synology: ssh

the synology’s nas boxes have their own will concerning ssh.

enable ssh service:

  1. at first one needs to enable the ssh service within the web-gui (link: synology.com)
  2. now login with the user: admin

the admin user has root privileges within the web-gui but inside the console only user privileges, but with sudo one can gain root privileges.

to enable ssh for other users. (note: this works only temporarily bc. after reboot the system resets the passwd file – crazy?!)

  1. open passwd file: sudo vim /etc/passwd
  2. change shell for specific user
    1. last column of the specific user’s row: /sbin/nologin -> /bin/sh

to make it a lot more secure one should login via ssh keyfiles. this needs setup within the the sshd config file. (note: ssh needs restrictive rights for the personal ~/.ssh folder and the setup on my box was somehow screwed up (synologys acl?). that’s why: StrictMode no… )

  1. open sshd config: sudo vim /etc/ssh/sshd_config
  2. change following properties:
    1. enable authentication by keyfile: PubkeyAuthentication yes
    2. load allowed client list: AuthorizedKeysFile %h/.ssh/authorized_keys
    3. disable folder’s rights checking: StrictModes no
    4. disable login via password: PasswordAuthentication no
  3. copy one’s public key (from the client machine) (link: digitalocean.com)
    • from linux: ssh-copy-id
    • from mac: scp
    • from windows: ?
  4. restart sshd on the synology box
    • synology fucked up the underlying OS such that one cannot restart the service via commandline (no init.d scripts, and their own commands (synosystemctl or so) doesnt do the job. the ssh service didnt restart…)…
    • two options:
      • restart the whole box
      • disable and enable the ssh service inside the web-gui

 

Advertisements

1 thought on “synology: ssh”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s