Secure shell comes disabled by default in openmediavault, when installing openmediavault on top a Debian installation, the systemd unit will be disabled after the server packages are installed. Just login into web interface to re-enable the ssh service.
The configuration options are minimal, But is possible to:
Disable the root login
Disable password authentication
Enable public key authentication (PKA)
Enable tunneling (for SOCKS and port forward)
An extra text field is provided to enter more options. Examine first the
/etc/ssh/sshd_config before adding extra options otherwise the
option will not be applied. In that case is necessary change the environmental variable.
Normal openmediavault users created in the web interface can access the remote shell by adding them to the ssh group. Using PKA for users requires keys to be added to their profile, this is done in the Users section. The key has to be added in RFC 4716 format. To do that run:
$ ssh-keygen -e -f nameofthekey.pub
Paste the output in the users profile at
Users | Users | <USERNAME> | Edit | Public Keys.
The number of keys per user is unlimited. A public key in RFC 4716 looks like this:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "iPhone user1"
---- END SSH2 PUBLIC KEY ----
The comment string is very important. This will help track down when is necessary to revoke the key in case it gets lost or stolen.
If root login has been disabled and need to perform administrative tasks in the terminal, swap to root by typing:
To use sudo for root operations add the user to the sudo group.
The SFTP server comes enabled by default for root and ssh group. So POSIX folder permissions apply to non-root users accessing via SFTP.
- Remote WAN access
Forward in router/firewall a port different than 22. This will minimize bots fingering the ssh server.
Always use PKA.
Disable password login.
Disable root login.