My understanding of SSH is that the public key resides on the server and the private key on the client so that the private key represents outgoing connections from client to server.
I was surprised to find therefore that in trying to set up my NAS device (Qnap TS209 ProII) for SSH login, it asks me to put my private key on the NAS server. Can anybody explain why this might be the case?
Maybe because they want to be able to allow more than one client to login, using the public key. In that case anybody who has the public key can login.
It doesn’t have to be your personal private key. It can be the private part of a key pair you generate just for the use of the NAS.
Hi and thanks for the suggestion. I understand your point but thought that sshd could run with multiple keys. I am sure Tectia can as it tries all key files in the directory until successful or not as the case may be. I assumed OpenSSH could do this similarly too.
Will need to read up a bit more. Meanwhile, however, if it is normal server daemon running on the NAS it should work the conventional way round but access is limited by the way web management interface is set up. Looks like some trial and error is required.
Thanks again,
Budgie
It’s probably as you note due to the way they have set up the ssh facility, instead of allowing many keys to be uploaded one for each legal user, they have decided to only allow one private key to be entered via the web interface. In other words, their equivalent of the “authorized_keys” file in openssh (if in fact they are not actually using openssh) is only allowed to hold one key for ease of web interface management.
Right. Having explored the NAS administration interface further I am now even more confused because it appears I have to upload a private key and an SSL Certificate. Certainly not OpenSSH. I have found a “how to” on the NAS Wiki which explains how to install true OpenSSH but seems quite complex and I am not yet confident I can do it.
Thanks again.
Budgie