2020-11-05

QNAP firmware 4.5.1.1465: disable ssh management menu

as a good boy i just upgraded my QNAP NAS to the latest available firmware, 4.5.1.1465, but after the reboot there's an ugly surprise awaiting for me

once i ssh'd into the box to do my stuff, instead of a familiar bash prompt i'm greeted by a management menu that allows me to perform some basic management tasks or quit it and go back to the shell. i dont really need this menu (in particular because i have automations that regularly ssh into the box and they are not meant to be interactive).

to disable it: edit /etc/profile and comment the line "[[ "admin" = "$USER" ]] && /sbin/qts-console-mgmt -f" (you can judge me later for sshing as root)

UPDATE (2020-12-26): as pointed out in the comments, and discovered now after an upgrade, the menu comes back up after because /etc/profile is a system file for QNAP so gets replaced/updated by them often

9 comments:

Iustin Pop said...

Well, is there any other way than SSH-ing as root? I had for a brief time a QNAP, but sold it as I found out that it's very restrictive environment, and I wasn't able to actually add a non-root user for SSH.

Too bad, the hardware was pretty neat.

Sandro Tosi said...

tbh, i dont know and never cared to check: i'm on with sshing as root

PaPo said...
This comment has been removed by the author.
PaPo said...

there is.
in cca 2018 QTS, SSH users is an option in Control Panel > Network > Telnet

but also, or before that:
enable it in ssh server config /etc/config/ssh/sshd_config add username in AllowUsers
then define sudoers in a file in path /usr/etc/sudoers.d, trick is that the second one is tmpfs, search how to edit autorun to add the file on each boot.

But to confess I still use root (admin) to SSH in WinSCP while local.

and yes, QNAP's security is rubbish, but so is Synology's and what would you do?
Below all that it's still linux, we are free to enable, disable, modify what we want.

gromlix said...
This comment has been removed by the author.
gromlix said...

The menu is started with "/sbin/qts-console-mgmt -f" in the last line of /etc/profile. You can delete this line and have freedom. - At least until the next update... ;-)

PaPo said...

did you try restart yet since your hack? ;)
it's "embedded" system, files come back each boot.

Megatron555 said...

Hello, how do you modify the scripts if the new menu comes out through ssh? I made those modifications by ssh, now I don't know how to do it. I have created a new user, I have given him permissions for sshi and with that user if I get the usual bash console, but I have no privileges to do anything. I use sudo but the password is not that of the admin account with which I enter through the web. Am I lost? Can you help me?

Sandro Tosi said...

Megatron555, you're probably better off by just using admin; but if you want to explore a different user, i suggest to follow up with the QNAP forums or user support channels.