Securing TrueNAS Scale with key-based Authentication

Leave a Comment / Basics / By

Note that SSH is considered insecure bur if you must log into the consle temotely then using keys is more secure than passwords.

1. Prerequisites

If you have been following along you should have completed the initial install of TrueNAS Scale and the early configuration. All configurations of TrueNAS Scale should be undertaken through the GUI but occasionally it is useful to log in to a shell command line. Next, we will configure login using a public/private key. We can then disable password login for the admin user, thus enhancing security.
First you need to generate the SSH keys. The easiest way to do this is to use PuTTY. This is described here.

2. Configure TrueNAS Scale for SSH.

In TrueNAS Scale navigate to System Settings > Services and enable SSH.

Screenshot of the 'Services' section within a system configuration interface showing various services with toggles for 'Running' and 'Start Automatically'.

3. Configure users to use SSH with key-based authorization

In TrueNAS Scale navigate to Credentials > Local Users and click the dropdown next to the admin user. Then select Edit.

Screen displaying a 'Users' section under 'Credentials' with two user accounts listed: a built-in root account and an admin account identified as a 'Local Administrator.'
Expanded details for an 'admin' user in a system's credentials interface, displaying user information including the home directory, shell type, email, and sudo permissions.

You can now paste the public key you generated here into the Authorized Keys box.

User interface for editing a local administrator account, showing fields for name, email, password, groups, directory permissions, and authentication settings including SSH key upload

4. Testing the keys

Once you have installed the public key click Save. Now test the installation as shown here.

5. Securing the user account

Finally go back to the  user (Credentials > Local Users > admin, and check that SSH password login enabled is not checked.

A close-up of the 'Authentication' section in a server's settings interface, displaying an authorized SSH key with a partial key visible, a button to upload a new SSH key, and an option indicating SSH password login is disabled.

Next, configure the storage on your TrueNAS Scale.

Leave a Comment

Scroll to Top