SSH into a Synology NAS using a keypair

or How to Login to your Synology NAS via SSH with a keypair instead of a password.

Required Software

Putty –  http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Config File Editor – Install on Synology using Package Center. Add this URL as a package source: http://packages.quadrat4.de/
(
how to add a new package source http://www.synology.com/support/tutorials_show.php?q_id=500#t2.2 )
This is optional, you can use ‘vi’ instead to edit the ssh config.

 

Overview

  1. Generate the keypair using putty
  2. Edit the ssh config on your Synology NAS
  3. Upload your public key to the NAS
  4. Profit!

Generate the keypair using putty

We are going to use Puttygen.exe to generate a public and private key. The public key will be added to the authorized keys file on the NAS. The private key is what you will use to login. This will be your new “password”.

  1. Launch puttygen.exe
  2. Type of key to generate “SSH-2 RSA”
  3. Generate the Key and leave PuttyGen open
  4. Save the Public and Private keys in a safe place.

Edit the SSH Config on your Synology NAS

Now we need to edit the SSH config file. You can either SSH into the NAS as root or use the Config File Editor you installed earlier. If you SSH in the file is located at  “/etc/ssh/sshd_config” if you are using the Config File Editor select sshd from the dropdown.

Look for these 2 lines

#PubkeyAuthentication yes
#AuthorizedKeysFile      .ssh/authorized_keys

Remove the # (hashtag) so they become

PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

Other values worth setting.

Change the max login attempts

MaxAuthTries 2

Allow TCP Forwarding

AllowTcpForwarding yes

Disable Password authentication (only do this AFTER you have keypair login working.)

PasswordAuthentication no

 

Upload your public key to the NAS

To upload your public key you will need to SSH into your NAS using putty.exe as root (or whichever user you want to enable SSH Keypair login for). Run the following commands from the terminal, ignore the lines that being with # (hashtag)

#cd to /root (this is the users home directory)
cd /root
#create the .ssh folder
mkdir .ssh
#create the authorized_keys file
touch .ssh/authorized_keys

#edit the autorized_keys file
vi .ssh/authorized_keys

#add your public key to the file – copy it out of puttygen.exe
#your public key will look something like

ssh-rsa A__a whole bunch of random characters___bw== rsa-key-20130718

#save the file. exit VI
#change the permissions on the authorized_keys file

chmod 700 /root/.ssh

chmod 644 /root/.ssh/authorized_keys

#disconnect the SSH session

 

Test your settings

Now we are going to use putty.exe to test that we can login with our ssh key.

 #launch putty.exe
#use the following settings.

Connection type: SSH
username: root (or whichever user you setup the key for)
Connection->SSH->Auth->Private Key # Your private key file you created at the beginning of this article.

#press the OPEN button

You should now have logged in to your Synology without having to give a password.

If you are able to successfully login with the private key then you can now disable password login.

Comments are currently closed.