使用情境描述:
(1) 在 Synology NAS 中,建立一個 ID: backup 的一般使用者,僅可以透過 SFTP 方式,上傳備份資料至 內網的 Synology NAS 上.
(2) 在內網的各 Windows 主機皆透過 ID: backup 及 ssh key 檔,以 SFTP方式登入 NAS, 上傳備份檔.
(3) 以下測試以 WinSCP UI 方式,進行功能驗證,上線再改用 WinSCP CLI + Batch 進行自動備份.
Synology NAS/DSM 預設是不能用一般使用者帳號,透過以 SSH 方式登入,所以必需先以管理者ID方式登入,透過 vi 的設定方式,將 ID: backup 暫時可以使用 bash shell login .
(這不是官方正式的作法,而是用一般Linux的操作行為,這裡只是便宜行事)
比較正常的做法-->可能是先將 ID: backup 變成 admin 的群組,在 ID: backup ssh 登入後,生出相關的ssh key 後,再切回一般的使用者群組.
操作記錄如下:
root@DSM:~# su - backup
su: failed to execute /sbin/nologin: No such file or directory
root@DSM:~# vi /etc/passwd
#預設這個帳號是不能登入 ssh 的
backup:x:1027:100::/var/services/homes/backup:/sbin/nologin
#設定成暫時可以 ssh ,在建出 ssh 相關 key 檔後,記得要改回原設定.
backup:x:1027:100::/var/services/homes/backup:/bin/sh
root@DSM:~# su - backup
backup@DSM:~$ id
uid=1027(backup) gid=100(users) groups=100(users)
backup@DSM:~$ pwd
/var/services/homes/backup
backup@DSM:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/services/homes/backup/.ssh/id_rsa):
Created directory '/var/services/homes/backup/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/services/homes/backup/.ssh/id_rsa
Your public key has been saved in /var/services/homes/backup/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:oCUaIsXjhksKqB2Xcr5ifUhDbsxaCRaTghTuUP5wqlM backup@DSM
The key's randomart image is:
+---[RSA 3072]----+
|o++. |
|++* |
|==++o.o |
|BoBB=+ . |
|=*E%o. S |
|+o. @ |
|o * + |
| .+ + . |
| . . . |
+----[SHA256]-----+
backup@DSM:~$ pwd
/var/services/homes/backup
backup@DSM:~$ cd .ssh
backup@DSM:~/.ssh$ ll
total 8
drwxrwxrwx+ 1 backup users 32 Aug 18 12:41 .
drwxrwxrwx+ 1 backup users 8 Aug 18 12:41 ..
-rwxrwxrwx+ 1 backup users 2590 Aug 18 12:41 id_rsa
-rwxrwxrwx+ 1 backup users 564 Aug 18 12:41 id_rsa.pub
backup@DSM:~/.ssh$ cat id_rsa.pub > authorized_keys
backup@DSM:~/.ssh$ chmod 700 authorized_keys
backup@DSM:~/.ssh$ ls -la
total 12
drwxrwxrwx+ 1 backup users 62 Aug 18 12:43 .
drwxrwxrwx+ 1 backup users 8 Aug 18 12:41 ..
-rwx------ 1 backup users 564 Aug 18 12:43 authorized_keys
-rwxrwxrwx+ 1 backup users 2590 Aug 18 12:41 id_rsa
-rwxrwxrwx+ 1 backup users 564 Aug 18 12:41 id_rsa.pub
backup@DSM:~/.ssh$
backup@DSM:~/.ssh$ cat id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
..........
KEY......
..............
-----END OPENSSH PRIVATE KEY-----
https://www.puttygen.com/download-putty
==> puttygen.exe
沒有留言:
張貼留言