If you are like me, you use your TerraMaster NAS proficiently. By this I mean you use its full capabilities like SSH and SCP. But sadly the TerraMaster has changed their policy with the latest update.

With the latest version, 4.2.28-220119172 they enabled a lot of cool features, one being PAM, which blocks a user if they login with a bad password more than 3 times. However they enabled a feature I am not too fond of: SSH is not limited only to the Admin account. This means that if you had other users who logged into SSH, after the update, after attempting to login into an account other than admin, after a few tries you till get this message:

There is a fix… not official, and I could not find it in the forums… In fact TerraMaster’s
official stance is “Admin only”. But I need other users… I use my NAS remotely, extensively, while at work, while on the road, as do a few users I have granted access. I also have my webserver backups that go to my user every night, so “Admin Only” is not an option. So I found a way around it…

Step 1 – Enable SSH

The first step is to enable SSH, after the update, it automatically disables it. The default went form port 22 to port 9222, so you will have to edit this. Under Control Panel > Network Services > Terminal & SNMP > Telnet/SSH select Allow SSH Access, change the port to the one you wish, I use the default 22 (on my local LAN), and then click Apply

Step 2 – Add users to sshd_config

Now we need to change the sshd_config file, as it is what is blocking other users from logging in. SSH into your server as admin. Once logged in, sudo -i to get to the root account.

Then you need to edit the file /etc/ssh/sshd_config and add your users you wish to have access:

Save the file and proceed to the next step.

Step 3 – Disable and Re-enable SSH in TOS

Log back into your TOS and disable SSH in Control Panel > Network Services > Terminal & SNMP > Telnet/SSH and apply, then reenable it again.

You should now be able to log back in again as an allowed user.

Step 4 – Unblock your account if you are blocked

So as mentioned, chances are you are here because you got blocked… and even after enabling you account to access SSH, you sill get the blocked message. This is because of the new PAM feature… which is separate from SSHD.

You can unlock you account with some of the follwing:

Check if you are banned

Log back SSH as admin and change to the root account, then tun the following:

To unblock, you can run the following:

Now you should be able to login without issues.

Special Note

The update did a lot more than just disallow users from logging in. It may have deleted your SSH keypair allowing password-less login, so you will need to re-enable it.

Also if you used to have a banner when logging in, you will have to redo it, as the config was completely overwritten.

UPDATE

Something I noticed as well about the update… is everything that was in /home/user was moved to /home/user/home which is why the SSH keys no longer work. DO NOT MOVE IT BACK. If you move all your file back into /home/user you will not be able to access the files via the samba shares. I do not have a fix for this as the config file always gets rewritten reverting any changes you have made.