Get a Quote     (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode
TrueNAS.com Software Systems Company Community Security iX Portal Download

  1. Documentation Hub
  2. /
  3. TrueNAS SCALE
  4. /
  5. SCALE Tutorials
  6. /
  7. System Settings
  8. /
  9. Services
  10. /
  11. Configuring SSH Service
Edit this page

Configuring SSH Service

  2 minute read.

Last Modified 2022-12-12 10:52 -0500

The SSH service lets users connect to TrueNAS with the Secure SHell Transport Layer Protocol. When using TrueNAS as an SSH server, the users in the network must use SSH client software to transfer files with SSH.

Allowing external connections to TrueNAS is a security vulnerability! Do not enable SSH unless you require external connections. See Security Recommendations for more security considerations when using SSH.

Configuring SSH Service

To configure SSH go to System Settings > Services, find SSH, and click to open the basic settings General Options configuration screen.

ServicesSSHBasicSettingsGeneralOptions

Configure the options as needed to match your network environment.

We recommend you add these SSH service options in Auxiliary Parameters:

  • Add NoneEnabled no to disable the insecure none cipher.
  • Increase the ClientAliveInterval if SSH connections tend to drop.
  • Increase the ClientMaxStartup value (10 is default) when you need more concurrent SSH connections.

Remember to enable the SSH service in System Settings > Services after making changes. To create and store specific SSH connections and keypairs, go to Credentials > Backup Credentials.

Using SSH File Transfer Protocol (SFTP)

SFTP (SSH File Transfer Protocol) is available by enabling SSH remote access to the TrueNAS system. SFTP is more secure than standard FTP as it applies SSL encryption on all transfers by default.

Go to System Settings > Services, find the SSH entry, and click the to open the Services > SSH basic settings configuration screen.

ServicesSSHBasicSettingsGeneralOptions

Select Allow Password Authentication and decide if you need Log in as Root with Password.

SSH with root is a security vulnerability. It allows users to fully control the NAS remotely with a terminal instead of providing SFTP transfer access.
Review the remaining options and configure them according to your environment or security needs.

Using SFTP Connections

Open an FTP client (like FileZilla) or command line. This article shows using FileZilla as an example.

Using FileZilla, enter SFTP://{TrueNAS IP} {username} {password} {port 22}. Where {TrueNAS IP} is the IP address for your TrueNAS system, {username} is the administrator login user name, and {password} is the adminstrator password, and {port 22} to connect.

SFTP does not offer chroot locking. While chroot is not 100% secure, lacking chroot lets users move up to the root directory and view internal system information. If this level of access is a concern, FTP with TLS might be the more secure choice.

Related Content