Pubkey ssh authentication on NAS4Free

I deployed a NAS4Free box behind a Tomato router, and wanted remote ssh access to it.

  1. Ensure tcp/22 is not forwarded to any untrusted subnets via your router/firewall.
  2. Temporarily enable password authentication in the GUI and click Save/Restart.
  3. Login to the NAS4Free server via ssh using root and your webGUI password.
  4. Create .ssh directory and set permissions to drwx------ (i.e. 700)
    1. mkdir .ssh
    2. chmod 700 .ssh
  5. Now create the host ssh key and set it in the GUI
    1. cd .ssh
    2. ssh-keygen [-t dsa] -f hostkey (accept defaults)
    3. Open ~/.ssh/hostkey and paste this into the Private Key field in the GUI.
  6. Create a client key on your client/laptop/desktop that you want to connect without password.
  7. Copy the public key into ~/.ssh/authorized_keys on NAS4Free.
  8. Ensure the permissions are set to 700 on this file chmod 700 authorized_keys.
  9. Look at /etc/ssh/sshd_config and add any necessary lines. I needed to paste the following into Extra options:
    RSAAuthentication yes
    AuthorizedKeysFile      %h/.ssh/authorized_keys
    PubkeyAcceptedKeyTypes ssh-dss
  10. Click Save/Restart in GUI.
  11. Ensure you can login without password.
  12. Disable password authentication in the GUI and click Save/Restart. Your final configuration in the GUI should be as follows:
    Enable Challenge-Response Authentication - No
    Permit root login - Yes
    Password authentication - No
    TCP forwarding - Yes
    Private key - paste
    Extra options
  13. Connect with an ssh client again now, without your key loaded, and confirm the login attempt is denied.