Note: I recently purchased a Synology DiskStation DS411j & I’m putting up posts about things I figure out. This is part of that series.
The Synology DiskStation supports both
SSH, but all right-thinking people know that you should never use
telnet, as it is completely insecure, & should instead use SSH, as it is very secure. It’s easy to enable SSH on your DiskStation by going to Control Panel > Terminal & checking the box next to Enable SSH Service. You can now log in with your username & password.
But that’s not enough. Logging in with a username & password isn’t nearly as secure as requiring SSH keys. With that method, you have a private key on your computer & a public key on the SSH server (the Synology DiskStation in this case). When a computer tries to log in via SSH, the server looks at the public key & asks for the corresponding private key. No private key, no login.
NOTE: I’m assuming that you have already generated or possess SSH keys. If you haven’t, I’ve written a section in Linux Phrasebook that covers how to do so, or you can easily find instructions on the Web.
To start the process, you need to edit the SSH daemon’s config file to allow access via keys. Edit
/etc/ssh/sshd_config using vim & change these lines:
Save the file.
Time to create the necessary
.ssh directory & file on your Synology DiskStation:
Now get your permissions set correctly on that directory & file:
Now you need to edit the
authorized_keys file. Do so remotely with vim, or FTP (with SSL enabled!) into the server, grab the file, edit it on your machine, & then FTP it back to the DiskStation—your choice. Put your public SSH key into the
authorized_keys file, so it will look something like this:
Save the file, & try logging in to your Synology DiskStation:
It worked! In four further posts over the next several days, let’s make this situation better:
- Log in to a Synology DiskStation using SSH keys as a user other than root
- Change the SSH port you use to log in to a Synology DiskStation
- Log in to a Synology DiskStation quicker & easier using an SSH config file
- Disallow logging in to a Synology DiskStation with passwords & only allow logging in via SSH keys