Preamble
This instruction is based on two following sites: http://www.linuxproblem.org/art_9.html http://teanazar.com/2015/10/securing-wdmycloud-ssh-ftp-remote-access/
Secure and Harden Root Access
First thing first, change the wdmycloud default root password.The default password is welc0me. The least you can do is to change this one to something more reasonable. If you were to monitor the incoming request especially to the SSH port 22 alone, you’ll be shocked to see lots of invalid logins.
Note: check attack list with following.
|
1 2 3 |
tail -f /var/log/sshd.log |
|
1 2 3 4 5 6 |
root@wdmycloud:~# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully |
Add a New User
Creat a new admin user with following:
|
1 2 3 4 5 |
usermod -aG administrators username echo "username ALL=(ALL) NOPASSWD: ALL">>/etc/sudoers sudo su #make sure the new user can login |
Change SSH Setting to Enable New User and Disable Root Login
Make sure the new user is granted with sudoer right
|
1 2 3 4 5 6 7 8 9 10 11 |
nano /etc/ssh/sshd_config # Authentication: LoginGraceTime 120 # PermitRootLogin yes (comment out & add below) PermitRootLogin without-password # StrictModes yes (comment out & add below) StrictModes no #following needed ?? AllowUsers root username |
|
1 2 3 |
service ssh reload |
Generate Key for WDMyCloud
SSH key generation for WD MyCloud.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
root@wdmycloud:~# mkdir -pm700 /root/.ssh root@wdmycloud:~# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):[Enter] Enter same passphrase again:[Enter] Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 6e:09:19:ca:6b:8b:d5:b9:3a:05:21:b7:e4:20:b2:b4 root@wdmycloudThe key's randomart image is: +--[ RSA 2048]----+ | | |o.o + | |oo.* o. | |.E .+. o | | o.o S | | o.+ . | | +.o + | | +.. o | | . oo. | +-----------------+ root@wdmycloud:~# cat /root/.ssh/id_rsa.pub|echo>/root/.ssh/authorized_keys root@wdmycloud:~# chmod 640 /root/.ssh/authorized_keys |
Append the Public Key from Another Host (Generate SSH Key for Host if not Done yet)
Access from another host:
|
1 2 3 |
$ cat ~/.ssh/id_rsa.pub | ssh root@wdmycloud-ip 'cat >> /root/.ssh/authorized_keys' |
Enter password the last time
From now on, you can login WDMyCloud without password.
|
1 2 3 |
ssh root@wdmycloud-ip |
And, Edit remotely with Emacs
For more, see: http://www.gnu.org/software/emacs/manual/html_node/emacs/Remote-Files.html
|
1 2 3 4 |
#from Emacs C-x C-f /ssh:root@wdmycloud-ip:/usr/share/whatever |
OCT
About the Author:
Beyond 8 hours - Computer, Sports, Family...