Allow SSH With RSA KEY

  • Log into Synology web UI as an administrator user
  • Enable “User Home”
  • Control Panel / User / Advanced, scroll down to “User Home”
  • Check “Enable user home service”, select an appropriate Location (i.e. volume1)
  • Click “Apply”

SSH into Synology as Admin User

sudo chmod 755 /volume1/homes/*youruser*
mkdir ~/.ssh && chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys && chmod 0644 ~/.ssh/authorized_keys
echo PUCLICK_Key_STRING >> ~/.ssh/authorized_keys

Configure the Synology’s SSH service to allow login by key

sudo vi /etc/ssh/sshd_config
  • Uncomment line that says: #PubkeyAuthentication yes
  • Uncomment the line that says: #AuthorizedKeyFiles .ssh/authorized_keys
  • Add a line: PasswordAuthentication no
  • Make sure that line is uncommented that says: ChallengeResponseAuthentication no
  • Save the file and exit the editor
sudo synoservicectl --restart sshd

You should now connect with rsa key.

Installing VM Tools on Linux VM

On Debian:

sudo add-apt-repository universe
sudo apt-get install qemu-guest-agent

On Centos:

yum install qemu-guest-agent -y

Automated SSL Using Let's Encrypt, CloudFlare API, Script


Synology ssh enabled and sudo permission Cloudflare API key

ssh to synology nas

sudo -i
tar xvf master.tar.gz
./ --install --nocron --home /usr/local/share/ --accountemail "[email protected]"

CF_Key= your cloudflare Global API key CF_Email= your cloudflare email account CERT_DOMAIN= your domain managed on cloudflare dns, you can use wilde card domain like *.your-domain.tld

export CF_Email="[email protected]"
export CERT_DOMAIN="*.your-domain.tld"
export CERT_DNS="dns_cf"

This Will Generate, Sing and install the Certificate

Creating the Certificate

cd /usr/local/share/
./ --issue -d "$CERT_DOMAIN" --dns "$CERT_DNS" \
      --certpath /usr/syno/etc/certificate/system/default/cert.pem \
      --keypath /usr/syno/etc/certificate/system/default/privkey.pem \
      --fullchainpath /usr/syno/etc/certificate/system/default/fullchain.pem \
      --capath /usr/syno/etc/certificate/system/default/chain.pem \
      --reloadcmd "cp -a /usr/syno/etc/certificate/system/default/* `find /usr/syno/etc/certificate/_archive/ -maxdepth 1 -mindepth 1 -type d` && /usr/syno/sbin/synoservicectl --reload nginx" \
      --dnssleep 20 \
      --config-home "/volume1/activeShare/Dropbox/SettingsConfigs/SSL_Certificates"

Configuring Certificate Renewal by /etc/crontab

vi /etc/crontab

add this:

0   10  2   *   *   root    /usr/local/share/ --cron --home /volume1/activeShare/Dropbox/SettingsConfigs/SSL_Certificates


CloudFlare DDNS

based on this SynologyCloudflareDDNS

Ssh to synology nas as root Download from this repository to /sbin/

wget -O /sbin/
chmod +x /sbin/

Edit Synology's DDNS service config:

vi /etc.defaults/ddns_provider.conf

Add this to the config


Go to your cloudflare account Go to your domain overview page and get the Zone ID. Go to DNS zone and create A record you want to use for the DDNS with any IP address (just for the recored creation) Go to your account setting page and get API Key. Get record id using Cloudflare API.

Run this. You need to replace with [] with your parameter.

curl -X GET "[Zone ID]/dns_records" \
     -H "X-Auth-Email: [Email]" \
     -H "X-Auth-Key: [API Key]" \
     -H "Content-Type: application/json"

You will Get information acout your Zone in the response. Look for ID Recored you created before.

vi /sbin/

chnage RECID, ZONE_ID with the values you got before.



__PROXY__ true/false depandes on your usage

Login to your DSM Go to Control Panel > External Access > DDNS > Add Select Cloudflare as service provider. Enter your domain as hostname, your Cloudflare account as Username/Email, and API key as Password/Key

At the console:

tail -f /var/log/cloudflareddns.log

Click Test Connection You shoud see somthing like that at the console: (7): Updating with (7): Status: good