English Community

Datacenter StorageLenovo Iomega Networking Storage
All Forum Topics
Options

2 Posts

10-19-2012

Australia

3 Signins

62 Page Views

  • Posts: 2
  • Registered: ‎10-19-2012
  • Location: Australia
  • Views: 62
  • Message 1 of 2

EZ Media & Backup ssh without password

2015-12-06, 0:12 AM

Hi guys,

 

Need your opinion to setup passwordless access to the EZ Media & Bckup NAS.

After enabling through diagnostic page the ssh access I can easily use it to login via shell. But when I add public keys to the authorized_keys file and try to use passwordless login (for backup script purpose) it shows the next error:

 

root@BLACKSWAN:/# /usr/sbin/sshd -p 1234 -D -d -e

...

Authentication refused: bad ownership or modes for directory /

 

 

And the permissions for root:

root@BLACKSWAN:/# ls -ld /
drwxrwxrwt 21 root root 600 Dec 4 20:28 /

 

The whole root folrers look like this:

root@BLACKSWAN:/# ls -la /
total 10
drwxrwxrwt 21 root root 600 Dec 4 20:28 .
drwxrwxrwt 21 root root 600 Dec 4 20:28 ..
-rw------- 1 root root 3432 Dec 6 00:23 .bash_history
drwx------ 3 root root 60 Dec 4 20:28 .config
-rw-r--r-- 1 root root 0 Nov 27 20:13 .init_enable_core
drwx------ 2 root root 120 Dec 5 23:29 .mc
drwx------ 2 root root 60 Dec 4 18:16 .ssh
lrwxrwxrwx 1 root root 13 Nov 27 20:13 bin -> /mnt/apps/bin
drwxr-xr-x 6 root root 4096 Nov 27 20:13 boot
lrwxrwxrwx 1 root root 10 Nov 27 20:13 debug -> /etc/debug
drwxr-xr-x 8 root root 7280 Nov 27 20:14 dev
drwxr-xr-x 1 root root 1024 Dec 5 22:52 etc
drwxr-xr-x 3 root root 60 Dec 4 20:45 home
drwxr-xr-x 12 user1 default 1024 Nov 27 20:13 initrd
lrwxrwxrwx 1 root root 13 Nov 27 20:13 lib -> /mnt/apps/lib
lrwxrwxrwx 1 root root 4 Nov 27 20:13 lib64 -> /lib
drwxr-xr-x 7 root root 140 Nov 30 07:36 mnt
drwxr-xr-x 3 root root 60 Nov 30 11:20 net
drwxr-xr-x 8 root root 180 Nov 30 22:39 nfs
drwxr-xr-x 2 root root 171 Sep 11 21:01 oem
lrwxrwxrwx 1 root root 15 Nov 27 20:14 opt -> /mnt/system/opt
dr-xr-xr-x 105 root root 0 Jan 1 1970 proc
drwxr-xr-x 4 root root 200 Dec 6 10:45 ram
drwxr-xr-x 15 root root 720 Dec 5 22:57 run
lrwxrwxrwx 1 root root 14 Nov 27 20:13 sbin -> /mnt/apps/sbin
drwxr-xr-x 2 root root 40 Nov 27 20:13 selinux
drwxr-xr-x 11 root root 0 Jan 1 1970 sys
drwxrwxrwt 6 root root 500 Dec 6 11:04 tmp
lrwxrwxrwx 1 root root 13 Nov 27 20:13 usr -> /mnt/apps/usr
drwxr-xr-x 8 root root 220 Nov 27 20:13 var
root@BLACKSWAN:/# 

 

Based on the sshd info ~/.ssh should be 700, and authorized_keys should be 600. But looks like the device has the issue even earlier in / folder.

 

Question: Is there any chance to fix this by setting proper access rights to / folder and not to break the whole system? Or it might be another way to do that on mount of that root? Or another way?

 

Would appreciate any answer.

 

Thank you,

Dmitry

 

Solved! See the solution
Reply
Options

23 Posts

01-18-2016

AU

20 Signins

197 Page Views

  • Posts: 23
  • Registered: ‎01-18-2016
  • Location: AU
  • Views: 197
  • Message 2 of 2

Re: EZ Media & Backup ssh without password

2016-01-19, 1:13 AM

Dmitry

 

Yeah, it seems rather dangerous that the root filesystem is writeable.  The thing is, the root filesystem is a ramdisk, so any changes will be lost on the next boot.  Perhaps you could repeat the "chmod" commands in a startup script or crontab, but I've never tried, not having needed to.  The good news is, if you try "chmod" on the root filesystem and it does break stuff, a reboot should fix it.  You probably don't need 700 on root (which I'm fairly sure will cause problems), and 755 on all parent directories of the ~/.ssh dir should be enough for sshd to be happy, and as long as ~/.ssh is 700 and the authorized_keys file is 600.

 

 

Due to all the weirdness in these embedded systems, I decided to not mess with the default sshd installation at all.  Instead, I installed Optware, and thence DropBear, which I run on an alternative port; then I disabled the built-in sshd.

 

If you want to setup Optware, you can do so by following the instructions at this link: http://iomega.nas-central.org/wiki/Category:LifeLine

 

I can't recommend Optware enough.  Once it was setup, I installed sudo, bash, less, rsync, cron and of course dropbear.  Optware is a very light touch mod, with almost everything located within a separate directory structure.  Optware apps hook in via just one start-up script /etc/rc2.d/S99optware, and the paths can be added into the system-wide /etc/profile.  Apart from that, everything is kept separate.  For instance, you can create crontab entries that are independent of the system-provided crontabs.  If you don't like optware, just remove the script from /etc/rc2.d, and any updates to /etc/profile and you're back to stock behaviour.  A full clean-up can be performed by uninstalling all of the packages.

 

Once the dropbear package is installed, add the following to /opt/etc/default/dropbear:

 

  DROPBEAR_ENABLE=yes
  DROPBEAR_PORT="1234 -w -K 60"

 

I created home directories in /nfs/_special/.home/, and put those into /etc/passwd instead of the default /mnt/pools/ used for all users.

 

Dropbear, and any other Optware-installed daemons, will be started on next boot.  Or you can once-off run the Optware init script /etc/rc2.d/S99optware.

 

Cheers

Jeremy

 

0 person found this solution to be helpful.

This helped me too

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete