Settings

[hamishmb]

Attached are the current development settings for the NAS in human-readable form, and a backup of all the system settings the NAS currently uses.

Note for SSH configuration: Now irrelevant, see latest posts

You need to login as "admin", with the same admin password used for the web login. The NAS uses the old ssh-dss algorithm. To manually enable it, to be able to SSH in, add this option:

Code: Select all

-oHostKeyAlgorithms=+ssh-dss

To the command.

EDIT:

Also now attached is the current version of sshd_config used on the NAS box, just to make clear where the host key is stored, as this is a manual override to avoid using the default (insecure) host key.

EDIT 2:

Deleted attachments. Use the files at https://wmtprojectsforum.altervista.org ... /NAS%20Box.

[hamishmb]

Another note for SSH: Now irrelevant, see latest posts

Every time the NAS reboots, you get this message upon trying to reconnect through SSH:

Code: Select all

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
SHA256:******.
Please contact your system administrator.
Add correct host key in /home/<username>/.ssh/known_hosts to get rid of this message.
Offending DSA key in /home/<username>/.ssh/known_hosts:35
  remove with:
  ssh-keygen -f "/home/<username>/.ssh/known_hosts" -R "<ip>"
DSA host key for <ip> has changed and you have requested strict checking.
Host key verification failed.

I'm not sure why this happens, but it can be solved easily by running:

Code: Select all

ssh-keygen -f "/home/<username>/.ssh/known_hosts" -R "<ip>"

As the error suggests.

[hamishmb]

NOTE: Both of the above issues have now been resolved by using the custom-built SSH server, and running it on port 22 on startup. The built-in SSH server has been disabled.

[hamishmb]

Note:

In order to SSH in, you currently have to use public key authentication. The NAS box currently only has my public key, so when we install it, we will have to add other ones as well.

To use scp, SSH in to the NAS box and initiate the copy from there - it doesn't work the other way around at the moment.

[hamishmb]

Note:

Terry and I currently both have our SSH keys installed on the NAS box. If anyone else wants SSH access, they'll have to create an SSH keypair (if needed) and get Terry or me to set it up.

[hamishmb]

Attached are the SQL commands needed to create the database users. in case of a system failure.

Note that the adminiface and visitoriface users don't yet have secure passwords.

EDIT: Moved to https://wmtprojectsforum.altervista.org ... 0Box/Setup

[TerryJC]

Excellent Hamish.

One query. Is there any reason why the valves are referred to as 'valve4', 'valve6', etc when they are called 'V4' and 'V6' in config.py?

Similarly, but not quire the same, `hanhampi` is called G3 in config.py.

[hamishmb]

The valves do actually have a v in there too - so they're "valvev6" instead of "valve6"

I wanted to use slightly longer names like wbuttspi instead of G4 and hanhampi instead of G3 because it's more apparent what they are to anyone having to debug the system.

[TerryJC]

Ok.

[hamishmb]

Just noting for future reference that the procedure for setting up and adding more SSH public keys is available here: https://www.ssh.com/ssh/keygen/