(408) 943-4100               V   Commercial Support

SSH Connections

  5 minute read.

Last Modified 2021-07-06 17:02 EDT

The SSH Connections window in the Backup Credentials screen allows users establish Secure Socket Shell (SSH) connections.

To begin setting up a SSH Connection, navigate to Credentials > Backup Credentials and click the Add button in the SSH Connections window.

Create a Connection

TrueNAS offers a semi-automatic setup mode that simplifies setting up an SSH connection with another FreeNAS or TrueNAS system without having to log in to that system to transfer SSH keys. This requires an SSH keypair on the local system and administrator account credentials for the remote TrueNAS. The remote system must also be configured to allow root access with SSH. The keypair can be generated as part of the semiautomatic configuration or manually created in Credentials > Backup Credentials.

SSHConnectionsSCALE

Name and Method

NameDescription
NameName of this SSH connection. SSH connection names must be unique.
Setup MethodManual requires configuring authentication on the remote system. This can include copying SSH keys and modifying the root user account on that system.

Semi-automatic only works when configuring an SSH connection with a remote TrueNAS system. This method uses the URL and login credentials of the remote system to connect and exchange SSH keys.

Authentication

NameDescription
TrueNAS URLHostname or IP address of the remote system. A valid URL scheme is required. Example: https://10.231.3.76
UsernameUsername for logging in to the remote system.
PasswordUser account password for logging into the remote system.
Private KeyChoose a saved SSH Keypair or select Generate New to create a new keypair and use it for this connection.

More Options

NameDescription
CipherStandard is most secure, but has the greatest impact on connection speed.

Fast is less secure than Standard but can give reasonable transfer rates for devices with limited cryptographic speed.

Disabled removes all security in favor of maximizing connection speed. Disabling the security should only be used within a secure, trusted network.
Connect TimeoutTime (in seconds) before the system stops attempting to establish a connection with the remote system.

Be sure to use a valid URL scheme for the remote TrueNAS URL. Leave the username as root and enter the account password for the remote TrueNAS system. The private key can be imported from a previously created SSH keypair or created with a new SSH keypair.

Saving the new configuration automatically opens a connection to the remote TrueNAS and exchanges SSH keys.

Choosing to manually set up the SSH connection requires copying a public encryption key from the local to remote system. This allows a secure connection without a password prompt.

Adding a Public SSH Key to the TrueNAS Root Account

Log in to the TrueNAS system that generated the SSH keypair and go to Credentials > Backup Credentials. Then, click the Open the keypair to use for the SSH connection and copy the text of the public SSH key or download the public key as a text file.

Log in to the TrueNAS system that needs to register the public key and go to Credentials > Local Users. Edit the root account. Paste the SSH public key text into the SSH Public Key field. AccountsUsersRootSSHKeySCALE

Start by generating a new SSH keypair in Credentials > Backup Credentials. Copy or download the value for the public key. Add the public key to the remote NAS. If the remote NAS is not a TrueNAS system, please see the documentation for that system for instructions on adding a public SSH key.

Manually Configuring the SSH Connection on the Local TrueNAS

Log back in to the local TrueNAS system and go to Credentials > Backup Credentials and add a new connection. Change the setup method to Manual.

SSHConnectionsManualSCALE

Name and Method

NameDescription
NameName of this SSH connection. SSH connection names must be unique.
Setup MethodManual requires configuring authentication on the remote system. This can include copying SSH keys and modifying the root user account on that system.

Semi-automatic only works when configuring an SSH connection with a remote TrueNAS system. This method uses the URL and login credentials of the remote system to connect and exchange SSH keys.

Authentication

NameDescription
HostHostname or IP address of the remote system. A valid URL scheme is required. Example: https://10.231.3.76
PortPort number on the remote system to use for the SSH connection.
UsernameUsername for logging in to the remote system.
Private KeyChoose a saved SSH Keypair or select Generate New to create a new keypair and use it for this connection.
Remote Host KeyRemote system SSH key for this system to authenticate the connection. When all other fields are properly configured, click DISCOVER REMOTE HOST KEY to query the remote system and automatically populate this field.

Discover Remote Host Key connects to the remote host and attempts to copy the key string to the related TrueNAS field.

More Options

NameDescription
CipherStandard is most secure, but has the greatest impact on connection speed.

Fast is less secure than Standard but can give reasonable transfer rates for devices with limited cryptographic speed.

Disabled removes all security in favor of maximizing connection speed. Disabling the security should only be used within a secure, trusted network.
Connect TimeoutTime (in seconds) before the system stops attempting to establish a connection with the remote system.

Make sure to select the private key from the SSH keypair that was used to transfer the public key on the remote NAS.