Home / server / Questions / 994612
In Process
HCSF
Asked: 2019-12-07 07:17:17 +0800 CST

Unable to SSH to Synology NAS

  • 772

Here is the sequence of events:

  1. I added my RSA key to .ssh/[my admin user], updated permission, and disabled SSH authentication by password months ago.
  2. I formatted my desktop and I forgot to re-enable the SSH authentication by password.
  3. Then, my newly configured desktop can't SSH into the NAS.

I tried to update my newly generated RSA key via DSM web GUI -- File Station>Homes>[my admin user]/.ssh/authorized_keys

But I still can't ssh, here is the tail of the ssh output in verbose mode:

debug1: Found key in /home/hc/.ssh/known_hosts:6
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/hc/.ssh/id_rsa (0x55c5c982c140), agent
debug2: key: /home/hc/.ssh/id_dsa ((nil))
debug2: key: /home/hc/.ssh/id_ecdsa ((nil))
debug2: key: /home/hc/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/hc/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/hc/.ssh/id_dsa
debug3: no such identity: /home/hc/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/hc/.ssh/id_ecdsa
debug3: no such identity: /home/hc/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/hc/.ssh/id_ed25519
debug3: no such identity: /home/hc/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

I wonder whether:

  1. there is a way to access /etc/ssh/sshd_config on the NAS via DSM web GUI; or
  2. there is a way to fix my /home/[my admin user]/.ssh/authorized_keys; or
  3. there is a way that I can regain my SSH access...I do have physical access to my NAS.

Synology support suggested that I hard-reset the NAS. I prefer not to if there is a better option because I have too many things configured.

Info:

  • DSM 6.2.2-24922
  • DS1019+
ssh

1 Answers

  1. To answer your question 1.) I had success logging into my SynoNAS via Telnet. You have to enable it first: Control Panel -> Terminal & SNMP -> Enable Telnet service.
    After that you should be able to just telnet [nas_ip] into your NAS. It should even give you bash.

    As of now, I wasn't able to repair ssh. It just somehow stopped letting me connect, without a single error message in /var/log/messages or /var/log/auth.log.

    Update:
    I was able to repair ssh by changing permissions to my user folder /volume1/homes/[user] to 0755. It might even work with stricter permissions. The command used was

    chmod 0700 [user_folder]

    I was made aware of this by the following post:
    https://superuser.com/questions/1632729/ssh-public-key-login-fails

    • 1