Savaneprod/SavaneWiki
1
0
Fork 0
Code Pull Requests Releases Activity
Files
fd30c861c92a21876be450c55b902366a0301621
SavaneWiki/site/Synology/2019-09-01-access-synology-with-ssh-asymetrical-key/index.html

241 lines
11 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="canonical" href="https://docs.savaneprod.fr/Synology/2019-09-01-access-synology-with-ssh-asymetrical-key/" />
<link rel="shortcut icon" href="../../img/favicon.ico" />
<title>Se connecter en SSH au Synology à l'aide d'une clef asymétrique. - Savanewiki</title>
<link rel="stylesheet" href="../../css/theme.css" />
<link rel="stylesheet" href="../../css/theme_extra.css" />
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/styles/github.min.css" />
<script>
// Current page data
var mkdocs_page_name = "Se connecter en SSH au Synology \u00e0 l\u0027aide d\u0027une clef asym\u00e9trique.";
var mkdocs_page_input_path = "Synology/2019-09-01-access-synology-with-ssh-asymetrical-key.md";
var mkdocs_page_url = "/Synology/2019-09-01-access-synology-with-ssh-asymetrical-key/";
</script>
<!--[if lt IE 9]>
<script src="../../js/html5shiv.min.js"></script>
<![endif]-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/highlight.min.js"></script>
<script>hljs.highlightAll();</script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href="../.." class="icon icon-home"> Savanewiki
</a><div role="search">
<form id ="rtd-search-form" class="wy-form" action="../../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" title="Type search term here" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul>
<li class="toctree-l1"><a class="reference internal" href="../..">Home</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Synology</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../">Liens relatifs à l'utilisation de Synology DSM.</a>
</li>
<li class="toctree-l1 current"><a class="reference internal current" href="./">Se connecter en SSH au Synology à l'aide d'une clef asymétrique.</a>
<ul class="current">
<li class="toctree-l2"><a class="reference internal" href="#generation-de-la-clef-ssh">Génération de la clef SSH.</a>
</li>
<li class="toctree-l2"><a class="reference internal" href="#transfert-de-la-clef-sur-le-synology">Transfert de la clef sur le Synology.</a>
</li>
<li class="toctree-l2"><a class="reference internal" href="#modification-de-la-configuration-de-sshd">Modification de la configuration de sshd</a>
<ul>
<li class="toctree-l3"><a class="reference internal" href="#le-serveur-ssh">Le serveur ssh.</a>
</li>
<li class="toctree-l3"><a class="reference internal" href="#redemarrage-du-service-sshd-depuis-linterface-dsm">Redémarrage du service sshd depuis l'interface DSM.</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../2019-12-16-wildcard-lets-encrypt-certificate/">Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../2020-12-04-borg-backup/">Sauvegarde externalisée grâce à Borg Backup</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../2021-02-06-restore-time-machine-backup/">Restaurer un mac depuis une sauvegarde Time machine.</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Ansible</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../Ansible/2023-10-01-nextcloud-docker-update-from-ansible/">Mise à jour de Nextcloud docker par Ansible</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../Ansible/2023-11-14-savanewiki-plubication/">Publication de Savanewiki</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Linux</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../Linux/2019-07-09-manipulations-LVM/">Manipulations LVM</a>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../about/">About</a>
</li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="Mobile navigation menu">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../..">Savanewiki</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content"><div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../.." class="icon icon-home" aria-label="Docs"></a></li>
<li class="breadcrumb-item">Synology</li>
<li class="breadcrumb-item active">Se connecter en SSH au Synology à l'aide d'une clef asymétrique.</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div class="section" itemprop="articleBody">
<h1 id="se-connecter-en-ssh-au-synology-a-laide-dune-clef-asymetrique">Se connecter en SSH au Synology à l'aide d'une clef asymétrique.</h1>
<h2 id="generation-de-la-clef-ssh">Génération de la clef SSH.</h2>
<ul>
<li>On génère la clef :</li>
</ul>
<pre><code class="language-bash">ssh-keygen -o -b 521 -t ecdsa -C &quot;mon login que je n'ai plus envie de saisir&quot;
</code></pre>
<ul>
<li><code>-t ecdsa</code> pour l'agorithme de signature numérique basé sur une courbe elliptique (Elliptic Curve Digital Signature Algorithm)</li>
<li><code>-b 521</code> pour le nombre de bits.</li>
<li>
<p><code>-C "quelquechose"</code> pour savoir à quoi sert cette clef. Généralement on y met le nom d'utilisateur lié ou une adresse courriel.</p>
</li>
<li>
<p>Quand on exécute la commande :</p>
</li>
</ul>
<pre><code class="language-bash"># Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_ecdsa): /home/user/.ssh/syno_key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
# Your identification has been saved in /home/user/.ssh/syno_key
# Your public key has been saved in /home/user/.ssh/syno_key.pub
# The key fingerprint is:
# SHA256:IjVg4Tu0/qiLP7MC3TBFluQeEo7jQSWrKu8HgpYLai4 mon login que je n'ai plus envie de saisir
# The key's randomart image is:
#+---[ECDSA 521]---+
#| oo+Bo |
#|.oo*o. |
#|ooo.= o |
#|o.++ = . |
#|oo.+* . S |
#|*oo..o . |
#|B.... |
#|E=o .o |
#|==BB. . |
#+----[SHA256]-----+
</code></pre>
<p>Ce qu'il est bon de faire. C'est de tout de suite sauvegarder le couple de clef. La privée surtout. Avoir défini un mot de passe sur la clef permet d'augmenter son niveau de protection. Il faut se souvenir du mot de passe, bien entendu.</p>
<h2 id="transfert-de-la-clef-sur-le-synology">Transfert de la clef sur le Synology.</h2>
<ul>
<li>Ça tombe bien. Il existe aussi une commande pour ça.</li>
</ul>
<pre><code class="language-bash">ssh-copy-id -i /home/user/.ssh/syno_key.pub mon-login@mon-syno
</code></pre>
<ul>
<li>
<p>On copie bien la clef publique, hein ! La clef privée est, et doit, restée privée bien au chaud.</p>
</li>
<li>
<p>Particularité du Synology, il stocke la clef à un endroit pas commun :</p>
</li>
</ul>
<pre><code class="language-bash">/var/services/homes/mon-login/.ssh/authorized_keys
</code></pre>
<ul>
<li>Si on veut impressionner, il y a possiblité de transférer la clef de la manière suivante :</li>
</ul>
<pre><code class="language-bash">ssh mon-login@mon-syno &quot;/bin/cat &gt;&gt; /var/services/homes/mon-login/.ssh/authorized_keys&quot; &lt; /home/user/.ssh/syno_key.pub
</code></pre>
<ul>
<li>Vérifier les droits des fichiers :</li>
<li><code>sudo -i</code></li>
<li><code>chmod 711 /var/services/homes/mon-login</code> (755 à l'origine)</li>
<li><code>chmod 700 /var/services/homes/mon-login/.ssh</code> (700 à l'origine)</li>
<li><code>chmod 600 /var/services/homes/mon-login/.ssh/authorized_keys</code> (644 à l'origine)</li>
</ul>
<h2 id="modification-de-la-configuration-de-sshd">Modification de la configuration de sshd</h2>
<h3 id="le-serveur-ssh">Le serveur ssh.</h3>
<p><code>vi /etc/ssh/sshd_config</code>
- Les trois lignes suivantes sont importantes :</p>
<pre><code class="language-bash">RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
</code></pre>
<h3 id="redemarrage-du-service-sshd-depuis-linterface-dsm">Redémarrage du service sshd depuis l'interface DSM.</h3>
<p><img alt="Synology control pannel. Where to stop and start sshd service." src="../sshd_restart.png" /></p>
</div>
</div><footer>
<div class="rst-footer-buttons" role="navigation" aria-label="Footer Navigation">
<a href="../" class="btn btn-neutral float-left" title="Liens relatifs à l'utilisation de Synology DSM."><span class="icon icon-circle-arrow-left"></span> Previous</a>
<a href="../2019-12-16-wildcard-lets-encrypt-certificate/" class="btn btn-neutral float-right" title="Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.">Next <span class="icon icon-circle-arrow-right"></span></a>
</div>
<hr/>
<div role="contentinfo">
<!-- Copyright etc -->
</div>
Built with <a href="https://www.mkdocs.org/">MkDocs</a> using a <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" aria-label="Versions">
<span class="rst-current-version" data-toggle="rst-current-version">
<span><a href="../" style="color: #fcfcfc">&laquo; Previous</a></span>
<span><a href="../2019-12-16-wildcard-lets-encrypt-certificate/" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
<script src="../../js/jquery-3.6.0.min.js"></script>
<script>var base_url = "../..";</script>
<script src="../../js/theme_extra.js"></script>
<script src="../../js/theme.js"></script>
<script src="../../search/main.js"></script>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
View Git Blame Copy Permalink