Pubkey ssh authentication on NAS4Free

I deployed a NAS4Free box behind a Tomato router, and wanted remote ssh access to it.

1. Ensure tcp/22 is not forwarded to any untrusted subnets via your router/firewall.
2. Temporarily enable password authentication in the GUI and click Save/Restart.
3. Login to the NAS4Free server via ssh using root and your webGUI password.
4. Create .ssh directory and set permissions to drwx------ (i.e. 700)
   1. mkdir .ssh
   2. chmod 700 .ssh
5. Now create the host ssh key and set it in the GUI
   1. cd .ssh
   2. ssh-keygen [-t dsa] -f hostkey (accept defaults)
   3. Open ~/.ssh/hostkey and paste this into the Private Key field in the GUI.
6. Create a client key on your client/laptop/desktop that you want to connect without password.
7. Copy the public key into ~/.ssh/authorized_keys on NAS4Free.
8. Ensure the permissions are set to 700 on this file chmod 700 authorized_keys.
9. Look at /etc/ssh/sshd_config and add any necessary lines. I needed to paste the following into Extra options:

   RSAAuthentication yes
   AuthorizedKeysFile      %h/.ssh/authorized_keys
   PubkeyAcceptedKeyTypes ssh-dss
   

10. Click Save/Restart in GUI.
11. Ensure you can login without password.
12. Disable password authentication in the GUI and click Save/Restart. Your final configuration in the GUI should be as follows:

    Enable Challenge-Response Authentication - No
    Permit root login - Yes
    Password authentication - No
    TCP forwarding - Yes
    Private key - paste
    Extra options
    

13. Connect with an ssh client again now, without your key loaded, and confirm the login attempt is denied.