The Optware

DISCLAIMER: This walkthrough is solely for my reference. If you fuck-up anything doing it, you are on your own ! Love, peace and best wishes.

Back to revival

The Connection

The goal of this chapter is to configure the ssh daemon on the synology. Only public key authentication will be enabled. The only user configured with such access will be the root.

  • First it is required to enable the sshd on the synology. With the 924 firmware it is very easy. Open the disk station manager and go to the Network Services/Terminal section. Select the Enable SSH service and press ok.
  • Download the putty and puttygen programs and put them on your desktop. You can download them from here Go select the download link and get the programs.
  • You will have to generate a pair of keys. The private and public one. Start puttygen, select Generate and move your mouse around. When finished save your private (c:\private_key.ppk) and public (c:\ key. For the synology we will need the "Public key for parsing into OpenSHH…" in the red rectangle on the picture below. The key is already selected for convenience. Copy it. Store it temporarily somewhere in a notepad.
  • Now start the putty. Fill in the IP adress and press Open. Login as root and use the password you have entered for the admin user. The default value for the password is admin.
  • Now when you are in you have to set-up the public key authentification. First you will store your public key.
cd /root
mkdir .ssh
cd .ssh
vi authorized_keys
  • Select (with the mouse) the public key you have stored before temporarily in a notepad and copy it (with Ctrl+C).
  • Switch back to the putty window and press i
  • Press the right mouse button to paste the public key into the file.
  • Press the ESC (Escape) button
  • Insert the sequence :wq!
chmod 0400 authorized_keys
cd ..
chmod 0400 .ssh
  • The configuration of the sshd must be adjusted now. Make it as the one included here. It is the /etc/ssh/sshd_config file. You can either directly copy paste this file or use the vi to edit it. If you decide to paste it as it is do the following:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
rm -f /etc/ssh/sshd_config
vi /etc/ssh/sshd_config
  • Select (with the mouse) the sshd_config in this browser window and copy it (with Ctrl+C).
  • Switch back to the putty window and press i
  • Press the right mouse button to paste the public key into the file.
  • Press the ESC (Escape) button
  • Insert the sequence :wq!

This is the sshd_config source:

#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

#now ssh is only used by rsync ==> auth by passwd file of rsync server
#AuthPassFile /etc/rsyncd.secrets

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

#DenyUsers admin

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server
  • Now start another putty session. Fill in the IP and additionally now you have to include also the private key (c:\private_key.ppk) in the configuration. The path in the Category pane on the left of the PuTTY Configuration Windows is /Connection/SSH/Auth
  • Go back to the Session item in the Category pane (at the top) an save your session for later use. You have to fill in the Hostname(or IP address) and the Saved Sessions fields. Then press Save on the right side.
  • Press Open. The connection will be established. You will have to supply the password. The private key will be used to authenticate. If everything went right you will see something similar like on the picture below (and of course you will be logged on).
  • If something went wrong you can use the ssh/putty window you have left open from the previous session to correct the problems.
  • If for whatever reason you closed the previous ssh window. Enable the telnet through the management GUI and correct the problems.
  • If nothing works read the disclaimer on the top.

Back to revival

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-Share Alike 2.5 License.