Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE Compare Editions TrueCommand Software Status FreeNAS
Compare Systems F-Series M-Series X-Series R-Series Mini Series
About iXsystems Our Clients Reviews Careers Awards iX Blog & News iX Website Contact Us
Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
Application Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Video Surveillance Virtualization
Industry Automotive Education Gaming Government Healthcare MSP Manufacturing Research & AI Media & Entertainment
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Compare TrueNAS Editions Where to Buy
  1. Documentation Hub
  2. /
  3. TrueNAS CORE
  4. /
  5. Configuration Tutorials
  6. /
  7. Services
  8. /
  9. Configuring SSH
Edit page

Configuring SSH

  2 minute read.

Last Modified 2023-11-30 10:15 EST

The SSH service allows connections to TrueNAS with the Secure Shell Transport Layer Protocol. To use TrueNAS as an SSH server, the users in the network must use SSH client software to transfer files with SSH.

Allowing external connections to TrueNAS is a security vulnerability! Only enable SSH when there is a need for external connections. See Security Recommendations for more security considerations when using SSH.

Service Configuration

To configure SSH, disable the service and click the .

ServicesSSHOptions

Configure the options as needed to match your network environment.

See SSH Screen

Root access to the system from a remote client is never recommended. If an unavoidable critical situation requires allowing root access, it is recommended to configure two-factor authentication first. Also, disable root logins as soon as possible.

There are some additional option recommendations for the SSH service:

  • Add NoneEnabled no to the Auxiliary Parameters to disable the insecure none cipher.
  • Increase the ClientAliveInterval if SSH connections tend to drop.
  • ClientMaxStartup defaults to 10. Increase this value to allow for more SSH connections to run at the same time.

Re-enable the SSH service on the Services page when all configuration changes are complete. To create and store specific SSH connections and keypairs, go to the System menu section.

Advanced: Restricting Command Line Users to scp or sftp

This only works for users that use command line versions of commands scp and sftp. With SSH configured, authenticated users with a user account can use ssh to log into the TrueNAS system over the network. Create user accounts by going to Accounts > Users and clicking ADD.

By default, the user sees their home directory after logging in with SSH. The user can still find system locations outside their home directory. Take security precautions before granting users SSH access to the system. One method to increase security is to change shell for a user to only allow file transfers. Users can still use commands scp and sftp to transfer files between their local computer and their home directory. But the TrueNAS system restricts them from logging into the system using ssh.

To configure this scenario, go to Accounts > Users and edit the desired user account. Change the Shell to scponly. Repeat for each user that needs restricted SSH access.

Accounts Users Edit Shell Scp only

Test the configuration from another system. Run the sftp, ssh, and scp commands as that user account. sftp and scp work but ssh fails.

Related Content

CORE Tutorials

CORE UI Reference

Solutions

Have more Questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).