Introduction

Running a Network Attached Storage (NAS) server can be an easy way to centralise data within your home network. It could be a sold ready to go out the box NAS server, like the offerings from TerraMaster or Synology, or it could be any computer hardware with a decent amount of storage and a NAS operating system like TrueNAS Core. Whatever it looks like they are all doing the same thing, exactly what it says on the tin, storage accessible over a network.

In my home setup I have a TerraMaster NAS providing my centralised storage functionality. Whilst configring my backup processes from my main TerraMaster NAS to my backup TrueNAS Core NAS I ran into a problem. By default, the TerraMaster Operating System (TOS) will only allow the default Administrator account to connect to the server over Secure Shell (SSH). I didn’t want to configure the administrator credentials on my backup server when all that was needed was read permissions to a specific directory. So I had to do some digging to figure out how to allow a non-admin user to have an SSH login permissions.

Section I – Configuration

Login to your TerraMaster NAS using the web Graphical User Interface (GUI) as the default Admin user created when the NAS was setup Navigate to the ‘Control Panel’. Under the ‘Network Services’ section select ‘Terminal & SNMP’. Tick the ‘Allow SSH access with username and password’ box and then click ‘Apply’.

Within the web GUI create the new basic user account. Navigate to ‘Control Panel’. Under the ‘Privileges’ section select ‘User’. Click the ‘+’ to create a user and make sure that the user is part of the correct group and has permissions on the correct storage locations for your setup.

Using a terminal of your choice connect to the SSH port of your NAS, the default is 9222, and login using the Admin user credentials.

Annoyingly it is not as simple as editing the sshd configuration file and adding your new user to the allowed users list. This is because whenever the SSH service is started a script is run to remove any user from the configuration bar the default Admin. To get around this open the following file:

vi /etc/init.d/ssh_service

NOTE: the file to edit within TOS version 6 is:

vi /usr/share/ssh/ssh_prepare

Look for the following block of code within the file:

# replace admin to $admin
          if [ ! -z "$admin" ]; then
                  sed -i "/AllowUsers/cAllowUsers $admin" /etc/ssh/sshd_config
          fi

Now add a space after the Admin user variable and then add the username of your newly created user:

# replace admin to $admin
          if [ ! -z "$admin" ]; then
                  sed -i "/AllowUsers/cAllowUsers $admin <USERNAME>" /etc/ssh/sshd_config
          fi

If you try to connect as the new user via SSH now you will be able to authenticate properly, however, you will just get booted straight out of the SSH session. This is because any user except the default Admin user has a shell set to nologin. You can confirm this with the following command:

cat /etc/passwd | grep -e “<USERNAME>”

Change the shell of the user with the following command:

chsh -s /bin/bash <USERNAME>

Section II – Wrap Up

Now that you have done all the necessary configuration, you should be able to connect to your TerraMaster NAS via SSH using a non-default Admin account. This configuration will remain persistent after SSH service restarts as well as server restarts.

What I would recommend is once you are done with the requirement for any user to connect to your NAS sever via SSH then turn the service off. It is an unnecessary port and service to have open and available even if just on your local home network. Another recommendation is to make sure that you change the SSH port from 9222 to another port.