Basics

Securing TrueNAS Scale with key-based Authentication

Peter

06 Apr 2024 — 2 min read

Note that SSH is considered insecure bur if you must log into the consle temotely then using keys is more secure than passwords.

1. Prerequisites

If you have been following along you should have completed the initial install of TrueNAS Scale and the early configuration. All configurations of TrueNAS Scale should be undertaken through the GUI but occasionally it is useful to log in to a shell command line. Next, we will configure login using a public/private key. We can then disable password login for the admin user, thus enhancing security.
First you need to generate the SSH keys. The easiest way to do this is to use PuTTY. This is described here.

2. Configure TrueNAS Scale for SSH.

In TrueNAS Scale navigate to System Settings > Services and enable SSH.

Screenshot of the 'Services' section within a system configuration interface showing various services with toggles for 'Running' and 'Start Automatically'.

3. Configure users to use SSH with key-based authorization

In TrueNAS Scale navigate to Credentials > Local Users and click the dropdown next to the admin user. Then select Edit.

Screen displaying a 'Users' section under 'Credentials' with two user accounts listed: a built-in root account and an admin account identified as a 'Local Administrator.'

Expanded details for an 'admin' user in a system's credentials interface, displaying user information including the home directory, shell type, email, and sudo permissions.

You can now paste the public key you generated here into the Authorized Keys box.

User interface for editing a local administrator account, showing fields for name, email, password, groups, directory permissions, and authentication settings including SSH key upload

4. Testing the keys

Once you have installed the public key click Save. Now test the installation as shown here.

5. Securing the user account

Finally go back to the user (Credentials > Local Users > admin, and check that SSH password login enabled is not checked.

A close-up of the 'Authentication' section in a server's settings interface, displaying an authorized SSH key with a partial key visible, a button to upload a new SSH key, and an option indicating SSH password login is disabled.

Next, configure the storage on your TrueNAS Scale.

Coming soon

This is RyeRoxley, a brand new site by Peter that's just getting started. Things will be up and running here shortly, but you can subscribe in the meantime if you'd like to stay up to date and receive emails when new content is published!

How to install Dockge

What is Dockge? Dockge is a free, open-source, and user-friendly web interface for managing container and Compose files. It streamlines managing existing projects, setting up new ones, and interacting with running containers through an interactive terminal. Dockge also supports managing multiple Docker hosts within a single web UI. Developed by

How to Install Docker on Jailmaker

Summary This guide provides step-by-step instructions on how to install and configure Docker on Jailmaker. It includes setting up Docker, configuring network interfaces, and ensuring proper dataset organization and permissions. This guide is intended for users who are familiar with TrueNAS Scale and Docker. Table of Contents 1. Prerequisites 2.

How to Install Jailmaker on TrueNAS Scale

Jailmaker is a Docker-related program designed to enhance security and isolation by creating confined environments, often referred to as "jails," within a system. These jails can securely run applications or processes with restricted permissions, minimizing the risk of those applications affecting the rest of the system. Table of