I eventually found a forum post which has an interesting tip: But my NAS still stubornly asked me the password. Usually, the above steps are enough to make it work. On my client I did the following to first copy over my public key: scp -P ~/.ssh/id_rsa.pub then on the NAS SSH session: cat ~/id_rsa.pub > ~/.ssh/authorized_keys SSH then uses this public key to verify that your client machine is in posession of the private key. In that file, you must add the contents of your local ~/.ssh/id_rsa.pub. On the NAS, you must create a file ~/.ssh/authorized_keys: mkdir ~/.ssh Among which your private ( id_rsa) and public key ( id_rsa.pub). The result, by default, is some files in the folder ~/.shh. I'm using the Cygwin terminal on Windows, and I can generate a key pair using this command: ssh-keygen -t rsa -b 4096 -C the instructions here, they are for GitHub but they apply to everything that needs an ssh key: Generating a new SSH key If you have not done this already, you should probably check how to do this with whatever ssh client you are using. It's possible to restart the service using the following command: sudo synoservicectl -reload sshd Log in to your NAS using ssh: ssh -p the SSH server configuration file for editing: sudo vim /etc/ssh/sshd_configįind the following lines and uncomment them (remove the #): #RSAAuthentication yes So you should be able to skip this and jump to "Generate an SSH Key" Update september 2019: Thanks to "bogd" in the comments to point out Public Key Authentication is enabled by default even if the settings are commented out in sshd_config. If you use the default port of 22 you'll get a security warning later. Log in to the Synology Desktop and go to "Control Panel > Terminal & SNMP"Ĭheck "Enable SSH Service" and choose a non-default port. Thanks to "lvx" for this forum post with the solution: /enu/viewtopic.php?f=90&t=116726&p=441504#p427355! Setting up Key Based Authentication Normally Enable SSH Server The solution is to only allow read and execute to group and everyone: chmod 755 /volume1/homes/my-nas-user SSH doesn't allow that and throws an error while evaluating ssh key based login: Authentication refused: bad ownership or modes for directory /volume1/homes/my-nas-user The user's home directory, by default, has full read, write and execute permissions for everyone (777). If you already know how to normally set up ssh key authentication, here's the actual problem. ![]() DSM is the Operating System that runs on the NAS device. Sadly, I kept getting the request for a password. Make sure the public key is in ~/.ssh/authorized_keys.Make sure you have an SSH key on your client machine.Make sure you SSH daemon has Public Key Authentication enabled.Normally, setting this up is not a lot of work: In this post I explain how I made it work. I want to SSH into it using key-based authentication, but that seemed not supported by default. In the Terminal window, enable the SSH service option.I bought a synology NAS at home to store some stuff. To make shure the Icon Terminal & SNMP is visible, Advanced Mode is selected at the top right. In order for the terminal to be accessible via SSH, the SSH service must be activated in the DSM Control Panel, under Terminal & SNMP. Remember, changes to system files require knowledge of the function and its effects. With the admin password what sudo requires, the file sshd_config is loaded into the editor here.Īfter editing, press the keys Ctrl + X, nano asks if the change should be saved, which can be confirmed with Y if necessary, otherwise N can be selected. #3) With great power comes great responsibility. It usually boils down to these three things: We trust you have received the usual lecture from the local SystemĪdministrator. diskstation:/$ sudo nano /etc/ssh/sshd_config Now you can connect to diskstation with use a terminal like PuTTY and editing in the shell using nano, for example the SSH server configuration file. Nano used to be a separate package, but is now only available through the SynoCli File Tools package. The SynoCli File Tools package provides the following command-line utilities: less, tree, ncdu, jdupes, rhash, mc (midnight-commander), nano, file, detox, rmlint, rnm, pcre2, zstd. Enter SynoCommunity as the name, and insert the URL at location and click OK. and trusted publishers option.Ĭlick the Add button and add the package source. ![]() In the now open General under Trust Level, enable the Synology Inc. By clicking on the icon Package Center to open this, then click the Settings button.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |