This is an old revision of the document!
Installed Version - NAS4Free-x64-LiveCD-22.214.171.124.43.ISO
SSH Key Authentication is used so you will not be prompted for a user-name and password when starting a secure, encrypted session. This is especially important if you want to automate your session. It is especially important if you will be transferring data over insecure networks such as the Internet.
This article provides links to information that has been known to help others. There is no best or easiest way to configure Key Authentication, everyone has their own favorite method. Everyone configures their system differently. You should follow the links and read the information, you may have to adapt procedures so they fit with your preferred system configuration. Eventually you will find a process that works great for you.
This article does not cover networking basics you will need to know and configure so you can communicate over the Internet.
Before deploying SSH Password-less / Key Authentication you should be familiar with:
Open a Terminal (Console, CLI) on your client PC and make sure you understand these commands:
You can also look them up on FreeBSD.org's Man Pages.
Or you may run it from the CDROM as required for testing.
You should now be capable of insecurely communicating via SSH with your server. Use PING and TRACEROUTE to verify that each Server can reach the other. You can use WebGUI Tab> Diagnostics|Ping and Diagnostics|Traceroute for this purpose. Finally connect with your client software as explained in SUG Section 2.6.4-SSH Client Basic Configuration.
This provides the best level of security while using SSH. The following, high level procedure assumes you have basic knowledge of *nix and have already configured your SSH client and FreeNAS SSH server.
We are starting with a clean NAS4Free server and clean Linux client that have never connected with each other before and have never been configured for Password-less / Key Authentication. We will configure Password-less / Key Authentication for the server's root account.
This simple, easy, 7 step procedure will work assuming you faithfully follow the instructions, enter commands exactly as shown in the example session and have not screwed things up already by previously failing with another procedure. Why is this so? Because the folders and files you may already have created will not have proper permissions and the commands must use the existing folders rather than create new, correct ones for you.
In the sample session below each step is marked with an echo command.
youruser@ubuntu:~$ youruser@ubuntu:~# echo STEP#2 STEP#2 youruser@ubuntu:~$ ssh -l root 192.168.1.233 The authenticity of host '192.168.1.233 (192.168.1.233)' can't be established. DSA key fingerprint is b2:d0:99:cb:6e:b6:53:95:4d:f4:b3:02:1d:bc:32:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.233' (DSA) to the list of known hosts. email@example.com's password: Last login: Thu Apr 5 18:20:54 2012 from 192.168.1.233 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. Welcome to NAS4Free! nas4free01:~# nas4free01:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f3:16:93:6a:65:73:b8:38:ab:0a:38:e7:92:8f:07:20 firstname.lastname@example.org The key's randomart image is: +--[ RSA 2048]----+ | | | | | | |E o | |o S O . | |.. B * | |ooo = + | |o=.. . + | |.+o ..... | +-----------------+ nas4free01:~# echo STEP#4 STEP#4 nas4free01:~# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys nas4free01:~# echo STEP#5 STEP#5 nas4free01:~# exit logout Connection to 192.168.1.233 closed. youruser@ubuntu:~# echo STEP#6 STEP#6 youruser@ubuntu:~$ scp -p email@example.com:~/.ssh/id_rsa ~/.ssh firstname.lastname@example.org's password: id_rsa 100% 1675 1.6KB/s 00:00 youruser@ubuntu:~# echo STEP#7 STEP#7 youruser@ubuntu:~$ ssh -l root 192.168.1.233 Last login: Thu Apr 5 18:22:36 2012 from 192.168.1.233 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. Welcome to NAS4Free! nas4free01:~# nas4free01:~#
For more details and examples of how to generate keys and use them, please read the following: