Full Access Locally?

kamhoe

kamhoe

Dabbler
Joined
Mar 30, 2016
Messages
26
I know the risk of having root access via SSH remotely & I agreed with that & I am planning to turn it off.

I use SFTP clients daily, such as WinSCP & FileZilla, locally & remotely from work, by using different ed25519 key authentications for different machines.

I am the only person that have access to TrueNAS & before I turn off the root SSH access, I want to know what is the easiest way to allow me to fully access all my Pools locally?
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Locally? Just keep using SSH and make sure your user has the right permissions to access the relevant data. Make sure nothing's being forwarded to the SSH port, especially common SSH ports like 22 or 2222.
 
kamhoe

kamhoe

Dabbler
Joined
Mar 30, 2016
Messages
26
Ericloewe said:
Locally? Just keep using SSH and make sure your user has the right permissions to access the relevant data. Make sure nothing's being forwarded to the SSH port, especially common SSH ports like 22 or 2222.
Click to expand...
If I understand you correctly, are you suggesting to turn off SSH for Root account & create a new user account for SSH?

Root is the only user for my TrueNAS.

If I create a new user, TrueNAS doesn't allow "/mnt/" as home directory & I won't be able to access all my Pools, right?

Also, I am using a different port for SSH other than 22 or 2222 & nothing else is forwarded to the SSH port.

Thanks.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
kamhoe said:
Root is the only user for my TrueNAS.
Click to expand...
That generally does not make sense and the expectation is that you'll have non-root users, with the specifics depending on the data, of course.

kamhoe said:
If I create a new user, TrueNAS doesn't allow "/mnt/" as home directory & I won't be able to access all my Pools, right?
Click to expand...
Create symlinks in the user's home directory to wherever you need to go. You're not actually chrooted in there unless explicitly configured as such.

I think we may have some communication issue here, though. "Locally" and "port forward" do not go together, so I'd recommend explaining your needs in a bit more detail, because the advice above is given in the simplistic tone that work well for a local network, but not for the internet.
 
kamhoe

kamhoe

Dabbler
Joined
Mar 30, 2016
Messages
26
Ericloewe said:
That generally does not make sense and the expectation is that you'll have non-root users, with the specifics depending on the data, of course.


Create symlinks in the user's home directory to wherever you need to go. You're not actually chrooted in there unless explicitly configured as such.

I think we may have some communication issue here, though. "Locally" and "port forward" do not go together, so I'd recommend explaining your needs in a bit more detail, because the advice above is given in the simplistic tone that work well for a local network, but not for the internet.
Click to expand...
Sorry for the misunderstanding!

Here is my situation, I use SFTP everyday from my home network or remotely from my work. I don't have any problem to access all my Pool1, Pool2, Pool3 with my root account.

But root account isn't recommended for SSH/SFTP & I would like to prevent the risk as much as possible.

So, my question is:
If I create a new user for SSH/SFTP but "/mnt/" is not allowed as the home directory, how can I access all the Pool1, Pool2, Pool3 that located under "/mnt/"?
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
kamhoe said:
So, my question is:
If I create a new user for SSH/SFTP but "/mnt/" is not allowed as the home directory, how can I access all the Pool1, Pool2, Pool3 that located under "/mnt/"?
Click to expand...
As, I said, make whatever symlinks you need.

That said, since this is supposed to happen over the internet, make sure that:
  1. Password authentication is disabled
  2. TrueNAS is updated
  3. You're using some random, obscure port
  4. The key pairs are solid and obsolete types (i.e. DSA) are not in use
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
kamhoe said:
If I create a new user for SSH/SFTP but "/mnt/" is not allowed as the home directory, how can I access all the Pool1, Pool2, Pool3 that located under "/mnt/"?
Click to expand...
Are SFTP users chrooted by default? I think not, so you just navigate around the filesystem as you please ...
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
You must log in or register to reply here.

Similar threads

R
  • Locked
SOLVED Can't SSH from outside the LAN
Replies
11
Views
4K
cyberjock
C
Jason Chilson
  • Locked
FreeNAS Access Remotely
Replies
2
Views
1K
Ericloewe
Ericloewe
S
  • Locked
Plex all of a sudden not accessible locally and remotely!
Replies
3
Views
822
SweetAndLow
SweetAndLow
J
SOLVED How do I edit a file in a plugin's jail?
Replies
7
Views
2K
jfarms
J
C
Why is it so hard to get ssh working?
Replies
5
Views
3K
cheekymonkey
C
Top