Enabling SSH for a TrueNAS jail

calendar November 15, 2020 nav_categories Tech nav_categories Networking nav_tags ssh nav_tags sshd nav_tags truenas nav_tags truenas jail

Generally not a good idea from a security standpoint, but if you have a lot of CLI work to do in a FreeNAS jail, it can make life easier.

If nothing else, seeing a lot more data on the screen, and being able to copy/paste commands has it's advantages.

Steps:

  1. Enable sshd:

    sysrc sshd_enable="YES"
sshd_enable: NO -> YES

  2. Start sshd:

    service sshd start

  3. Add a user, and note that the new user must be a member of the wheel group in order to use the su command:

    adduser
Username: jailuser
Full name: Jail User
Uid (Leave empty for default):
Login group [jailuser]:
Login group is jailuser. Invite jailuser into other groups? []: wheel
Login class [default]:
Shell (sh csh tcsh git-shell zsh rzsh nologin) [sh]: csh
Home directory [/home/jailuser]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : jailuser
Password   : *****
Full Name  : Jail User
Uid        : 1002
Class      :
Groups     : jailuser wheel
Home       : /home/jailuser
Home Mode  :
Shell      : /bin/csh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (jailuser) to the user database.
Add another user? (yes/no): no
Goodbye!

  4. Set the jail root password to allow users to use su:

    passwd
Changing local password for root
New Password:
Retype New Password:

  5. Once you're done, stop sshd, and disable the service, as a "best practice":

    service sshd stop

    sysrc sshd_enable="NO"
ssh_enable: YES -> NO

Reference

FreeNAS 11.3-U5 User Guide - Accessing a jail using ssh https://www.ixsystems.com/documentation/freenas/11.3-U5/jails.html#accessing-a-jail-using-ssh