whatever it is, I don't think you're going about it the right way. Is the objective to be able to ssh into the server as root using RSA keys rather than passwords? If so, then the process should look like this:
  • Create an RSA keypair using your SSH client
  • Copy the public key to your clipboard
  • Go into the FreeNAS web GUI, Account -> root -> Modify User
  • Paste the public key into the "SSH Public Key" field and click OK
That should be all you need to do. If you have trouble connecting, take a look at /root/.ssh/authorized_keys and make sure it's owned by root:wheel with permissions of 600 (the GUI should take care of this).

Is this what you're trying to do?
 
TremorAcePV

TremorAcePV

Explorer
Joined
Jun 20, 2013
Messages
88
@wr00

I have one question: Do you remove the line breaks when pasting the SSH private key into the SSH settings?
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
There's a lot wrong with this post, no matter what he's trying to do. To hit some of the most obvious:
  • The root user's private key and the host private key are two completely different things. It's entirely inappropriate to copy one to the other.
  • There's no reason to paste anything at all into the host private key field, as FreeNAS creates a host private key automatically on first boot. You can verify this yourself by going to /etc/ssh and looking at all the ssh_host*_key files.
  • The authorized_keys file is supposed to contain the public keys which that user (root, in this case) can use to connect from a remote host, not the local user's own private key.
  • Even if putting the private key into authorized_keys were the right thing to do (which it isn't), the syntax in @wr00's post just won't work. You could "cp id_rsa authorized_keys", which would overwrite authorized_keys with the contents of id_rsa. Or you could "cat id_rsa >> authorized_keys", which would append the contents of id_rsa to authorized_keys.
  • Changing the ssh port from the default is false security, and isn't of any benefit at all if your FreeNAS server is on your LAN behind a firewall, as it's supposed to be. If you've restricted ssh to key logins, it's going to be about as secure as it gets anyway.
@wr00, what are you trying to accomplish? What indicated to you that the method you propose was the way to go? I just tested the method I gave above on a fresh install of 9.3 in a VM. The only pre-configuration I did was to enable the SSH service. It worked without issue, with no need to do anything at the CLI on the FreeNAS side.
 
delphij

delphij

FreeNAS Core Team
Joined
Jan 10, 2012
Messages
37
wr00 said:
First thing, login the SSH as root. Once in, type the following command:
Code:
ssh-keygen -t rsa
Click to expand...

This is a very bad idea. You should always generate your key pair on a secure system (i.e. the system you are SSH'ing *from*), then upload only the public portion of keypair to the system you wanted to login to. Do not be so confident that rm'ing the key would necessarily wiped it from the storage.

The less systems that ever knows your private key, the better.

The id_rsa is the keypair containing the private key. You should use the .pub counterpart for authorized_keys purposes by the way.
 
Status
Not open for further replies.

Similar threads

Z
  • Locked
Unable to Generate SSH Public/Private Keys
Replies
7
Views
9K
Zythyr
Z
Zaret
rsync task over ssh: privat-key must be named id_rsa| how to use other named?
Replies
1
Views
2K
Schwarzie
S
J
  • Locked
root SSH OK, personal-user SSH not OK (ssh & authorized_key)
Replies
1
Views
2K
Caesar
Caesar
{HD}
  • Locked
SOLVED SSH Setup Difficulty
Replies
2
Views
4K
{HD}
{HD}
T
  • Locked
SOLVED SSH with key into Synology NAS from FreeNAS
Replies
2
Views
4K
Thefarelkid
T
Top