TrueNAS CORE Version DocumentationThis content follows the TrueNAS CORE 13.0 releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.
Configuring SSH Connections
3 minute read.
Secure Socket Shell (SSH) is a cryptographic network protocol. It provides a secure method to access and transfer files between two hosts. This is possible even if the two hosts use an unsecured network. SSH establishes secure connections by means of user account credentials. It also uses key pairs shared between host systems for authentication.
TrueNAS generates and stores RSA-encrypted SSH public and private keypairs in System > SSH Keypairs. The system typically uses keypairs when configuring SSH Connections or SFTP Cloud Credentials. Encrypted keypairs or keypairs with passphrases are not supported.
The creation of a new SSH Connection or Replication task generates new keypairs. To manually generate a new keypair, go to System > SSH Keypairs, click ADD, and give the keypair a unique Name.
Click GENERATE KEYPAIR to add values to the public and private key fields. Copy these strings or download them into text files for later use.
TrueNAS offers a semi-automatic setup mode for setting up an SSH connection. This simplifies setting up an SSH connection with another FreeNAS or TrueNAS system. In semi-automatic setup mode it is not necessary to log in to the remote system to transfer SSH keys.
Semi-automatic setup requires an SSH keypair on the local system. You must have administrator account credentials for the remote TrueNAS. You must also configure the remote system to allow root access with SSH.
The semi-automatic configuration can generate the needed keypair. You can manually create the keypair by going to System > SSH Keypairs.
Go to System > SSH Connections and click ADD.
Use a valid URL scheme for the remote TrueNAS URL. Leave the username as root and enter the account password for the remote TrueNAS system. You can import the private key from a SSH keypair that you created before. Or create a new private key with a new SSH keypair.
Save the new configuration. TrueNAS opens a connection to the remote TrueNAS and exchanges SSH keys.
You can configure a secure SSH connection that does not generate a password prompt. This involves copying a public encryption key from the local system to the remote system.
Log in to the TrueNAS system that generated the SSH keypair and go to System > SSH Keypairs. Open the keypair you want to use for the SSH connection. Copy the text of the SSH public key or download the public key as a text file.
Log in to the TrueNAS system that needs to register the public key. Go to Accounts > Users and edit the root account. Paste the SSH public key text into the SSH Public Key field.
Generate a new SSH keypair in System > SSH Keypairs. Copy or download the value for the public key and add it to the remote NAS. If the remote NAS is not a TrueNAS system, please see the system documentation on adding a SSH public key.
Log back into the local TrueNAS system and go to System > SSH Connections. Add a new connection and change the setup method to Manual.
Select the private key from the SSH keypair you used when you transferred the public key on the remote NAS.