- How to SSH with DSM password
- How to generate a key pair
- How to add public key to NAS
- How to SSH with an RSA key
- How to add key to Windows Security Context
Windows user? See Windows: OpenSSH
- DSM > Control Panel > Terminal & SNMP > Terminal tab
- Enable SSH Service = True/checked
- Port = 7022
- DSM Control Panel > Security > Firewall tab
- Ports > Custom = 7022/TCP
- See Network Reference for initial NAS firewall rules
- Home Services is enabled - see NAS Setup
ssh wcdogg@192.168.1.209 -p7022
passwordSynology requires an RSA key with 4096 bits - this is not the default.
# Log in to SSH server
ssh wcd@wcdPC
# Generate 4096 bit key of type rsa
ssh-keygen -t rsa -b 4096
# Save path = C:\Users\wcd/.ssh/wcd_nas_rsa4096
# Passphrase = none
# Copy SHA256 fingerprint to password manager# SSH with password to NAS
ssh wcdogg@192.168.1.209 -p7022
# SSH drops you into your home directory - confirm
pwd
# Or you can cd there with either of these
cd /volume1/homes/wcdogg
cd /var/services/homes/wcdogg
# Create .ssh directory if it doesn't exist
mkdir -p .ssh
# Create an authorized_keys file if it doesn't exist
cd .ssh
ls -la
touch authorized_keys
# Back up to home
cd ..
# Change home dir permissions to drwx------
chmod 700 .
# Change .ssh dir permissions to drwx------
chmod 700 .ssh
# Change authorized_keys file permissions to -rw-------
chmod 600 .ssh/authorized_keysIn a separate PowerShell not SSHed to NAS:
# Note the lowercase drive and reversed slashes in Windows path
# Requires NAS password
scp -P 7022 c:/Users/wcd/.ssh/wcd_nas_rsa4096.pub wcdogg@wcdNAS:/volume1/homes/wcdogg/.ssh/In original PowerShell that is SSHed to NAS:
# Append key
cd .ssh
cat wcd_nas_rsa4096.pub >> authorized_keys
# View file
cat authorized_keysOne-time edit of /etc/ssh/sshd_config.
# Edit this file
# Last time we need NAS password :)
sudo -i
nano /etc/ssh/sshd_config
# Uncomment these lines
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
# Change this line to NO
PasswordAuthentication no
# Save file
Ctrl+X -> Y -> Enter
# View file
cat /etc/ssh/sshd_config- DSM > Control Panel > Terminal & SNMP > Terminal tab
- Disable SSH + Apply
- Enable SSH + Apply
# SSH with key file
ssh -i ~/.ssh/wcd_nas_rsa4096 wcdogg@192.168.1.209 -p7022You can stop here. The remaining steps are for adding your key to Windows Security Context so you don't have to pass in the key file.
# Folder from NAS to PC
scp -r "2004 Christmas" [email protected]:d:/PhotosIn a second PowerShell as admin:
# Back up authorized_keys
Copy-Item "C:\ProgramData\ssh\administrators_authorized_keys" -Destination "C:\ProgramData\ssh\old_administrators_authorized_keys"
# Restore authorized_keys (in case of mistake)
Copy-Item "C:\ProgramData\ssh\old_administrators_authorized_keys" -Destination "C:\ProgramData\ssh\administrators_authorized_keys"
# If needed, start SSH Agent
# I have this in my PS profile so it auto-starts
Get-Service ssh-agent | Set-Service -StartupType Manual
Start-Service ssh-agent
Get-Service ssh-agent
# Add private key to Windows security context
ssh-add C:\Users\wcd\.ssh\wcd_nas_rsa4096
# Append public key to authorized_keys
cat C:\Users\wcd\.ssh\wcd_nas_rsa4096.pub >> C:\ProgramData\ssh\administrators_authorized_keys
# At this point you would typically delete the private key
# Don't do this yet - we need it for PuTTY
# Leave public key in C:\Users\wcd\.sshAt this point you can SSH without passing in the key file or using a password.
ssh wcdogg@192.168.1.209 -p7022Add this to your PowerShell user profile - and not the global profile.
# SSH to NAS
function NAS {ssh wcdogg@192.168.1.209 -p7022}
# Now you can SSH with this command
NAS
nas