Menu Close

SSH Keys With Synology NAS: Setup Tutorial

SSH Keys on Synology NAS

SSH keys are a great way to securely login to your NAS without requiring password authentication! In this tutorial we are going to cover setting up SSH Keys on Synology NAS from DSM. This will work with both MAC and PC (and linux of course).

Configure Settings

First, log in to DSM. Open your Control Panel.

Under Advanced Mode, go to Terminal and SNMP and click Enable SSH Service. Leave on Port 22 and click Apply.

Back in the Control Panel, go to User -> Advanced and click Enable user home service. Click Apply.

SSH Setup

Open Terminal if you are using a Mac. With a PC, you will need to use a service like Putty.

On your Synology, type ssh ‘user_name’@IP address to connect to Synology via ssh. Then type sudo

vim /etc/ssh/sshd_config to edit the SSH config file.

In the config file, remove ‘#’ from lines: PubkeyAuthentication and AuthorizedKeysFile .

Hit escape and then type :wq! to save and quit.

Now return to the Control Panel and toggle ‘Enable SSH Service” back off and then back on again. This will log you back out of the Synology.

Next, open Terminal on your local Mac, and type ssh-keygen -t rsa to generate new SSH keys using RSA encryption.

Hit enter again to leave it in the default directory.

Leave the passphrase blank.

Type

ssh-copy-id ‘user_name’@IP address

to copy the SSH Key over to the Synology.

Now you can log on to Synology using the SSH key instead of a password.

A Note about Security

This setup allows you to access your Synology without using a password by using the SSH Key instead. You can add a passphrase if you would like for added security, but then you will have to enter the passphrase each time you access your NAS. I am not too worried about leaving the passphrase blank here because we are going to be working locally instead of over the internet. You will want to add a passphrase if you are going to be working over the internet.

Posted in Synology

Related Posts

Leave a Reply

%d bloggers like this: