Comments on: How to Connect to Your FreeNAS Server via SSH Without A Password; Password Free Logins via Public Key Authentication http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a-password-password-free-logins-via-public-key-authentication/ The Free Network Attached Storage OS Sat, 03 Dec 2011 19:57:26 +0000 hourly 1 http://wordpress.org/?v=3.1.1 By: rEnr3n http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a-password-password-free-logins-via-public-key-authentication/comment-page-1/#comment-1966 rEnr3n Fri, 29 Jul 2011 15:33:35 +0000 http://www.learnfreenas.com/blog/?p=236#comment-1966 This is my freenas structure but I still can't do passwordless login: drwxr-xr-x 3 root wheel 512 Jul 29 09:54 /mnt drwxr-xr-x 4 root wheel 512 Jul 29 09:55 /mnt/mount drwx------ 4 admin admin 512 Jul 29 10:15 /mnt/mount/Data drwx------ 2 admin admin 512 Jul 29 10:10 /mnt/mount/Data/.ssh -rw------- 1 admin admin 399 Jul 29 10:10 /mnt/mount/Data/.ssh/authorized_keys I just get permission denied (publickey). But this is what I see in the log (Diagnostics|Log): SSH: Server;Ltype: Version;Remote: 192.168.2.11-xxxxx;Protocol: 2.0;Client: OpenSSH_5.8p1 Debian-1ubuntu3 xxxxx = random port number This is my freenas structure but I still can’t do passwordless login:

drwxr-xr-x 3 root wheel 512 Jul 29 09:54 /mnt
drwxr-xr-x 4 root wheel 512 Jul 29 09:55 /mnt/mount
drwx—— 4 admin admin 512 Jul 29 10:15 /mnt/mount/Data
drwx—— 2 admin admin 512 Jul 29 10:10 /mnt/mount/Data/.ssh
-rw——- 1 admin admin 399 Jul 29 10:10 /mnt/mount/Data/.ssh/authorized_keys

I just get permission denied (publickey). But this is what I see in the log (Diagnostics|Log):
SSH: Server;Ltype: Version;Remote: 192.168.2.11-xxxxx;Protocol: 2.0;Client: OpenSSH_5.8p1 Debian-1ubuntu3

xxxxx = random port number

]]> By: Al http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a-password-password-free-logins-via-public-key-authentication/comment-page-1/#comment-1312 Al Mon, 03 Jan 2011 21:06:53 +0000 http://www.learnfreenas.com/blog/?p=236#comment-1312 Why are you saying: "This will generate what is known as a private key and a public key. The private key must be kept save and secure and you must never distribute it in any form whatsoever. However the public key is for public consumption and this is what we will copy over to the FreeNAS server." When the GUI of the freenas server in the SSH windows says PRIVATE KEY, but your instructions say copy public key??? -Al Why are you saying:

“This will generate what is known as a private key and a public key. The private key must be kept save and secure and you must never distribute it in any form whatsoever. However the public key is for public consumption and this is what we will copy over to the FreeNAS server.”

When the GUI of the freenas server in the SSH windows says PRIVATE KEY, but your instructions say copy public key???

-Al

]]> By: Rafael http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a-password-password-free-logins-via-public-key-authentication/comment-page-1/#comment-1021 Rafael Sun, 27 Jun 2010 21:28:24 +0000 http://www.learnfreenas.com/blog/?p=236#comment-1021 Hello, Very thanks for tutorial. I´ desesperated with rsync + ssh + without password. Thanks Hello,
Very thanks for tutorial.
I´ desesperated with rsync + ssh + without password.
Thanks

]]> By: A few steps to secure a FreeNAS server « Binarymist http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a-password-password-free-logins-via-public-key-authentication/comment-page-1/#comment-947 A few steps to secure a FreeNAS server « Binarymist Mon, 05 Apr 2010 12:26:24 +0000 http://www.learnfreenas.com/blog/?p=236#comment-947 [...] http://www.freenaskb.info/kb/?View=entry&EntryID=257 http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a... [...] [...] http://www.freenaskb.info/kb/?View=entry&EntryID=257 http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a... [...]

]]> By: What is a good firewall for a server running FreeNAS? http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a-password-password-free-logins-via-public-key-authentication/comment-page-1/#comment-931 What is a good firewall for a server running FreeNAS? Sun, 21 Mar 2010 00:45:07 +0000 http://www.learnfreenas.com/blog/?p=236#comment-931 [...] Learn FreeNAS » How to Connect to Your FreeNAS Server via SSH Without A Password; Password Fre... [...] [...] Learn FreeNAS » How to Connect to Your FreeNAS Server via SSH Without A Password; Password Fre… [...]

]]> By: Roger Heathcote http://www.learnfreenas.com/blog/2009/07/22/how-to-connect-to-your-freenas-server-via-ssh-without-a-password-password-free-logins-via-public-key-authentication/comment-page-1/#comment-919 Roger Heathcote Wed, 10 Mar 2010 03:09:00 +0000 http://www.learnfreenas.com/blog/?p=236#comment-919 Thanks, very helpful article. It bears mentioning that to benefit from the improved security of using certificate based authentication you need to go into the web GUI to Services | SSH and untick "Enable keyboard-interactive authentication." If you don't disable password based logins you will have improved convenience but no better security. Technically it may be even worse as there are now two attack vectors! Also it is worth changing the default port if only as to spare your logs the constant barrage of failed brute force attempts. Strangely the command line argument for specifying a port is different between ssh (-p) and scp (-P), both choke if the wrong case is used, lord knows why that's how it is on my Ubuntu box! Also, I found that I needed to manually create the users ".ssh folder" and "authorized_keys" file manually before the "cat ~/id_rsa.pub >> ~/.ssh/authorized_keys" line would work. Anyway, thanks again & keep up the good work :) Roger. Thanks, very helpful article.

It bears mentioning that to benefit from the improved security of using certificate based authentication you need to go into the web GUI to Services | SSH and untick “Enable keyboard-interactive authentication.”

If you don’t disable password based logins you will have improved convenience but no better security. Technically it may be even worse as there are now two attack vectors!

Also it is worth changing the default port if only as to spare your logs the constant barrage of failed brute force attempts. Strangely the command line argument for specifying a port is different between ssh (-p) and scp (-P), both choke if the wrong case is used, lord knows why that’s how it is on my Ubuntu box!

Also, I found that I needed to manually create the users “.ssh folder” and “authorized_keys” file manually before the “cat ~/id_rsa.pub >> ~/.ssh/authorized_keys” line would work.

Anyway, thanks again & keep up the good work :)

Roger.

]]>