Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

SSH Screen

  2 minute read.

Last Modified 2022-05-11 11:36 EDT

Use the SSH services screen to configure SSH service on your TrueNAS.

SSHBasicOptionsScreen



General Options

NameDescription
TCP PortOpen a port for SSH connection requests. Enter the port number.
Log in as Root with PasswordSelect to allow root logins. Root logins are discouraged! A password must be set for the root user account.
Allow Password AuthenticationSelect to allow password authentication. Enabling allows SSH login authentication using a password. Warning: when directory services are enabled, this setting grants access to all users the directory service imported. When disabled, authentication requires keys for all users (requires additional SSH client and server setup).
Allow Kerberos AuthenticationSelect to allow kerberos authentication. Ensure valid entries exist in Directory Services > Kerberos Realms and Directory Services > Kerberos Keytabs and the system can communicate with the kerberos domain controller before enabling this option.
Allow TCP Port ForwardingSelect to let users bypass firewall restrictions using the SSH port forwarding feature.

ADVANCED OPTIONS displays additional configuration fields to set up SSH for specific uses cases.

SSHAdvancedOptionsScreen



Advanced Options

NameDescription
Bind InterfacesSelect interfaces on your system from the dropdown list for SSH to listen on. Leave all options unselected for SSH to listen on all interfaces.
Compress ConnectionsSelect to attempt to reduce latency over slow networks.
SFTP Log LevelSelect the syslog(3) facility of the SFTP server option from the dropdown list. Options are Quiet, Fatal, Error, Info, Verbose, Debug, Debug2 or Debug3.
SFTP Log FacilitySelect the syslog(3) facility of the SFTP server option from the dropdown list. Options are Daemon, User, Auth and Local 0 through Local7.
Weak CiphersSelect a cypher from the dropdown list. Options are None or AES128-CBC. To allow more chiphers for sshd(8) in addition to the defaults in sshd_config(5). Use None to allow unencrypted SSH connections. UseAES128-CBC to allow the 128-bit Advanced Encryption Standard.
WARNING: these ciphers are security vulnerabilities. Only allow them in a secure network environment.
Auxiliary ParametersAdd any more sshd_config(5) options not covered in this screen. Enter one option per line. Options added are case-sensitive. Missspellings can prevent the SSH service from starting.

Additional Information

Configuring SSH