By Edy Werder — IT Consultant & Tech Blogger
Hello, tech enthusiasts. Edy here. This guide covers setting up SSH keys on Synology from start to finish: enabling SSH in DSM, generating keys with PuTTYgen on Windows, and switching to key-based login for better security.
You’ll get a clear step-by-step walkthrough to connect safely and lock things down.
Setting up SSH keys on Synology is safer than password logins. Enable SSH in DSM web interface, generate a key pair with PuTTYgen on Windows, then add the public key to authorized_keys in your Synology user’s ~/.ssh folder. Test key-based login with the private key first. Only then disable password login and further lock SSH down.
- Test login, then restrict SSH to trusted IPs (firewall)
- Enable SSH: Control Panel → Terminal & SNMP → Enable SSH service
- Generate keys with PuTTYgen and save the private key (.ppk)
- Add the public key to: ~/.ssh/authorized_keys (one key per line)
- Fix permissions if needed: .ssh 700, authorized_keys 600
Part 1: Generating a Synology SSH Key with PuTTYgen
Securing your Synology NAS with SSH begins with creating a robust SSH key. I’ve always found PuTTYgen to be an excellent tool for this. Here’s my approach:
Step 1: Download and Open PuTTYgen:
- My first step in securing Synology SSH access is downloading PuTTY from https://www.putty.org/. After installation, I launch PuTTYgen, ready to start the critical generation process. Type “puttygen” in the Windows search box.
Step 2: Generate the Key pair:
- In PuTTYgen, I click “Generate” and move my mouse around to create randomness. This randomness is crucial for a secure Synology SSH key.
Optional Passphrase:
- I often add a passphrase for an extra layer of security. This step is vital for ensuring your Synology SSH access remains secure.
Step 3: Save the SSH config file:
- After generating the key, I save the private key file and store it in a secure store. Please don’t use the “Save public key” button to save the public key. Unfortunately, it will save the public key file in a format Synology cannot read. Instead, use the “public key” field and copy/paste the authorized_keys content to Notepad.
Ensure that the public key in the authorized_keys file is on a single line with no breaks. Sometimes, copying and pasting can insert line breaks that invalidate the key.
Below is an example the line should start with “ssh-rsa….”
Part 2: Applying the SSH Key for Synology SSH
With our SSH key ready, let’s apply it to the Synology NAS.
Step 4: Enable SSH on Synology NAS:
- I enable SSH in the DSM under Control Panel > Terminal & SNMP to secure my Synology SSH access.
Step 5: Adding the ssh directory (authorized keys) to Synology NAS:
The file ~/.ssh/authorized_keys must be created on the Synology NAS to store the public key.
- Access File Station on Your Synology NAS:
- Log into your Synology DiskStation Manager (DSM).
- Open the File Station application.
- Navigate to Your Home Directory:
- In File Station, go to the ‘home’ folder. This is typically your user directory.
- In File Station, go to the ‘home’ folder. This is typically your user directory.
- Create the
.sshFolder:
- Inside your home directory, create a new folder and name it
.ssh(if it doesn’t already exist).
- Inside your home directory, create a new folder and name it
- Create the
authorized_keysFile:
- Now, you need to create the
authorized_keysfile within the.sshfolder.
Since File Station doesn’t directly allow file creation, you’ll need to use a workaround:- Create a text file on your local computer and name it
authorized_keys. Please be sure that you don’t use a file extension like txt. The file name must be exactly “authorized_keys” - Open the file with a text editor (like Notepad) and paste your public SSH key into it. Save the changes.
- Return to File Station in DSM and upload the
authorized_keysfile into the.sshfolder.
- Create a text file on your local computer and name it
- Now, you need to create the
Step 6: Setting Correct Permissions for Home Directories on Synology NAS:
To establish secure SSH access with authorized_keys on a Synology NAS, it’s crucial to adjust the permissions of user home directories. By default, Synology sets these directories to 777 permissions, which are overly permissive and can lead to SSH errors such as ‘server refused the key.’
For Individual User Home Directory:
- Connect to Your Synology NAS via SSH:
- Use an SSH client like PuTTY to log into your Synology NAS as an administrator.
- Use an SSH client like PuTTY to log into your Synology NAS as an administrator.
- Navigate to the Homes Directory:
- User home directories are typically located in
/volume1/homes/. Usecd /volume1/homes/to navigate to this directory.
- User home directories are typically located in
- Change Permissions for a Specific User’s Home Directory:
- Use the
chmodcommand for the specific user’s directory. If the user’s home directory isusername, the command ischmod 755 username. This sets the directory permissions to755(read, write, and execute for the owner, read and execute for others).
- Use the
For All User Home Directories:
- Understand the Implications:
- Be cautious when changing permissions for all user home directories. Ensure this aligns with your security policies.
- Be cautious when changing permissions for all user home directories. Ensure this aligns with your security policies.
- Bulk Change Command:
- In the
/volume1/homes/directory, usechmod -R 755 *to change permissions for all directories. The-Rflag applies the change recursively to all files and subdirectories within each user’s home directory. However, be aware that this will change the permissions of all files and folders within each user’s home, which might not be desirable for files that require different permissions.
- In the
Additional Steps for .ssh and authorized_keys:
- Ensure the
.sshdirectory in each user’s home has700permissions (chmod 700 .ssh), and theauthorized_keysfile has600permissions (chmod 600 .ssh/authorized_keys).
In the screenshot below, you see the permission for the folder .ssh and for the file authorized_keys
I recommend my article “Linux file permissions explained: What you need to understand” for more information about Linux file and folder permissions. A good reference is the chmod calculator.
Last Step 7: Connecting via SSH:
- To test our Synology SSH access, I open PuTTY, enter my NAS’s IP address, and load my private key under Connection > SSH > Auth. After saving these settings, I click Open to connect.
FAQs on Synology SSH and Security:
Conclusion:
That’s it for setting up SSH keys on Synology with PuTTYgen. You now have SSH key authentication in place, which is a big security upgrade over passwords. If you want to harden things further, review your sshd_config, keep the sshd service running only when you need it, and restrict access in DSM Firewall to trusted IPs. Questions or edge cases? Drop them in the comments.
I’d love to hear from you — was this article helpful? Share your thoughts in the comments below. If you prefer, you can also reach me by email or connect with me on Reddit at Navigatetech.
Before you go …
If you found the guide on setting up SSH keys on Synology insightful, you might appreciate the next step: SSH into Synology. This article delves into securely accessing your Synology device via SSH, building on the knowledge you’ve gained about SSH key setup. It’s a practical read for enhancing your remote management skills and ensuring secure access to your Synology NAS. Perfect for tech enthusiasts aiming to streamline their network management tasks!
Related Articles
Full Disclosure
Any purchases made from clicks on links to products on this page may result in an affiliate commission for me.
Please keep in mind that the quantity or price of items can change at any time.
As an Amazon Associate, I earn from qualifying purchases.
Als Amazon-Partner verdiene ich an qualifizierten Verkäufen
About the author
Hi, I’m Edy Werder. I write hands-on guides about Proxmox, homelab servers, NAS, and WordPress, based on real setups I run and document.
No sponsors, no fluff—just real configs and results.
Enjoying the content?
