The initial implementation of the TrueNAS SCALE administrator login permitted users to continue using the root user but encouraged users to create a local administrator account when first installing SCALE.
Starting with SCALE Bluefin 22.12.0, root account logins are deprecated for security hardening and to comply with Federal Information Processing Standards (FIPS). All TrueNAS users should create a local administrator account with all required permissions and begin using it to access TrueNAS.
The SSH Connections and SSH Keypairs widgets on the Backup Credentials screen display a list of SSH connections and keypairs configured on the system. Using these widgets, users can establish Secure Socket Shell (SSH) connections.
You must also configure and activate the SSH Service to allow SSH access.
Creating an SSH Connection To begin setting up an SSH connection, go to Credentials > Backup Credentials.
Figure 1: Backup Credentials Screen Click Add on the SSH Connections widget.
Configuring SFTP Service SSH File Transfer Protocol (SFTP), is available by enabling SSH remote access to the TrueNAS system. SFTP is more secure than standard FTP as it applies SSL encryption on all transfers by default.
Go to Services, find the SSH entry, and click the edit.
Select Allow Password Authentication.
Evaluate Log in as Root with Password for your security environment: SSH with root is a security vulnerability. It allows more than SFTP transfer access.
The Backup Credentials screen displays the SSH Connections and SSH Keypairs widgets.
You must also configure and activate the SSH Service to allow SSH access.
SSH Connection and Keypairs Widgets The SSH Connections and SSH Keypairs widgets display a list of SSH connections and keypairs configured on the system.
Figure 1: Backup Credentials Screen The SSH Connections widget allows users to establish Secure Socket Shell (SSH) connections. The SSH Keypairs widget allows users to generate SSH keypairs required to authenticate the identity of a user or process that wants to access the system using SSH protocol.
You often need to copy data to another system for backup or when migrating to a new system. A fast and secure way of doing this is by using rsync with SSH.
Rsync provides the ability to either push or pull data. The Push function copies data from TrueNAS to a remote system. The Pull function moves or copies data from a remote system and stores it in the defined Path on the TrueNAS host system.
The Rsync Task widget on the Data Protection screen shows configured rsync tasks configured on the TrueNAS system, and provides access to configuration screens to add single-time or scheduled recurring transfers between TrueNAS SCALE and an rsync backup server. Rsync tasks are an effective method to back up data to a remote location.
Rsync Task Widget The Rsync Tasks widget shows a list of tasks configured on the system.
Figure 1: Data Protection Rsync Task Widget The Rsync Tasks widget shows No Rsync Tasks configured before adding a task.
Follow these best practices to administer TrueNAS securely. These generally apply to either TrueNAS CORE or TrueNAS SCALE, but each software might place the related options in slightly different web interface locations.
General Recommendations Modifying the base TrueNAS firmware image is unsupported and can create security issues. Keep TrueNAS up-to-date with the most recent updates for your supported version. Upgrade to new major releases promptly consistent with the deployment use case.
The SSH service lets users connect to TrueNAS with the Secure SHell Transport Layer Protocol. When using TrueNAS as an SSH server, the users in the network must use SSH client software to transfer files with SSH.
Allowing external connections to TrueNAS is a security vulnerability! Do not enable SSH unless you require external connections. See Security Recommendations for more security considerations when using SSH. Configuring SSH Service To configure SSH go to System Settings > Services, find SSH, and click edit to open the basic settings General Options configuration screen.
The System Settings > Services > SSH screen allows you to set up SSH service on TrueNAS SCALE.
Click edit to open the Services > SSH configuration screen.
Allowing external connections to TrueNAS is a security vulnerability! Do not enable SSH unless you require external connections. See Security Recommendations for more security considerations when using SSH. You must also configure SSH backup credentials to allow SSH access. See SSH Screens for more information.
Global Two-factor authentication (2FA) is great for increasing security.
TrueNAS offers global 2FA to ensure that entities cannot use a compromised administrator root password to access the administrator interface.
Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes.
Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes.
TrueNAS CORE
TrueNAS Enterprise
TrueNAS SCALE
Compare Editions
TrueCommand
Software Status
FreeNAS
Compare Systems
F-Series
M-Series
X-Series
R-Series
Mini Series
Download TrueNAS CORE
Download TrueNAS SCALE
Get TrueNAS Enterprise
Where to Buy