RESOLVED: Logging into Synology SSH using a key instead of a password

Anything regarding SSL/SSH and other security questions may go here
Forum rules
Synology Community is the new platform for the enthusiasts' interaction, and it will soon be available to replace the Forum.
esojourn
I'm New!
I'm New!
Posts: 2
Joined: Mon Jun 19, 2017 8:50 am

Re: RESOLVED: Logging into Synology SSH using a key instead of a password

Unread post by esojourn » Mon Jun 19, 2017 8:52 am

You are my HERO! Thanks!!!

drueter@assyst.com wrote:One more note on accessing Synology's rsync via SSH from a remote machine:

Even after getting SSH set up and working as per my previous post, my Synology was returning an error when using rsync. (In my case I am connecting to the Synology from a FreeNAS box.)
freenas rsync: Permission denied, please try again.
freenas rsync: rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
freenas rsync: rsync: error in rsync protocol data stream (code 12) at io.c(226) [Receiver=3.1.2]
The "permission" in question isn't related to SSH: SSH login via key is working fine. Nor is the "permission" a file access permission on either the Synology or the FreeNAS. Instead the "permission" has to do with the rsync binary file on the Synology.

Evidently when using rsync from a remote client via SSH you must specify this rsync parameter: --rsync-path=/usr/bin/rsync

If executing rsync from the command line, do so like this:

Code: Select all

rsync -vrtplze ssh --progress --stats --rsync-path=/usr/bin/rsync MySynologyIP/volume1/MySynologySharedVolPath /MyLocalDirectory 
(Replace MySynologyIP with the actual IP address of the Synology, replace MySynologySharedVolPath with the actual Synology path you want to synchronize, and replace MyLocalDirectory with the path on the local client to which you want to syncronize.)

If setting up a FreeNAS Rsync Task, add --rsync-path=/usr/bin/rsync to the "Extra Options" field.

(This post helped me figure this out: https://forum.synology.com/enu/viewtopic.php?t=92627 )

This is another Synology quirk that should be documented, or resolved.

scornflake
I'm New!
I'm New!
Posts: 2
Joined: Sat Oct 24, 2015 9:33 am

Re: RESOLVED: Logging into Synology SSH using a key instead of a password

Unread post by scornflake » Tue Mar 27, 2018 8:49 am

Thank you very much! Very useful.

I was trying to get another NAS to backup "from" the synology. Could it log in? Nope. Could I get it to ssh in without a password? Nope.
Very 101. Hadn't realized the synology user/ssh persmissions were so very very borked.

So - thank you very much for this!
Simple, but very relevant (still, unfortunately... you'd have hoped by 2018 that a users folder permissions would be correct for ssh, but alas).

If you're ever in Wgth NZ - ping me and I'll buy you a "beverage of choice"!

lowdmt
I'm New!
I'm New!
Posts: 1
Joined: Mon Apr 16, 2018 10:59 pm

Re: RESOLVED: Logging into Synology SSH using a key instead of a password

Unread post by lowdmt » Mon Apr 16, 2018 11:10 pm

Hi,

Following the instructions of the op although I'm struggling with the sshd_config

I can't uncomment because they aren't in the file?

Uncomment line that says: #PubkeyAuthentication yes
Uncomment the line that says: #AuthorizedKeyFiles .ssh/authorized_keys
Make sure that line is uncommented that says: ChallengeResponseAuthentication no

Added the lines into the file and restarted sshd which then screwed me. Couldn't SSH to my Nas at all (had to telnet and restore the sshd_config)

(extract of my sshd_config below)
/etc/ssh# ls
sshd_config ssh_host_dsa_key.pub ssh_host_ed25519_key ssh_host_key.pub
sshd_config.bak ssh_host_ecdsa_key ssh_host_ed25519_key.pub ssh_host_rsa_key
ssh_host_dsa_key ssh_host_ecdsa_key.pub ssh_host_key ssh_host_rsa_key.pub

sudo vi /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
"/etc/ssh/sshd_config" 155L, 4149C

niclas
I'm New!
I'm New!
Posts: 2
Joined: Tue May 15, 2018 10:28 pm

Re: RESOLVED: Logging into Synology SSH using a key instead of a password

Unread post by niclas » Sun May 20, 2018 3:47 pm

Many thanks to dreuter and spiderlane for sharing this info! I can verify that for the DS418 (w. Realtek RTD1296 proc), the steps needed to get key-login to work was shorter than what is listed above. (I have not tried rsync yet.)

The following steps worked for me (DS418 w. DSM 6.1.6-15266):

- Follow steps 1-6 in dreuters list.
- On remote machine, run ssh-copy-id user@diskstation (with your username and ip/name of your diskstation).
- you should now be able to login without a password.

niclas
I'm New!
I'm New!
Posts: 2
Joined: Tue May 15, 2018 10:28 pm

Re: RESOLVED: Logging into Synology SSH using a key instead of a password

Unread post by niclas » Sun May 20, 2018 3:59 pm

Addition: By letting ssh-copy-id create directories and files, my ~/.ssh automatically has permission 0700 and my ~/.ssh/authorized_keys has permission 0600.

Post Reply

Return to “Security/Secured Mods”