SSH key-based access to a DXP2800 (latest UGOS firmware) #3
Description
Following instructions from UGREEN found on the internet I made an .ssh/authorized_keys file in the home directory of my administrator account. Giving it a temporary file extension of .txt I was also able to edit it on the NAS itself (to paste pub key lines).
Using my admin password I was able to open an SSH terminal to the NAS. After adding the appropriate pub key by editing authorized_keys and then removing the txt extension, I can now login with SSH without a password.
Today in an SSH terminal I edited sshd_config and set PasswordAuthentication to no. Then I restarted the sshd daemon by sudo systemctl restart sshd.
After doing this I checked in another terminal window on my Linux workstation that I could log in with SSH as administrator without a password.
I am not clear about how the NAS enforces the permissions set in the GUI, as all files appear to get 666 permissions and there's no plus in the ls -l output for ACL's. I tried with various user accounts and the NAS does enforce the permissions set in the GUI, as far as I can see.
In a terminal session they're all rwxrwxrwx, so I wonder how it works.
I am currently testing this DXP2800 NAS with two 3,5 disks of vastly different size I happened to have at hand. I made a BTFS storage pool.
It appears to work OK. I tested rsync copying locally from my off-site backup server of my main/old Netgear NAS at home.
Copying to and from the Shared Folders on the NAS with rsync works OK, it seems.
Copying with rsync to the various users personal folders is not straightforward. Files end up in odd places and it's hard to find out how to get it to do what I want. OTOH, it is perhaps totally unnecessary. Writing to and reading from Shared folders with rsync should be enough.
My off-site backup file server depends on it (using my own scripts).
If the setup of the DXP2800 all comes apart for some reason, I can start anew. I will have to anyway in order to change from the Netgear NAS to the new Ugreen one (keeping the same drives, or at least one of them). Just playing around now, getting to know the device.
I learned about SSH and key access on the many Raspberry Pi's I have running here on my LAN. I access those from various other computers an SSH terminal session very often. Most, but not all using RealVNC as well.
(I did see that UGO permissions for the .ssh/authorized_keys file are not the usual restrictive ones, but SSH works without complaining.)
Anyway, I have not found any use for your script. Am I overlooking something serious?