How to configure SSH access without passwords using WinSCP?

[NASn00b]

Hello, I have FreeNAS 8.0.3 64bit with Multimedia. Everything seems OK. I can access the system with WinSCP and PuTTy and FileZilla using passwords. The SSH service is turned on. I have used PuTTy-gen to generate private and public RSA keys on my client. The piece I'm struggling with, is how to get the public key to the right place on the FreeNAS server. I have tried creating .ssh/authorized_keys in the $HOME directories of various users and copying in the public key string but no successful authorizations have resulted. I'm really hoping I can do it through the web GUI. Can anyone guide me? (also curious why FreeNAS GUI has 'settings' fields available for private keys but no public keys)

 

[NASn00b]

Progress!

OK well i've partially answered my own post. I found the public key field in the user account set up. So I pasted my public key but still no successful authentication as yet. Any suggestions gratefully received.

 

[NASn00b]

A solution which by-passes the GUI

and finally ..... I've answered my own question. The basic issue is that the pasting of public keys into the GUI introduces some spurious characters, probably 'line feeds', which prevent SSH from reading the public key correctly. I discovered this when working from a Mac client where it was necessary to paste directly in to the authorized_keys file, hence bypassing the FreeNAS GUI and any Windows shenanigans.

I haven't actually tested whether it is the GUI or the pasting mechanism that is the problem. However my tip is to SSH into the relevant FreeNAS account using password authentication, use WinSCP to edit the $HOME/.ssh/authorized_keys file. Then simply paste in the public key making sure no line feeds are present and removing any comments or extraneous text - one line only per key. Just for information I generated my keys using the default Puttygen settings for a SSH-2 RSA 1024 bits on Windows and "keygen -t rsa" from the MAC OS/X Lion command line.

Once you have done this, you can disable password logins from the GUI and away you go with secure key based authorization. Hope this helps someone else.

 

[James]

This is a known issue and supposed to be fixed in 8.2. I haven't checked yet to see if it is working in BETA3.

 

[SmallGuy]

Hello,

ssh and key autothentification is very confusing!
Have met the same trouble using PuttyGen to create the private an public keys on Windows and unfortunatly unable to paste the content of the Public key inside the ssh plugin GUI setup (because there is only a HostPrivate key field...????).
Found this topic and realise that I have to paste inside the public key field in the user account set up!
(of course!!!! I think something is missing on the documentation for this point to help newbee like me).

But it was not enough, because on Windows some caracters are added at the end of each line of the key file (which aren't readable through the FreeNAS console).

The workaround I have done is to edit the authorized_keys file:
-Use the user setup GUI pasting the "corrupt" publickey, which create the authorized_key file for the user at the root of its own home directory (folder .ssh).
-Edit the authorized_key file with "vi" (dd and "shift"+J commands are very usefull).
-Set the owner:group to the user:usergroup
-Set the mode to rw- for the user only (chmod 600).

Another way is to copy the public key on Freenas at the top of the user home directory and use the "cat" command to put the content of the Publickey file inside the authorized_key file which have been previously empty.
Then edit the authorized_key file to make it clean. Remove the initial Publickey file.

The content of the file begin like this for a rsa public key:
ssh-rsa ABCD.......

If you use PuttyGen to generate the key you have to remove the first two lines:
"---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-201xxxxx"
and the last one:
"---- END SSH2 PUBLIC KEY ----"

Be sure you have remove the special caracters added by Windows at the end of each line. The key has to be in one and unique line inside the FreeNAS authorized_key file.

I have do that for root user and can now connect without password authentifcation turn on.
For security purpose I recommand to set up a passphrase when generate the private and public key (private key is in this case not usefull for an hacker without the passphrase).

Thanks to NASn00b for this topic.
Hope this help!