Secure your unRAID SSH Access and Tunnel using PuTTY (2024)

I've seen bits of this covered in other posts but haven't found one PuTTY specific. (Or maye I should get my eyes checked).

Never the less there are many reasons you want to use a Key Pair to access your unRAID server via SSH compared to using just a username and password.

This is especially true if you'd like to access your server via the internet. Another benefit to doing this is the use of Tunnels. Using SSH you can tunnel into just about anything. Take this example below.

Secure your unRAID SSH Access and Tunnel using PuTTY (1)

If you wanted to Access unRAID via SSH, the Windows Desktop, or any of your containers you would need to go into your router and forward all their ports, for each of the services you wanted to access.

So not only will SSH give you get secure access to your unRAID server, but you will also be able to tunnel into any of the containers on your unRAID box, or any machine on your home network for that matter. All traffic sent over this connection will also be encrypted given you another layer of security! Be warned, that leaving port 22 opened on your router without disabling password authentication is not a good idea. Many hackers scan WAN IP addresses and if they find famously opened ports they will continuously try accessing SSH via root and a bunch of different passwords.

First things first you will need to Forward Port 22 on your router to your unRAID server. All this does is, if you would like to access your unRAID box over the internet. You will send a request to your Router's WAN IP Address or Dynamic DNS address (Out of scope of this article but covered here). When the SSH Request hits your router, your router will forward that request onto your unRAID server.

1. Get DocGyver's SSH Config Tool

This will make starting and stopping the SSH Daemon as well as tweaking your SSH Settings a breeze. When you're ready head over to Community Apps and search for "SSH Config Tool". Once installed you can Access the Config Tool under Settings > Network Services > SSH

Secure your unRAID SSH Access and Tunnel using PuTTY (2)

2. Get PuTTYGen and Generate your Keys

A key pair is made up of a Private Key and a Public Key. The public key pretty much be given to anyone as its well, public. However make sure that your private key is safe and do not distribute it.

Secure your unRAID SSH Access and Tunnel using PuTTY (3)

This is admittedly an over simplification, but basically your Public Key will be put onto your unRAID box and the Private Key will be kept on your machine. When you try to access your server over SSH, your Server will match the Public Key against the Private Key. If it's a match it will let you in. If you need to access more than one server, all you need to do is put your Public Key on said server and you can use the same Machine / Private Key to access it.

Secure your unRAID SSH Access and Tunnel using PuTTY (4)

After you Donwload PuTTY and PuTTYGen

  1. launch PuTTYGen and click on Generate.
  2. You will be requested to move your mouse cursor over the window to generate some randomness
  3. Enter a Key Passphrase and Confirm Passphrase (This protects your Private Key in case someone gets their hands on it)
  4. Click Save Private Key, and choose a destination (Name it id_rsa.ppk for extra points)
  5. [optional] Click Save Public Key, and choose a destination (Name it id_rsa.pub for extra points)

Here's where the first problem comes in. For some reason PuTTY doesn't save the Public Key in the correct format so just taking it from the saved file and putting it on the server won't work. Leave this window open for now we'll come back to it.

3. Put your Public Key onto unRAID and Persist it

SSH into your unRAID box using PuTTY as normal and type the following:

 nano /root/.ssh/authorized_keys

Now go back to your PuTTYGen window and select all the text in the Public key for pasting into Open SSH authorized_keys fileSection.

  1. Press Ctrl + C to copy the key to your clipboard
  2. Go back to your PuTTY window and right click into the window (this will paste the key into the correct file which is in the Nano editor)
  3. Press Ctrl +X to exit
  4. Press Y to save the file

Give the file and directory the correct permissions by typing:

chmod 600 /root/.ssh/authorized_keyschmod 700 /root/.ssh

If you have more than one machine that you'd like to grant access you can put their Public Keys in the same file. However, Make sure each one is on the next line! One problem here is that on reboot this file will be lost so we must persist it!

To do that let's first copy the authorized key file somewhere where it can be retrieved.

cp /root/.ssh/authorized_keys /boot/config/ssh/

Now open your Go file (which runs on boot by typing)

nano /boot/config/go

This file runs whenever your unRAID server boots up after we make these changes it will ensure that your authorized_keys file is restored even after you restart your server. Paste the following in the end of the file

mkdir /root/.sshchmod 700 /root/.sshcp /boot/config/ssh/authorized_keys /root/.ssh/chmod 600 /root/.ssh/authorized_keys

4. Turn off SSH Password Authentication

Open your unRAID UI and head over to the SSH Config Tool we downloaded above. If you need to make a change you must first Set Enable SSH Service to No. Once disabled make the following changes:

Password Authentication = No

Click Apply and Re-Enable your SSH Service.

Secure your unRAID SSH Access and Tunnel using PuTTY (5)

If you try to access your unRAID server using username and password now your unRAID server should refuse. Good! Let's fix that.

5. Add your Private Key to PuTTY.

Open PuTTY, type your Host Name, choose a Save Sessions name and click save. A seved session will ensure that we don't have to keep typing your IP Address, as well as save the location of your private key file.

  1. In the tree on the left navigate to Connection > SSH > Auth.
  2. Click on Browse and find the Private Key file we generated earlier.
  3. In the tree on the left navigate to Session
  4. Click Save

Secure your unRAID SSH Access and Tunnel using PuTTY (6)

And that's pretty much it.

  1. Now try to login via SSH.
  2. unRAID will ask you which user you'd like to login as, you should type root.
  3. unRAID will ask you for the passphrase for your Private Key File (which we created earlier)
  4. It will let you in!

Secure your unRAID SSH Access and Tunnel using PuTTY (7)

6. Tunnel like a champ

So you've accessed your unRAID box via the internet. And you'd like to access the web UI on one of your containers. Or maybe you'd like to access another device on your network. Well using a simple Tunnel, you can do just that. In our example diagram above we see we have a Resilio Sync Docker Container with the WebUI port of 8888.

To Create a Tunnel to that container and access its UI via the internet:

  1. Open PuTTY and Load your Session that we saved above.
  2. Navigate to Connection > SSH > Tunnels
  3. Choose an arbitrary Source Port (I like to start at 50001 to avoid conflict)
  4. Choose a destination (in our case IP_ADDRESS_OF_UNRAID:PORT)
  5. In the tree on the left navigate to Session
  6. Click Save

At this point you may have to close your SSH Session and reopen it again. Once that's done, open your favourite browser (Which should be anything other than Edge or Internet Explorer) and in the web address type:

http://127.0.0.1:50001

What's basically happening here is that we're sending a request to our Local machine, on por 50001. Which is the port we have open for our SSH Tunnel. PuTTY then redirects that request via the SSH connection to the destination we specified above which is our Resilio Sync Docker Container. And just like that. You've got yourself a Tunnel. No fancy port forwarding needed. Nice and secure over an encrypted line. Give yourself a cookie.

Secure your unRAID SSH Access and Tunnel using PuTTY (8)

So give it a shot. Many companies use this approach to accessing services in their network and is sometimes referred to as a Bastion Host or Jump Box. I've covered it a little more in depth on one my articles here.

Thanks to everyone on this postfor all the guidance in getting this setup. Happy Secure Shelling!

Secure your unRAID SSH Access and Tunnel using PuTTY (2024)
Top Articles
Latest Posts
Article information

Author: Frankie Dare

Last Updated:

Views: 5787

Rating: 4.2 / 5 (73 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Frankie Dare

Birthday: 2000-01-27

Address: Suite 313 45115 Caridad Freeway, Port Barabaraville, MS 66713

Phone: +3769542039359

Job: Sales Manager

Hobby: Baton twirling, Stand-up comedy, Leather crafting, Rugby, tabletop games, Jigsaw puzzles, Air sports

Introduction: My name is Frankie Dare, I am a funny, beautiful, proud, fair, pleasant, cheerful, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.