Setup SSH public key authentication on a QNAP NAS

Configuring SSH public key authentication on a QNAP NAS can be a bit complicated. Up to QNAP firmware 4.0.5, it was hardcoded in the embedded version of sshd that admin was the only accepted user. Even if it’s not the case anymore, it still doesn’t make it easy to setup public key authentication, one reason being that most of the configuration files are overwritten at startup.

The official Wiki article advocates for a hack to run a script some time after the NAS boots. I also found another article instructing to override the original  binary problem by the openssh binary from ipkg.

I did some experiencing and the solution I found the easiest, fastest and satisfying was to setup the ipkg OpenSSH package alongside with the original sshd package which can be disabled using the Web GUI.

Disclamer: Use at your own risk! I hold no responsibility for any damage or data loss that could occur following this tutorial.

Here is how it goes:

In this article I configure such as I can login without password from server1 to my nas using the user newuser.

NAS’s main storage: /share/MD0

NAS target user: newuser

Install ipkg

In the NAS’s web GUI, in the App center, look for and install Optware ipkg

Install OpenSSH

ipkg update
ipkg openssh

Change OpenSSH’s port

OpenSSH cannot run on port 22 because the default sshd is already using it, we need to change it.

Edit  /opt/etc/openssh/sshd_config and find the following line:

#Port 50

Uncomment it such as:

Port 50

Note that you can edit the port as you like as long as you choose a free port.

Create home directory

By default there is no home directories so we need to manually create them.

mkdir -p /share/MD0/homes/newuser
chown newuser /share/MD0/homes/newuser
cd /share
ln -s /MD0/homes/ ./

Configure SSH to accept public key authentication

mkdir -p ~/.ssh
chmod 700 ~/.ssh
cat >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Start OpenSSH

/opt/etc/init.d/S40sshd start

Tested on a TS-410 running firmware 4.1.1

Leave a Reply