Configuring SSH public key authentication on a QNAP NAS can be a bit complicated. Up to QNAP firmware 4.0.5, it was hardcoded in the embedded version of sshd that admin was the only accepted user. Even if it’s not the case anymore, it still doesn’t make it easy to setup public key authentication, one reason being that most of the configuration files are overwritten at startup.
The official Wiki article advocates for a hack to run a script some time after the NAS boots. I also found another article instructing to override the original binary problem by the openssh binary from ipkg.
I did some experiencing and the solution I found the easiest, fastest and satisfying was to setup the ipkg OpenSSH package alongside with the original sshd package which can be disabled using the Web GUI.
Disclamer: Use at your own risk! I hold no responsibility for any damage or data loss that could occur following this tutorial.
Here is how it goes:
In this article I configure such as I can login without password from server1 to my nas using the user newuser.
NAS’s main storage: /share/MD0
NAS target user: newuser
In the NAS’s web GUI, in the App center, look for and install Optware ipkg
ipkg update ipkg openssh
Change OpenSSH’s port
OpenSSH cannot run on port 22 because the default sshd is already using it, we need to change it.
Edit /opt/etc/openssh/sshd_config and find the following line:
Uncomment it such as:
Note that you can edit the port as you like as long as you choose a free port.
Create home directory
By default there is no home directories so we need to manually create them.
mkdir -p /share/MD0/homes/newuser chown newuser /share/MD0/homes/newuser cd /share ln -s /MD0/homes/ ./
Configure SSH to accept public key authentication
mkdir -p ~/.ssh chmod 700 ~/.ssh cat id_dsa.pub >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
Tested on a TS-410 running firmware 4.1.1