Technology
Leave a comment

Set up SSH key pairs to access FreeNAS jails

Ssh_binary_packet_alt

Beginning from having SSH enabled in your jail, this is one way of setting up public/private key pair authentication for further access.

In this example, my jail is called jail_1, and my user name is user.

Create SSH key pair

SSH into the jail using user/password authentication, or access the jail’s shell via FreeNAS GUI, then:

user@jail_1:~ % ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

After setting your pass phrase, the output will look like:

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa user@jail_1
The key's randomart image is:
+--[ RSA 4096]----+
|              |
|               |
|             |
|           |
|       |
|   |
| |
| |
| |
+-----------------+

Install the public key

The following steps will install the public key for use in the FreeNAS jail.

user@jail_1:~ % cat ~/.ssh/id_rsa.pub | ssh user@jail_1 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
The authenticity of host 'play_1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is 25:5f:57:39:aa:82:b5:c2:51:ef:c6:12:44:25:33:02.
Are you sure you want to continue connecting (yes/no)? yes

At this point, there will be a warning and a prompt for the password of the jail’s user

Warning: Permanently added 'jail_1' (ECDSA) to the list of known hosts.
Password for user@jail_1:

Once the password is provided, the public key has been installed.

Add private key for authentication

I use PuTTY on Windows 10 to SSH into the FreeNAS jail. The following process will be different depending on your SSH client.

First, copy the private key off the FreeNAS jail to the client machine. This is the id_rsa file that has been created in /home/user/.ssh/

This private key is not in a format that PuTTY can use, so we have to convert it to .ppk. This can be done with PuTTYgen:

putty_key_generator

First, go to menu File > Load private key and load the id_rsa file. You should get the following prompt:

key-imported

Then, go to menu File > Save private key. Enter the associated passphrase and save a .ppk key file.

Now, go to PuTTY and attach the .ppk file to the SSH session by going to Connection > SSH > Auth and browse to the file.

Done

You can now access FreeNAS jail via SSH using private key authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *