Complete Guide: Setting Up SSH Keys on Synology for Enhanced Security


Hello, tech enthusiasts! Edy here. Today, I’m excited to delve into the world of Synology SSH, offering a comprehensive guide on setting up SSH keys using PuTTYgen for secure access to your Synology NAS. This guide is designed for anyone looking to enhance their Synology NAS security, from beginners to seasoned tech professionals. Let’s get started on our journey to secure Synology SSH access!

setting up SSH keys on Synology

Part 1: Generating an SSH Key with PuTTYgen for Synology SSH

Securing your Synology NAS with SSH begins with creating a robust SSH key. I’ve always found PuTTYgen to be an excellent tool for this. Here’s my approach:


Step 1: Download and Open PuTTYgen:

  • My first step in securing Synology SSH access is downloading PuTTY from https://www.putty.org/. After installation, I launch PuTTYgen, ready to start the critical generation process. Type “puttygen” in the Windows search box.
Download Putty for Windows

Step 2: Generate the Key:

  • In PuTTYgen, I click “Generate” and move my mouse around to create randomness. This randomness is crucial for a secure Synology SSH key.
Puttygen Key Generator

Optional Passphrase:

  • I often add a passphrase for an extra layer of security. This step is vital for ensuring your Synology SSH access remains secure.

Step 3: Save the Keys:

  • After generating the key, I save the private key securely. Please don’t use the “Save public key” button” to save the public key. Unfortunately it will save the public key in a format Synology cannot read. Use instead the “public key” and copy/paste it to Notepad.
save private key and public key

Ensure that the public key in the authorized_keys file is on a single line with no breaks. Sometimes, copying and pasting can insert line breaks that invalidate the key.

Below is an example the line should start with “ssh-rsa….”

public key single line

Part 2: Applying the SSH Key for Synology SSH

With our SSH key ready, let’s apply it to the Synology NAS.

Step 4: Enable SSH on Synology NAS:

  • I enable SSH in the DSM under Control Panel > Terminal & SNMP to secure my Synology SSH access.
Synology enable ssh

Step 5: Adding the Public Key to Synology NAS:

  • Access File Station on Your Synology NAS:
    • Log into your Synology DiskStation Manager (DSM).
    • Open the File Station application.
  • Navigate to Your Home Directory:
    • In File Station, go to the ‘home’ folder. This is typically your user directory.
  • Create the .ssh Folder:
    • Inside your home directory, create a new folder and name it .ssh (if it doesn’t already exist).
  • Create the authorized_keys File:
    • Now, you need to create the authorized_keys file within the .ssh folder.
      Since File Station doesn’t directly allow file creation, you’ll need to use a workaround:
      • Create a text file on your local computer and name it authorized_keys. Please be sure that you don’t use a file extension like txt. The file name must be exactly “authorized_keys”
      • Open the file with a text editor (like Notepad) and paste your public SSH key into it. Save the changes.
      • Return to File Station in DSM and upload the authorized_keys file into the .ssh folder.

Step 6: Setting Proper Permissions for User Home Directories on Synology NAS:

To establish secure SSH access with authorized_keys on a Synology NAS, it’s crucial to adjust the permissions of user home directories. By default, Synology sets these directories to 777 permissions, which are overly permissive and can lead to SSH errors such as ‘server refused the key.’

For Individual User Home Directory:

  1. Connect to Your Synology NAS via SSH:
    • Use an SSH client like PuTTY to log into your Synology NAS as an administrator.
  2. Navigate to the Homes Directory:
    • User home directories are typically located in /volume1/homes/. Use cd /volume1/homes/ to navigate to this directory.
  3. Change Permissions for a Specific User’s Home Directory:
    • Use the chmod command for the specific user’s directory. If the user’s home directory is username, the command is chmod 755 username. This sets the directory permissions to 755 (read, write, and execute for the owner, read and execute for others).

For All User Home Directories:

  1. Understand the Implications:
    • Be cautious when changing permissions for all user home directories. Ensure this aligns with your security policies.
  2. Bulk Change Command:
    • In the /volume1/homes/ directory, use chmod -R 755 * to change permissions for all directories. The -R flag applies the change recursively to all files and subdirectories within each user’s home directory. However, be aware that this will change the permissions of all files and folders within each user’s home, which might not be desirable for files that require different permissions.

Additional Steps for .ssh and authorized_keys:

  • Ensure the .ssh directory in each user’s home has 700 permissions (chmod 700 .ssh), and the authorized_keys file has 600 permissions (chmod 600 .ssh/authorized_keys).

In the screenshot below, you see the permission for the folder .ssh and for the file authorized_keys

Elementor Banner

I recommend my article “Linux file permissions explained: What you need to understand” for more information about Linux file and folder permissions. A good reference is the chmod calculator.

Synology ssh permissions

Last Step 7: Connecting via SSH:

  • To test our Synology SSH access, I open PuTTY, enter my NAS’s IP address, and load my private key under Connection > SSH > Auth. After saving these settings, I click Open to connect.
putty apply the private ssh key
Putty applies the SSH key
Synology test ssh access
Putty login to Synology with ssh key

FAQs on Synology SSH and Security:

What is an SSH key, and why is it essential for Synology SSH?

An SSH key is a secure method of logging into a server, offering a more robust security layer than passwords alone. For Synology SSH, it’s crucial to prevent unauthorized access and ensure the safety of your data.

Can I use the same SSH key for multiple devices or services?

Yes, but for optimal security, especially in a Synology SSH setup, it’s recommended to use unique keys for different devices or services.

What should I do if I lose my private SSH key?

In a Synology SSH context, losing your private key is a serious security concern. Immediately generate a new SSH key pair and update your Synology NAS and any other services where the old key was used.

Is a passphrase necessary for my SSH key, and how do I choose a secure one?

While not mandatory, a passphrase is a critical security feature for Synology SSH. Choose a complex and unique passphrase to enhance security.

Conclusion:

That’s it for our guide on Synology SSH setup using PuTTYgen! This method not only secures your NAS but also provides peace of mind. If you have any questions or need further insights on Synology SSH, please reach out in the comments. Here’s to a secure and efficient computing experience!

I would love to get some feedback from you. Was this article helpful? Please share your opinion with me in the comment section below. Or, if you prefer a more personal touch, feel free to email me directly at [email protected]. Your thoughts and insights are always appreciated.

Before you go …

If you found the guide on setting up SSH keys on Synology insightful, you might appreciate the next step: SSH into Synology. This article delves into securely accessing your Synology device via SSH, building on the knowledge you’ve gained about SSH key setup. It’s a practical read for enhancing your remote management skills and ensuring secure access to your Synology NAS. Perfect for tech enthusiasts aiming to streamline their network management tasks!

Full Disclosure

Any purchases made from clicks on links to products on this page may result in an affiliate commission for me. 

Please keep in mind that the quantity or price of items can change at any time.

As an Amazon  Associate, I earn from qualifying purchases.

As an Aliexpress Associate, I earn from qualifying purchases. 

Als Amazon-Partner verdiene ich an qualifizierten Verkäufen

Tech Expert & Blogger

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.