Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

Services

  27 minute read.

Last Modified 2022-06-01 16:42 EDT

System Settings > Services displays each system component that runs continuously in the background. These typically control data-sharing or other external access to the system. Individual services have configuration screens and activation toggles, and you can set them to run automatically.

Documented services related to data sharing or automated tasks are in their respective Shares and Tasks articles.

ServicesSCALE

Dynamic Domain Name Service (DDNS) is useful when you connect TrueNAS to an Internet service provider (ISP) that periodically changes the system’s IP address. With Dynamic DNS, the system automatically associates its current IP address with a domain name and continues to provide access to TrueNAS even if the system IP address changes.

Configuring Dynamic DNS

DDNS requires registration with a DDNS service such as DynDNS before configuring TrueNAS. Have the DDNS service settings available or open in another browser tab when configuring TrueNAS. Log in to the TrueNAS web interface and go to Services > Dynamic DNS.

DynamicDNSSCALE

General Options

NameDescription
ProviderSelect the provider from the dropdown list of supported providers. If a specific provider is not listed, select Custom Provider and enter the information in the Custom Server and Custom Path fields.
Custom ServerDisplays after selecting Custom Provider in the Provider field. Enter the DDNS server name. For example, members.dyndns.org denotes a server similar to dyndns.org.
Custom PathDisplays after selecting Custom Provider in the Provider field. Enter the DDNS server path. Pahty syntax can vary by provider and must be obtained from that provider. For example, /update?hostname= is a simple path for the update.twodns.de custome sever. The host name is automatically appended by default. For more examples see In-A-Dyn documentation.
CheckIP-Server SSLUse HTTPS for the connection to the CheckIP Server.
CheckIP ServerName and port of the server that reports the external IP address. For example, entering checkip.dyndns.org:80 uses Dyn IP detection to discover the remote socket IP address.
CheckIP PathPath to the CheckIP server. For example, no-ip.com uses a CheckIP Server of dynamic.zoneedit.com and CheckIP Path of /checkip.html.
SSLUse HTTPS for the connection to the server that updates the DNS record.
Domain NameFully qualified domain name of the host with the dynamic IP address. Separate multiple domains with a space, comma (,), or semicolon (;). For example, myname.dyndns.org; myothername.dyndns.org.
Update PeriodHow often the IP is checked in seconds.

Credentials

NameDescription
UsernameUser name for logging in to the provider and updating the record.
PasswordPassword for logging in to the provider and updating the record.

Your DDNS solution provides the required values for the fields. Start the DDNS service after choosing your Provider options and saving the settings.

The File Transfer Protocol (FTP) is a simple option for data transfers. The SSH and Trivial FTP options provide secure or simple config file transfer methods respectively.

Options for configuring FTP, SSH, and TFTP are in System Settings > Services. Click the to configure the related service.

FTP requires a new dataset and a local user account.

Go to Storage to add a new dataset.

DatasetAddSCALE

Next, go to Credentials > Local Users and click Add to create a local user on the TrueNAS.

AddUserFormSCALE

Assign a user name and password, and link the newly created FTP share dataset as the user home directory. You can do this for every user, or create a global account for FTP (for example, OurOrgFTPacnt).

Return to Storage, find the new dataset, click , and select View Permissions. Next click . Set the Owner fields (user and group) to the new user account. Set Apply User and Apply Group before saving.

EditDatasetPermissionsSCALE

Service Configuration

To configure FTP, go to System Settings > Services and find FTP, then click .

ServicesFTPSCALE

Configure the options according to your environment and security considerations.

General Options Settings

NameDescription
PortEnter the port the FTP service listens on.
ClientsEnter the maximum number of simultaneous clients.
ConnectionsEnter the maximum number of connections per IP address. 0 is unlimited.
Login AttemptsEnter the maximum attempts before client is disconnected. Increase if users are prone to misspellings or typos.
Notransfer TimeoutEnter the maximum number of seconds a client is allowed to spend connected, after authentication, without issuing a command which results in creating an active or passive data connection (i.e. sending/receiving a file, or receiving a directory listing).
TimeoutEnter the maximum client idle time in seconds before disconnect. Default value is 600 seconds.
CertificateSelect the SSL certificate to use for TLS FTP connections from the dropdown list, which is currently freenas_default. To create a certificate, go to System > Certificates.

Advanced Option Settings

Access Settings

NameDescription
Always ChrootSelect to only allow users access their home directory if they are in the wheel group. This option increases security risk.
Allow Root LoginSelect to allow root logins. Setting this option is discouraged as it increases security risk.
Allow Anonymous LoginSelect to allow anonymous FTP logins with access to the directory specified in Path.
Allow Local User LoginSelect to allow any local user to log in. By default, only members of the ftp group are allowed to log in.
Require IDENT AuthenticationSelect to require IDENT authentication. Setting this option results in timeouts when ident (or in Shell identd) is not running on the client.
File PermissionsSets default permissions for newly created directories.

TLS Settings

NameDescription
Enable TLSSelect to allow encrypted connections. Requires a certificate (created or imported using System > Certificates.
TLS PolicySelect the policy from the dropdown list of options. Options are On, off, Data, !Data, Auth, Ctrl, Ctrl + Data, Ctrl +!Data, Auth + Data or Auth +!Data. Defines whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS. The policies are described here.
TLS Allow Client RenegotiationsSelect to allow client renegotiations. This option is not recommended. Setting this option breaks several security measures. See mod_tls for details.
TLS Allow Dot LoginIf select, TrueNAS checks the user home directory for a .tlslogin file containing one or more PEM-encoded certificates. If not found, the user is prompted for password authentication.
TLS Allow Per UserIf set, allows sending a user password unencrypted.
TLS Common Name RequiredSelect to require the common name in the certificate to match the FQDN of the host.
TLS Enable DiagnosticsSelected to logs more verbose, which is helpful when troubleshooting a connection.
TLS Export Certificate DataSelect to export the certificate environment variables.
TLS No Certificate RequestSelect if the client cannot connect likely because the client server is poorly handling the server certificate request.
TLS No Empty FragmentsNot recommended. This option bypasses a security mechanism.
TLS No Session Reuse RequiredThis option reduces connection security. Only use it if the client does not understand reused SSL sessions.
TLS Export Standard VarsSelected to set several environment variables.
TLS DNS Name RequiredSelect to require the client DNS name to resolve to its IP address and the cert contain the same DNS name.
TLS IP Address RequiredSelect to require the client certificate IP address to match the client IP address.

Bandwidth Settings

NameDescription
Local User Upload Bandwidth: (Examples: 500 KiB, 500M, 2 TB)Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Local User Download BandwidthEnter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Anonymous User Upload BandwidthEnter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Anonymous User Download BandwidthEnter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.

Other Options Settings

NameDescription
Minimum Passive PortUsed by clients in PASV mode. A default of 0 means any port above 1023.
Maximum Passive PortUsed by clients in PASV mode. A default of 0 means any port above 1023.
Enable FXPSelect to enable the File eXchange Protocol (FXP). Not recommended as this leaves the server vulnerable to FTP bounce attacks.
Allow Transfer ResumptionSelect to allow FTP clients to resume interrupted transfers.
Perform Reverse DNS LookupsSelect to allow performing reverse DNS lookups on client IPs. Causes long delays if reverse DNS isn’t configured.
Masquerade AddressPublic IP address or host name. Set if FTP clients cannot connect through a NAT device.
Display LoginSpecify the message displayed to local login users after authentication. Thi is not displayed to anonymous login users.
Auxiliary ParametersUsed to add additional proftpd(8 parameters.

To confine FTP sessions to a local user’s home directory, ensure chroot is enabled and allow Local User Login.

Do not allow anonymous or root access unless it is necessary. For better security, enable TLS when possible (especially when exposing FTP to a WAN). TLS effectively makes this FTPS.

FTP Connection

Use a browser or FTP client to connect to the TrueNAS FTP share. The images below use FileZilla, a free option.

The user name and password are those of the local user account on the TrueNAS. The default directory is the same as the user’s /home directory. After connecting, you can create directories and upload/download files.

FilezillaFTPConnect

SFTP (SSH File Transfer Protocol) is available by enabling SSH remote access to the TrueNAS system. SFTP is more secure than standard FTP as it applies SSL encryption on all transfers by default.

Go to System Settings > Services, find the SSH entry, and click the .

ServicesSSHSCALE

Set Allow Password Authentication and decide if you need Log in as Root with Password.

SSH with root is a security vulnerability. It allows users to fully control the NAS remotely with a terminal instead of providing SFTP transfer access.

Review the remaining options and configure them according to your environment or security needs.

General Options

NameDescription
TCP PortOpen a port for SSH connection requests. Enter the port number.
Log in as Root with PasswordRoot logins are discouraged! Allows root logins. A password must be set for the root user account.
Allow Password AuthenticationSelect to allow password authentication. Enabling allows SSH login authentication using a password. Warning: when directory services are enabled, this setting grants access to all users the directory service imported. When disabled, authentication requires keys for all users (requires additional SSH client and server setup).
Allow Kerberos AuthenticationEnsure valid entries exist in Directory Services > Kerberos Realms and Directory Services > Kerberos Keytabs and the system can communicate with the kerberos domain controller before enabling this option. Select to allow kerberos authentication.
Allow TCP Port ForwardingSelect to let users bypass firewall restrictions using the SSH port forwarding feature.

Advanced Options

NameDescription
Bind InterfacesSelect interfaces on your system from the dropdown list for SSH to listen on. Leave all options unselected for SSH to listen on all interfaces.
Compress ConnectionsSelect to attempt to reduce latency over slow networks.
SFTP Log LevelSelect the syslog(3) facility of the SFTP server option from the dropdown list. Options are Quiet, Fatal, Error, Info, Verbose, Debug, Debug2 or Debug3.
SFTP Log FacilitySelect the syslog(3) facility of the SFTP server option from the dropdown list. Options are Daemon, User, Auth and Local 0 through Local7.
Weak CiphersSelect a cypher from the dropdown list. Options are None or AES128-CBC. To allow more chiphers for sshd(8) in addition to the defaults in sshd_config(5). Use None to allow unencrypted SSH connections. UseAES128-CBC to allow the 128-bit Advanced Encryption Standard.
WARNING: these ciphers are security vulnerabilities. Only allow them in a secure network environment.
Auxiliary ParametersAdd any more sshd_config(5) options not covered in this screen. Enter one option per line. Options added are case-sensitive. Missspellings can prevent the SSH service from starting.

SFTP Connections

Open an FTP client (like FileZilla) or command line. This article shows using FileZilla as an example. Using FileZilla, enter SFTP://‘TrueNAS IP’, ‘username’, ‘password’, and port 22 to connect.

SFTP does not offer chroot locking. While chroot is not 100% secure, lacking chroot lets users move up to the root directory and view internal system information. If this level of access is a concern, FTP with TLS might be the more secure choice.

The Trivial File Transfer Protocol (TFTP) is a lightweight version of FTP typically used to transfer configuration or boot files between machines, such as routers, in a local environment. TFTP provides a limited set of commands and provides no authentication.

If TrueNAS is only storing images and configuration files for network devices, configure and start the TFTP service. Starting the TFTP service opens UDP port 69.

ServicesTFTPSCALE

Path

NameDescription
DirectoryBrowse to an existing directory to use for storage. Some devices can require a specific directory name. Consult the documentation for that device to see if there are any restrictions. Click the arrow_right to the left of /mnt to open a list of directories.

Connection

NameDescription
HostThe default host to use for TFTP transfers. Enter an IP address. For example, 192.0.2.1 or in Shell 192.0.2.1
PortThe UDP port number that listens for TFTP requests. For example, 8050 or in Shell 8050.
UsernameSelect the account to use for TFTP requests from the dropdown list of options that includes but not limted to root, daemon, operator, nobody and all the other usernames on the system. This account must have permission to the what is specified in Directory.

Access

NameDescription
File PermissionsAdjust the file permissions using the Read, Write and Execute permissions for the User and Group checkboxes. Select all that apply.
Allow New FilesSelect when network devices need to send files to the system.

Other Options

NameDescription
Auxiliary ParametersAdd more options from tftpd. Add one option on each line.

Network devices use the Link Layer Discovery Protocol (LLDP) to advertise their identity, capabilities, and neighbors on an Ethernet network. TrueNAS uses the ladvd LLDP implementation. When the local network contains managed switches, configuring and starting LLDP tells TrueNAS to advertise itself on the network.

To configure LLDP, go to System Settings > Services, find LLDP and click the .

ServicesLLDPSCALE

General Options

NameDescription
Interface DescriptionEnables receive mode. Any received peer information is saved in interface descriptions.
County CodeTwo-letter ISO 3166-1 alpha-2 code used to enable LLDP location support.
LocationThe physical location of the host.

Set Interface Description and enter a Country Code before enabling the LLDP service.

A virtual private network (VPN) is an extension of a private network over public resources. It lets clients securely connect to a private network even when remotely using a public network. TrueNAS provides OpenVPN as a system-level service to provide VPN server or client functionality. TrueNAS can act as a primary VPN server that allows remote clients to access system data using a single TCP or UDP port. Alternatively, TrueNAS can integrate into a private network, even when the system is in a separate physical location or only has access to publicly visible networks.

Before configuring TrueNAS as either an OpenVPN server or client, you need an existing public key infrastructure (PKI) with Certificates and Certificate Authorities created in or imported to TrueNAS.

Certificates allow TrueNAS to authenticate with clients or servers by confirming a valid master Certificate Authority (CA) signed the network credentials. To read more about the required PKI for OpenVPN, see the OpenVPN PKI Overview.

In general, configuring TrueNAS OpenVPN (server or client) includes selecting networking credentials, setting connection details, and choosing additional security or protocol options.

OpenVPN Client

Go to System Settings > Services and find OpenVPN Client. Click the to configure the service.

OpenVPNClient

Choose the certificate to use as an OpenVPN client. The certificate must exist in TrueNAS and be active (unrevoked). Enter the Remote OpenVPN server’s hostname or IP address.

Continue to review and choose any other Connection Settings that fit your network environment and performance requirements. The Device Type must match the OpenVPN server Device Type. Nobind prevents using a fixed port for the client and is enabled by default so the OpenVPN client and server run concurrently.

Finally, review the Security Options and ensure they meet your network security requirements. If the OpenVPN server uses TLS Encryption, copy the static TLS encryption key and paste it into the TLS Crypt Auth field.

OpenVPN Server

Go to System Settings > Services and find OpenVPN Server. Click the to configure the service.

OpenVPNServer

Choose a Server Certificate for the OpenVPN server. The certificate must exist in TrueNAS and be active (unrevoked).

Now define an IP address and netmask for the OpenVPN Server. Select the remaining Connection Settings that fit your network environment and performance requirements. If using a TUN Device Type, you can choose a virtual addressing topology for the server in Topology:

  • NET30: Use one /30 subnet per client in a point-to-point topology. Use when connecting clients are Windows systems.
  • P2P: Point-to-point topology that points the local server and remote client endpoints to each other. Each client gets one IP address. Use when none of the clients are Windows systems.
  • SUBNET: The interface uses an IP address and subnet. Each client gets one IP address. Windows clients require the TAP-Win32 driver version 8.2 or newer. TAP devices always use the SUBNET Topology.

TrueNAS applies the Topology selection to any connected clients.

When TLS Crypt Auth Enabled is selected, TrueNAS generates a static key for the TLS Crypt Auth field after saving the options. To change this key, click Renew Static Key. Clients connecting to the server require the key. TrueNAS stores keys in the system database and includes them in client config files. We recommend always backing up keys in a secure location.

Finally, review the Security Options and choose settings that meet your network security requirements.

After configuring and saving your OpenVPN Server, generate client configuration files to import to any OpenVPN client systems connecting to this server. You need the certificate from the client system already imported into TrueNAS. To generate the configuration file, click Download Client Config and select the Client Certificate.

Common Options (Client or Server)

Many OpenVPN server or client configuration fields are identical. This section covers these fields and lists specific configuration options in the Server and Client sections.

The Additional Parameters field manually sets any core OpenVPN config file options. See the OpenVPN Reference Manual for descriptions of each option.

Connection Settings

SettingDescription
Root CAThe Certificate Authority (CA) must be the root CA you used to sign the client and server certificates.
PortThe port that the OpenVPN connection is to use.
CompressionChoose a compression algorithm for traffic. Leave empty to send data uncompressed.

LZO is a standard compression algorithm that is backward compatible with previous (pre-2.4) versions of OpenVPN.

LZ4 is newer and typically faster and requires fewer system resources.
ProtocolChoose between UDP or TCP OpenVPN protocols. UDP sends packets in a continuous stream. TCP sends packets sequentially.

UDP is usually faster and less strict about dropped packets than TCP.

To force the connection to be IPv4 or IPv6, choose one of the 4 or 6 UDP or TCP options.
Device TypeUse a TUN or TAP virtual networking device and layer with OpenVPN. The device must be identical between the OpenVPN server and clients.

Security Options

OpenVPN includes several security options since using a VPN involves connecting to a private network while sending data over less secure public resources. Security options are not required, but they help protect data users send over the private network.

SettingDescription
Authentication AlgorithmValidates packets sent over the network connection. Your network environment might require a specific algorithm. If not, SHA1 HMAC is a reliable algorithm to use.
CipherEncrypts data packets sent through the connection. Ciphers aren’t required but can increase connection security. You might need to verify which ciphers your networking environment requires. If there are no specific cipher requirements, AES-256-GCM is a good default choice.
TLS EncryptionWhen TLS Crypt Auth Enabled is selected, OpenVPN adds another layer of security by encrypting all TLS handshake messages. This setting requires sharing a static key between the OpenVPN server and clients.

Service Activation

Click Save after configuring the server or client service. Start the service by clicking the related toggle in System Settings > Services. Hover over the toggle to check the service current state.

Selecting Start Automatically starts the service whenever TrueNAS completes booting.

S3 allows you to connect to TrueNAS from a networked client system with the Minio browser, s3cmd, or S3 browser.

S3 is an object storage protocol that many major cloud providers like Amazon Web Services™ use. On TrueNAS, the service is another way to store files and can be viewed with a web browser. Because S3 is the de facto standard for cloud-based storage, setting up an S3 service allows organizations or online application developers to use TrueNAS to replace or archive expensive cloud storage.

Setting up the S3 service

Having large numbers of files (>100K for instance) in a single bucket with no sub-directories can harm performance and cause stability issues.

Go to the System Settings > Services and find S3, then click to configure the service.

ServicesS3SCALE

S3 Configuration Options

NameDescription
IP Address Select an IP address from the dropdown list options 0.0.0.0, ::, or enter the IP address that runs the S3 service. Select 0.0.0.0 to tell the server to listen on all addresses. Select the TrueNAS IP address to constrain it to a specific network.
PortEnter a static port for the MinIO web console. Default is 9001.
Console PortEnter the TCP port that provides the S3 service.
Access KeyEnter the S3 access ID. See Access keys for more information.
Secret KeyEnter the S3 secret access key. See Access keys for more information.
DiskBrowse to a directory to define the S3 file system path.
Enable BrowserEnables the S3 service web UI. Access the MinIO web UI by entering the IP address and port number separated by a colon in the browser address bar. Example: 192.168.1.0:9000.
CertificateUse an SSL certificate created or imported in Credentials > Certificates for secure S3 connections.
TLS Server Hostname / TLS Server URIDisplays if using an SSL certificate. Enter the MinIO server proxy-able address.

Select a clean dataset, one that doesn’t have existing data files. Minio manages files as objects that you cannot mix with other dataset files. You can create new datasets by going to Storage and clicking > Add Dataset.

Configure the remaining options as needed in your environment and start the service after saving any changes.

Minio Connections

When Enable Browser is selected, test Minio browser access by opening a web browser and typing the TrueNAS IP address with the TCP port. You must allow the chosen Port through the network firewall to permit creating buckets and uploading files. Example: https://192.168.0.3:9000.

Minio supports two different connection methods.

s3cmd

Linux or macOS users must have the s3cmd service installed before beginning this setup. On Windows, users can also refer to S3Express for a similar command-line experience.

Ubuntu or other Linux distributions can access the configuration by running s3cmd --configure to walk through critical settings.

Enter the specified access key and the secret key. Under the S3 Endpoint, enter the TrueNAS IP address followed by TCP port, and reply N to the DNS-style bucket+hostname.

Save the file. On Linux, the default is in the home directory ~/.s3cfg.

If the connection has any issues, open .s3cfg again to troubleshoot. In Ubuntu, use nano .s3cfg or vi .s3cfg or gedit .s3cfg depending on the preferred text editor. For other operating systems, .s3cfg file location and editing tools might vary.

Scroll down to the host_bucket area and ensure the configuration removed the %(bucket)s. portion and the address points to the IP_address:TCP_port for the system.

Correct Example

host_base = `192.168.123.207:9000`
host_bucket = `192.168.123.207:9000`

Incorrect Example

host_base = `192.168.123.207`
host_bucket = `%(bucket)s.192.168.123.207`

Poll the buckets using s3cmd ls to see the buckets created with the Minio browser.

For more information on using Minio with s3cmd, see https://docs.minio.io/docs/s3cmd-with-minio.html and https://s3tools.org/s3cmd.

S3 Browser (Windows)

The Windows PC S3 browser is another convenient way to connect to the Minio S3 from TrueNAS.

To set it up, first install the S3 browser.

After installation completes, add a new account.

AmazonS3NewAccount

In the settings, select S3 Compatible Storage as the Account Type, then enter the Minio access point similar to the s3cmd setup (TrueNAS_IP_address:9000 or other port if set differently). Select the SSL settings appropriate for the particular setup. The S3 browser assumes SSL by default, but it can be unset for a LAN attached session.

AmazonS3EditAccount

It is possible to access, create new buckets, or upload files to created buckets.

AmazonS3Browser

SNMP (Simple Network Management Protocol) monitors network-attached devices for conditions that warrant administrative attention. TrueNAS uses Net-SNMP to provide SNMP. To configure SNMP, go to System Settings > Services page, find SNMP, and click the .

ServicesSNMPSCALE

General Options

NameDescription
LocationEnter the location of the system.
ContactE-mail address that receives SNMP service messages.
CommunityChange from public to increase system security. Can only contain alphanumeric characters, underscores (_), dashes (-), periods (.), and spaces. This can be left empty for SNMPv3 networks.

SNMP v3 Options

NameDescription
SNMP v3 SupportSet to to enable support for SNMP version 3. See snmpd.conf(5) for configuration details.
UsernameEnter a username to register with this service.
Authentication TypeChoose an authentication method: --- for none, SHA, or MD5
PasswordEnter a password of at least eight characters.
Privacy ProtocolChoose a privacy protocol: --- for none, AES, or DES
Privacy PassphraseEnter a separate privacy passphrase. If field is left blank, the default Password is used.

Other Options

NameDescription
Auxiliary ParametersEnter any additional snmpd.conf options. Add one option for each line.
Expose zilstat via SNMPEnabling this option may have performance implications on your pools.
Log LevelChoose how many log entries to create. Choices range from least (Emergency) to most (Debug).

Port UDP 161 listens for SNMP requests when starting the SNMP service.

Management Information Bases (MIBs)

Available Management Information Bases (MIBs) are located in /usr/local/share/snmp/mibs. This directory contains many files routinely added or removed from the directory. Check the directory on your system by going to System Settings > Shell and entering ls /usr/local/share/snmp/mibs. Here is a sample of the directory contents:

ServicesSNMPsampleSCALE

(Video URL: https://www.truenas.com/docs/files/scaleangelfishsshaccess.mp4)

The SSH service lets users connect to TrueNAS with the Secure SHell Transport Layer Protocol. When using TrueNAS as an SSH server, the users in the network must use SSH client software to transfer files with SSH.

Allowing external connections to TrueNAS is a security vulnerability! Do not enable SSH unless you require external connections.

Activate or configure the SSH service on the System Settings > Services page.

To configure SSH go to System Settings > Services, find SSH, and click .

ServicesSSHSCALE

Configure the options as needed to match your network environment.

General Options

NameDescription
TCP PortOpen a port for SSH connection requests. Enter the port number.
Log in as Root with PasswordRoot logins are discouraged! Allows root logins. A password must be set for the root user account.
Allow Password AuthenticationSelect to allow password authentication. Enabling allows SSH login authentication using a password. Warning: when directory services are enabled, this setting grants access to all users the directory service imported. When disabled, authentication requires keys for all users (requires additional SSH client and server setup).
Allow Kerberos AuthenticationEnsure valid entries exist in Directory Services > Kerberos Realms and Directory Services > Kerberos Keytabs and the system can communicate with the kerberos domain controller before enabling this option. Select to allow kerberos authentication.
Allow TCP Port ForwardingSelect to let users bypass firewall restrictions using the SSH port forwarding feature.

Advanced Options

NameDescription
Bind InterfacesSelect interfaces on your system from the dropdown list for SSH to listen on. Leave all options unselected for SSH to listen on all interfaces.
Compress ConnectionsSelect to attempt to reduce latency over slow networks.
SFTP Log LevelSelect the syslog(3) facility of the SFTP server option from the dropdown list. Options are Quiet, Fatal, Error, Info, Verbose, Debug, Debug2 or Debug3.
SFTP Log FacilitySelect the syslog(3) facility of the SFTP server option from the dropdown list. Options are Daemon, User, Auth and Local 0 through Local7.
Weak CiphersSelect a cypher from the dropdown list. Options are None or AES128-CBC. To allow more chiphers for sshd(8) in addition to the defaults in sshd_config(5). Use None to allow unencrypted SSH connections. UseAES128-CBC to allow the 128-bit Advanced Encryption Standard.
WARNING: these ciphers are security vulnerabilities. Only allow them in a secure network environment.
Auxiliary ParametersAdd any more sshd_config(5) options not covered in this screen. Enter one option per line. Options added are case-sensitive. Missspellings can prevent the SSH service from starting.

Remote systems may require root access. Be sure to have all security precautions in place before allowing root access.

We recommend these additional SSH service options:

  • Add NoneEnabled no to Auxiliary Parameters to disable the insecure none cipher.
  • Increase the ClientAliveInterval if SSH connections tend to drop.
  • Increase the ClientMaxStartup value (10 is default) when you need more concurrent SSH connections.

Remember to enable the SSH service in System Settings > Services after making changes. To create and store specific SSH connections and keypairs, go to Credentials > Backup Credentials.

TrueNAS uses Network UPS Tools NUT to provide UPS support. After connecting the TrueNAS system UPS device, configure the UPS service by going to System settings > Services, finding UPS, and clicking .

ServicesUPSSCALE

General Options

NameDescription
IdentifierType a description for the UPS device. You can use alphanumeric, period (.), comma (,), hyphen (-), and underscore (_) characters. This is a required field.
UPS ModeSelect the mode from the dropdown list. Options are Master if the UPS is plugged directly into the system serial port, or Slave to have this system shut down before the master system. The UPS remains the last item to shut down. See the Network UPS Tools Overview.
DriverSelect the device driver from the dropdown list. See the Network UPS Tools compatibility listfor a list of supported UPS devices. This is a required field.
Port or HostnameSelect the serial or USB port connected to the UPS from the dropdown list. Options include a list of port on your system and auto. Select auto to automatically detect and manage the USB port settings.
When an SNMP driver is selected, enter the IP address or host name of the SNMP UPS device. This is a required field.

Monitor

NameDescription
Monitor UserEnter a user to associate with this service. Keeping the default is recommended.
Monitor PasswordChange the default password to improve system security. The new password cannot include a space or #.
Extra UsersEnter accounts that have administrative access. See upsd.users(5) for examples.
Remote MonitorSelect to have the default configuration to listen on all interfaces using the known values of user: upsmon and password: fixmepass.

Shutdown

NameDescription
Shutdown ModeSelect the battery option to used when the UPS initiates shutdown. Dropdown list options are UPS reaches low battery or UPS goes on battery.
Shutdown TimerEnter a value in seconds for the UPS to wait before initiating shutdown. Shutdown does not occur if power is restored while the timer is counting down. This value only applies when Shutdown Mode is set to UPS goes on battery.
Shutdown CommanEnter a command to shut down the system when either battery power is low or the shutdown timer ends.
Power off UPSSelect for the UPS to power off after shutting down the system.

Email

NameDescription
Send Email Status UpdatesSelect to enable sending messages to the address defined in the Email field.
EmailEnter any email addresses to receive status updates. Separate entries by pressing Enter.
Email SubjectEnter the subject for status emails.

Other Options

NameDescription
No Communication Warning TimeEnter the number of seconds to wait before alerting that the service cannot reach any UPS. Warnings continue until the situation is fixed.
Host SyncUpsmon waits up to this many seconds in master mode for the slaves to disconnect during a shutdown situation.
DescriptionEnter a description for this service.
Auxiliary Parameters (ups.conf)Enter any extra options from ups.conf.
Auxiliary Parameters (upsd.conf)Enter any extra options from upsd.conf.

Some UPS models are unresponsive with the default polling frequency (default is two seconds). TrueNAS displays the issue in logs as a recurring error like libusb_get_interrupt: Unknown error. If you get an error, decrease the polling frequency by adding an entry to Auxiliary Parameters (ups.conf): pollinterval = 10.

upsc(8) can get status variables like the current charge and input voltage from the UPS daemon. Run this in System Settings > Shell using the syntax upsc ups@localhost. The upsc(8) manual page has other usage examples.

upscmd(8) can send commands directly to the UPS, assuming the hardware supports it. Only users with administrative rights can use this command. You can create them in the Extra Users field.

For USB devices, the easiest way to determine the correct device name is to set Show console messages in System Settings > Advanced. Plug in the USB device and look for a /dev/ugen or /dev/uhid device name in the console messages.
A UPS with adequate capacity can power multiple computers. One computer connects to the UPS data port with a serial or USB cable. This primary system makes UPS status available on the network for other computers. The UPS powers the secondary computers, and they receive UPS status data from the primary system. See the NUT User Manual and NUT User Manual Pages.