I am clearly missing something, and am probably blinded by many years of 'nix/FreeBSD habits, so please feel free to point out where I have missed the obvious. I have spent quite a bit more time than usual reading TrueNAS-specific documentation that doesn't quite address my situation. If you have a link to something that pertains to the situation described below, I'd love to know about it.
I find myself quite at loss without a config file to be able to edit. For example, one of our standard practices is to disable password authentication for SSH, which I am loath to do on these two TrueNAS boxes until I understand the implications for all the bits that rely on it (even once I find out which check boxes in what parts of the GUI have the desired effects, and no undesired side-effects).
So...
I have set up SSH connections on two TrueNAS 13 boxes in order to replicate datasets from one to the other. That part works fine
I am now attempting to give myself the ability to ssh from the root shell (GUI version) of either TrueNAS box to another 'nix / FreeBSD/TrueNAS box (I have many clients and multiple box/OS combinations).
I can ssh (as root) from any of my 'nix/FreeBSD boxes to either of the TrueNAS boxes by creating .ssh/authorized_keys in the /root directory and pasting my public key(s) in there. Same as I do to reach all all my other 'nix and FreeBSD boxes.
On the other hand, if I paste the public key for the root user of either TrueNAS box (created via System --> SSH Keypairs --> Add) into the /root/.ssh/authorized_keys files on any of those same 'nix/FreeBSD/TrueNAS boxes, I am unable to ssh (as root) from the shell of either TrueNAS box to any any of them (I am, however, able to do so with a password).
To summarize - inbound passwordless SSH as root to the TrueNAS boxes works as expected. Outbound passwordless SSH root from the TrueNAS boxes does not work.
Do I need to manually create /root/.ssh/id_rsa (and maybe /root/.ssh/id_rsa.pub) and paste into them the text of the respective private and public keys (from the previously generated keypair)? Is there an approved/documented way to have the system do this ("typo is my muddle name")?
Is there a reason root's home dir was not populated with the keys when System --> SSH Keypairs --> Add was invoked? Do I need to create a separate set of keys for the shell to use (ssh-keygen)? If so, what's the point of generating the keypair via the GUI?
The public key generated from the GUI that I am experimenting with is quite clearly identified as the one for root@TrueNASHostName.
And as a final question, is there a suitable backup strategy for modifications to the contents of /root, assuming such modifications are necessary?
TrueNAS version is TrueNAS-13.0-U2.
Thanks in advance!
d.
I find myself quite at loss without a config file to be able to edit. For example, one of our standard practices is to disable password authentication for SSH, which I am loath to do on these two TrueNAS boxes until I understand the implications for all the bits that rely on it (even once I find out which check boxes in what parts of the GUI have the desired effects, and no undesired side-effects).
So...
I have set up SSH connections on two TrueNAS 13 boxes in order to replicate datasets from one to the other. That part works fine
I am now attempting to give myself the ability to ssh from the root shell (GUI version) of either TrueNAS box to another 'nix / FreeBSD/TrueNAS box (I have many clients and multiple box/OS combinations).
I can ssh (as root) from any of my 'nix/FreeBSD boxes to either of the TrueNAS boxes by creating .ssh/authorized_keys in the /root directory and pasting my public key(s) in there. Same as I do to reach all all my other 'nix and FreeBSD boxes.
On the other hand, if I paste the public key for the root user of either TrueNAS box (created via System --> SSH Keypairs --> Add) into the /root/.ssh/authorized_keys files on any of those same 'nix/FreeBSD/TrueNAS boxes, I am unable to ssh (as root) from the shell of either TrueNAS box to any any of them (I am, however, able to do so with a password).
To summarize - inbound passwordless SSH as root to the TrueNAS boxes works as expected. Outbound passwordless SSH root from the TrueNAS boxes does not work.
Do I need to manually create /root/.ssh/id_rsa (and maybe /root/.ssh/id_rsa.pub) and paste into them the text of the respective private and public keys (from the previously generated keypair)? Is there an approved/documented way to have the system do this ("typo is my muddle name")?
Is there a reason root's home dir was not populated with the keys when System --> SSH Keypairs --> Add was invoked? Do I need to create a separate set of keys for the shell to use (ssh-keygen)? If so, what's the point of generating the keypair via the GUI?
The public key generated from the GUI that I am experimenting with is quite clearly identified as the one for root@TrueNASHostName.
And as a final question, is there a suitable backup strategy for modifications to the contents of /root, assuming such modifications are necessary?
TrueNAS version is TrueNAS-13.0-U2.
Thanks in advance!
d.
Last edited:
