In order to stay in sync with our community of users, we will continue to actively listen to your feedback and relay it to our development and product teams. In this dedicated column, we will share the proposed solutions and updates for you!
We have recently received some feedback from the community regarding SMB share permissions and SSH access. We greatly value your input and would like to delve deeper into these areas.
What We Plan to Do
When ZimaCube is shipped in March, SSH access will be disabled by default. However, users will have the option to enable it once they enter the system. We are actively working to address the security issues related to SMB, and in the future, we will definitely consider incorporating SMB permission management capabilities.
What we want to hear
Your feedback is important to us, and we would appreciate hearing your thoughts and suggestions on how we can improve in these aspects.
We would appreciate your input on the following points:
1. Why do you require SSH access?
In what situations do you typically utilize SMB and SSH access?
Are there any specific tasks or workflows where these features are crucial for your needs?
2. Regarding the current implementation of SMB and SSH access in ZimaCube/ZimaOS:
What are your impressions of the current SMB and SSH access functionality?
Are there any particular enhancements or additional features you would like to see in this regard?
Please share with us:
Together, let’s make ZimaCube/ZimaOS an even better collaborative experience. Share your feedback with us today!
1.) I run a multiple pc environment and sometimes need to backup files from them or to fetch files from a central repository. All my pcs are Windows I need smb. SSH has helped and continues to assist gauge the health of ZimaOs. Currently the user interface is insufficient short of installing apps like NetData. There will also be some applications that are better configured using ssh.
2.) The current SMB is alright if I am the only one on my network and I block the Zima from internet access using a security system. Otherwise, anyone on the network can edit my files whenever they want. The ssh username and password are public information on the internet and grant the user complete access. The only security is the operating system and not my files.
To use tools like rsync when needed. Also to perform remote shutdown via ansible. I use it all the time to shutdown my home servers safely when the power goes down.
A safer implementation of ssh is needed. Instead of using a username and password, it should use public key authentication. When zimaos ships you can provide a web UI to turn on ssh and supply the public key. Password-based authentication to ssh should be discouraged and disabled by default in the ssh config.
SSH:
Mainly for monitoring and health checks - also to make backups of config files/directories prior to OS update.
I would like to set my own username and pass, plus use public key based auth - this is a no brainer
SMB
I’d like to specifiy fine grained user/password authentication - ideally manage this and SSH access via the same interface, and allow creation of a user and personal share that they are chrooted into, then allow us to selectively add permissions on other shares
I think the current access is bad. The the plan is better but I feel more work is needed.
Most NAS offer users/permissions, Have things link a Home folder for each user that is stored in a Homes folder. Not sure what all is in the plans but there should also be a way to turn on more than just SMB things like NFS,AFP,TimeMachine backups,WebDAV