|
Post by thorstense on Nov 23, 2007 14:28:12 GMT 7
Hello! I’m the owner of Thecus N5200 with Firmware 2.00.01 and 4 HDD’s in Raid 5. I have installed the Module “SYSUSER” and activate it but I can’t see the system folders / files or can’t logon as user sys. Logon as user sys only in the web disk but I can’t see the system folders / files. Logon via FTP don’t go because the user sys has no permission. How I can use the Module “SYSUSER” user sys and logon similar as root user to show all files from the N5200 Best regards, Thorsten :-)
|
|
|
Post by peterfu on Nov 23, 2007 18:24:46 GMT 7
Hi Thorsten, the SYSUSER module should be used together with the SSHD module to give You the opportunity to login via SSH to a linux console. br Peter
|
|
|
Post by thorstense on Nov 23, 2007 18:43:43 GMT 7
Hi Peter,
thanks for your answer!
I have only Windows (XP & Vista) PC's how I can use a SSHD? Is it not possible to access the N5200 via FTP or HTTP with root user rights?
Best regards, Thorsten :-)
|
|
|
Post by peterfu on Nov 23, 2007 20:17:23 GMT 7
Hi Thorsten, You need a SSH Client - a popular one is putty, which is free ( see www.chiark.greenend.org.uk/~sgtatham/putty/ ). Actually full access to the system area of the N5200 via FTP or HTTP is not possible, which makes sense, cause You are able to damage the whole system and the N5200 is a NAS not a full open linux box. Also editing linux files with windows editors destroys the files for usage within linux - unless You use special editors for that. Many areas of the system are in any way write protected, but some areas might be modified and you may screw up the whole system. So if You login as sys with root privileges be sure what You are doing. br Peter
|
|
|
Post by thorstense on Nov 24, 2007 6:13:44 GMT 7
Hallo Peter! Sure I know it's important to know what you change at the system as root level user. But my question results from the HTTPS Security Certificate from Thecus. If I open the Webinterface over https Windows Vista IE7 not accept the Thecus Security Certificate "The Security Certificates is not Valid". If I try to install the HTTPS Security Certificate the IE7 don't accept them So I have ask:How can I get a valid Certificate or how I must install them?The answer was:Thorsten, you will find the certificate/private key in /app/etc/httpd/conf/ssl.crt/server.crt resp. ssl.key/server.key. To install another certificate (either issued by a CA such as Verisign or a self signed certificate) simply replace the two server.* files and add the certificate of the issuing CA to ssl.crt/ca-bundle.crt (optional).
Further details are available from http ://httpd.apache.org/docs/2.0/ssl/Sorry this answer was to high for my knowlege but I like to fix the IE7 Security warning over HTTPS. Do you have an idee to fix my problem? Best regards, Thorsten :-)
|
|
|
Post by fajo on Nov 25, 2007 6:44:45 GMT 7
If I try to install the HTTPS Security Certificate the IE7 don't accept them Installing (and thereby trusting) the certificate will not help since the browser checks the URL host/domain/ip against the certificates subject and subject alternatives (subjectAltName attributes). Do you have an idee to fix my problem? The only way to get rid of the warning is to generate your own certificate and let this one sign by a already trusted certificate authority (expensive ;o). Instead of letting someone sign your certificate you may create your own CA and sign you server certificate using that one - you will have to add your self-signed certificate to your list of trusted root certificate authorities for this to work. Or simply let your server certificate itself... For your server certificate you will have to add the fully qualified hostname you are using in your URL to access the box to the subjects CN attribute. If you access the box by its ip address you will have to use the subjectAltName extended attribute. You will find a lot of links on the net with howto's on how to do all this actually - most of them require at least a basic knowledge of OpenSSL. Here is one more complete one: www.eclectica.ca//howto/ssl-cert-howto.php/Falk
|
|
|
Post by thorstense on Nov 25, 2007 17:17:02 GMT 7
Hello Falk,
thanks for your answer.
So I see it's to difficult to install a valid certificate on the Thecus.
But otherwise I ask me why the Thecus has a preinstalled certificate if I can't use it???
So for me the HTTPS port 443 is not nessesarry and I will close the Service.
Best regards, Thorsten :-)
|
|
|
Post by fajo on Nov 25, 2007 23:40:31 GMT 7
So I see it's to difficult to install a valid certificate on the Thecus. It is actually more difficult to create a valid certificate then to install it on the box. Installation is done by copying the 3 files over to the box. But otherwise I ask me why the Thecus has a preinstalled certificate if I can't use it??? You can use it - you still get transport layer encyption to protect your username, password and the content you transfer over the network. Of course, since the private key is well known everyone able to record your network traffic can decrypt it but it is still more secure then not using it. It would be a good idea to allow the administrator to either create or at least install a certificate through the Web UI. May be a module will become available that does even this ;o) So for me the HTTPS port 443 is not nessesarry and I will close the Service. If you open your box to the internet I recommend to use https instead of http despite of the certificate warning you receive. /Falk
|
|
|
Post by dmc02766 on Aug 1, 2013 2:28:23 GMT 7
Not to be bringing up a very old thread intentionally (this is the only one I could find with this information) although I am curious as to how to load the newly created crt file to the thecus nas folders? I have putty running with the SSH / SYS modules installed and am able to connect to it fine. I also already have an ssl cert created, I just need to copy the files over to the NAS and am not sure how to go about doing that. Any help would be appreciated...
|
|
|
Post by dmc02766 on Aug 1, 2013 5:04:07 GMT 7
Nevermind- after fighting with it I figured it out. Here are the steps that I took incase anyone else winds up looking for how to install a security cert on a thecus n5200:
1: Create a CSR using OpenSSL: Install openssl then type openssl req -new -nodes -keyout server.key -out server.csr -newkey rsa:2048 Once this command is put in it will ask for the information to create the cert. Upon completion, it should have a server.csr file in the C:\openssl-win32\bin folder. This can be pasted into any of the SSL cert providers (I used godaddy) request system to create your ssl certificate. 2. You will need to put your newly created cert in a folder on the NAS. Browse the NAS via windows explorer and put it into a folder (I put mine in a folder called NAS_DATA that I created earlier as a share on the unit). 3. Connect to the unit via putty. Log in using your sys login. Once connected you will need to move the new cert to the location of the old cert making sure that when you move the new one, you rename it the same thing that the old was. I copied the old a folder named "old" that was a sub folder of NAS_DATA. To do this:
Copy the old files first (type the below command) cp /app/etc/httpd/conf/ssl.crt/server.crt /raid0/data/NAS_DATA/OLD cp /app/etc/httpd/conf/ssl.crt/ca-bundle.crt /raid0/data/NAS_DATA/OLD cp /app/etc/httpd/conf/ssl.key/server.key /raid0/data/NAS_DATA/OLD
The above command has copied the files from their original location to a folder named OLD on a share named NAS_DATA
Now you will need to move the new certs and overwrite the old. I deleted the old first then moved them but I would imagine you could just over write them. To do it how I did: rm /app/etc/httpd/conf/ssl.crt/server.crt rm /app/etc/httpd/conf/ssl.crt/ca-bundle.crt rm /app/etc/httpd/conf/ssl.key/server.key (the above deleted the files, now we need to move our new cert which we previously named the same thing as the ones we deleted. My new ones are located in the share named NAS_DATA)
cp /raid0/data/NAS_DATA/server.crt /app/etc/httpd/conf/ssl.crt/ cp /raid0/data/NAS_DATA/ca-bundle.crt /app/etc/httpd/conf/ssl.crt/ cp /raid0/data/NAS_DATA/server.key /app.etc.httpd/conf/ssl.key/
(notice the last one is going to ssl.key not ssl.crt like the first two)
This should now have your new key installed onto the system and your old key backed up. On mine, when I had godaddy create my ssl cert I received server.crt and gd_bundle.crt I renamed gd_bundle to ca-bundle before starting. At this point just type "reboot" into your terminal window and the unit should reboot. When it comes back up, you should be able to access your NAS via the HTTPS FQDN (making sure that when you submitted for your cert that you had the name put in exactly as you would access it from the internet) and it should show a valid ssl on it.
Hope this helps someone install a cert on their thecus box- I spent half the day figuring this out so I hope it will help someone else avoid it.
|
|