Skip to content

Support us

Created: 2022-04-13 | Last update: 2022-04-24

Synology DSM - Allow Presistent SSH With RSA Keys

As a power user, i would like to be able to connect to my Synology DSM vis SSH. The issue is that Synology DSM won't allow you to use SSH with RSA keys out of the box and only allows you to use SSH with password. In order to allow the use of SSH keys we need to perform the following steps:

Requirements

I will assume you have already have SSH keys generated, SSH server configured on Synology DSM

  • Generated SSH keys
  • SSH server configured on Synology DSM

Allow User Home at DSM Level

User Home enable to create a personal home folder for each user, except for guest. This will allow as to create user's .ssh folder and authorized_keys file.

  • Log into Synology web UI as an administrator user
  • Control Panel -> User & Groups -> Advanced, scroll down to “User Home”
  • Check “Enable user home service”, select an appropriate Location (i.e. volume1)
  • Click “Apply”

Synology Control Panel Image

Configure .ssh Folder and authorized_keys File

Log in to the NAS through SSH with the user you want to add key authorization for. The following example shows how to add will work for the active user in the SSH session.

First change the permissins of the users home folder to 700

sudo chmod 700 ~

Create the .ssh folder and set permissions to 700

mkdir ~/.ssh && chmod 700 ~/.ssh

Create the authorized_keys file and set permissions to 644

touch ~/.ssh/authorized_keys && chmod 644 ~/.ssh/authorized_keys

Synology's DSM SSH server supports RSA and ed25519 keys.

No you need to copy you public keys to authorized_keys file, you can do it manually or use the following command:

echo <public-key-sting> >> ~/.ssh/authorized_keys

You can do it automatically by using the following command from a client with the ssh key you want to add:

ssh-copy-id -i ~/.ssh/id_rsa <user@ip-address>

At this point you should be able to connect to Synology DSM via SSH using the key you just added.

Comments