Securing WDMyCloud SSH

Posted by:

Secure and Harden Root Access

First thing first, change the wdmycloud default root password.The default password is welc0me. The least you can do is to change this one to something more reasonable. If you were to monitor the incoming request especially to the SSH port 22 alone, you’ll be shocked to see lots of invalid logins.

Note: check attack list with following.

tail -f /var/log/sshd.log
root@wdmycloud:~#  passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Add a New User

Creat a new admin user with following:

usermod -aG administrators username
echo "username ALL=(ALL) NOPASSWD: ALL">>/etc/sudoers
sudo su #make sure the new user can login

Change SSH Setting to Enable New User and Disable Root Login

Make sure the new user is granted with sudoer right

nano /etc/ssh/sshd_config
# Authentication:
LoginGraceTime 120
# PermitRootLogin yes (comment out & add below)
PermitRootLogin without-password
# StrictModes yes (comment out & add below)
StrictModes no
#following needed ??
AllowUsers root username
service ssh reload

Generate Key for WDMyCloud

SSH key generation for WD MyCloud.

root@wdmycloud:~# mkdir -pm700 /root/.ssh
root@wdmycloud:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):[Enter]
Enter same passphrase again:[Enter]
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
6e:09:19:ca:6b:8b:d5:b9:3a:05:21:b7:e4:20:b2:b4 root@wdmycloudThe key's randomart image is:
+--[ RSA 2048]----+
|                 |
|o.o +            |
|oo.* o.          |
|.E .+. o         |
|    o.o S        |
|     o.+ .       |
|    +.o +        |
|   +.. o         |
|  . oo.          |
+-----------------+
root@wdmycloud:~# cat /root/.ssh/id_rsa.pub|echo>/root/.ssh/authorized_keys
root@wdmycloud:~# chmod 640 /root/.ssh/authorized_keys

Append the Public Key from Another Host (Generate SSH Key for Host if not Done yet)

Access from another host:

$ cat ~/.ssh/id_rsa.pub | ssh root@wdmycloud-ip 'cat >> /root/.ssh/authorized_keys'

Enter password the last time

From now on, you can login WDMyCloud without password.

ssh root@wdmycloud-ip

And, Edit remotely with Emacs

For more, see: http://www.gnu.org/software/emacs/manual/html_node/emacs/Remote-Files.html

#from Emacs
C-x C-f /ssh:root@wdmycloud-ip:/usr/share/whatever
0

Add a Comment