How to enable OpenSSH on a Synology DS-101 NAS

I’ll explain how I enabled SSH on my Synology DS-101 box.

Synology DS-101

This guide is based on Nicolas’ work : http://www.dotmana.com/index.php/?p=91

1. FIRMWARE UPGRADE

* Reboot the DS-101 (this is absolutely necessary in order to achieve the next step)

* Upgrade to the latest firmware available from Synology within 5 minutes after reboot.
If you don’t upgrade within 5 minutes after reboot you’ll get an “error 24″ message, and you’d need to reboot again. (this is a security function)
The version of the firmware the DS-101 was running was 2.0.1 1.0116.
After upgrade, the version was 2.0.1 3.0371 (you can download that version of the firmware from here)
The upgrade brought PHP + MySQL + some other cool features.

Let the upgrade go until the POWER led remains solid (it took around around 4 minutes for me)

2. ENABLING TELNET

* When done with the upgrade, download http://blog.wains.be/pub/ds-101/syno-telnet-r2.zip and unzip it.
Upgrade the box with the file enable-telnet.pat as if it was a regular firmware..
You’ll get an error 42 message. This is normal.

This upgrade will ONLY enable telnet, it will take a few seconds.
The error 42 message is normal, it prevents the NAS from rebooting as it would do after any regular firmware upgrade.

* Download http://blog.wains.be/pub/ds-101/ds101-bootstrap_1.0-1_armeb.xsh.gz
Unzip the file.
FTP into the NAS and upload ds101-bootstrap_1.0-1_armeb.xsh in the public directory.

* From here, it was a bit unclear, Nicolas’ guide is mentionning the synopass php file. I didn’t need it to enable SSH. Maybe something changed with the newer firmware.. ?

Confirmed : the root account has the same password as user admin with never firmwares

If you can’t telnet into the NAS using your password..
- From the Web administration interface, enable the “Web station” feature.
- using FTP, upload synopass.php (found in syno-telnet-r2.zip) in the web directory
- Query the file : http://diskstation/synopass.php

You’ll get a page where you’d find the root password you need to use to login as root in the box.

As soon as you’re logged in, you can change the root password by using passwd.

3. ENABLING SSH

Telnet into the NAS, use root as user and your password

Go into the public directory (should be /volume1/public/)

Make the file we just uploaded executable :
# chmod 755 ds101-bootstrap_1.0-1_armeb.xsh

Execute the script, it will install the “ipkg” tool that will give us access to a repository full of great tools :
# ./ds101-bootstrap_1.0-1_armeb.xsh

When done :
# ipkg update

Then :
# ipkg install openssh

(the output for these commands is available at http://blog.wains.be/pub/ds-101/syno.txt)

Reboot the box, you should now be able to SSH into the NAS.

If you want to see what you can install from the repo :
# ipkg list

If you want to see what you have installed :
# ipkg list_installed

4. EXTRA

* Editing your SSH config :

If, as me, you want to edit your SSH config (disabling password authentication and enable SSH key auth is a good idea) :

- Edit /volume1/opt/etc/openssh/sshd_config
- Restart openssh from “/opt/etc/init.d/S40sshd restart”

* Enabling SSH key authentication :

# vi /volume1/opt/etc/openssh/sshd_config

Edit these values :
PermitRootLogin without-password
PasswordAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Then restart SSH :
# /opt/etc/init.d/./S40sshd restart

* SSH key auth for root user :
# mkdir /root/.ssh
Then put your authorized_keys file under /root/.ssh

* SSH key auth for non-root users :
For non-root users, you need to tweak the system a bit…

I’ll consider you already created the user (named johndoe here) through the web interface, the user get a home directory normally located under /volume1/johndoe/..

You will need to create a “fake” home dir for the user as in the typical Linux/Unix directory tree /home. Indeed, SSH will look for the user keys inside the regular user directory. There must be a way to tell SSH to look inside /volume1/username/.ssh instead of /home/username/.ssh though (recompiling ?).

# mkdir -p /home/johndoe/.ssh
# chown -R johndoe:users /home/johndoe/.ssh

Put johndoe’s authorized_keys file in his .ssh folder

EDIT : you can create a symlink from /volume1/username/ to /home then create the .ssh directory in the regular user home dir.

Then edit /etc/passwd :

Change the line :
johndoe:x:1026:100::/:/bin/csh

By
johndoe:x:1026:100::/home/johndoe:/bin/sh

Pay great attention that /bin/csh became /bin/sh

You should now be able to ssh into the NAS with the user johndoe.

5. CONCLUSION

Thanks to Synology for making devices based on Linux. I like how “hackable” and extendable Linux-based devices are.
I can now securely browse my files remotely from Nautilus using SSH. I can now get rid of my big old server.. I’m saving space and energy at the same time.

Thanks to Nicolas for his guide that greatly helped me :
Nicolas’ page : http://www.dotmana.com/index.php/?p=91

13 thoughts on “How to enable OpenSSH on a Synology DS-101 NAS

  1. Hi,

    With the introduction of their 494 beta firmware, Synology removed their telnetpatch from their FTP-site. Would you be so friendly to send me a copy.

    Regards, Betatester

  2. Hi Sebastien,

    I got a syno DS207. I tried to use the script you made for the DS101 but it
    failed. I wanted to edit the xsh script, ans obviously it’s not possible.

    I tried to run those failing commands:
    NAS> /opt/sbin/ldconfig
    /opt/sbin/ldconfig: /opt/sbin/ldconfig: 1: Syntax error: word unexpected (expecting “)”)
    NAS> /opt/bin/ipkg
    /opt/bin/ipkg: /opt/bin/ipkg: 1: Syntax error: word unexpected (expecting “)”)
    NAS>

    I obtained the same error as from your script.
    Do you have any idea how I can solve this problem?
    Thanks for your help.
    Below is the output obtained when executing “ds101-bootstrap_1.0-1_armeb.xsh” script :

    NAS> ./ds101-bootstrap_1.0-1_armeb.xsh
    DS-10x Bootstrap extracting archive… please wait
    bootstrap
    bootstrap/wget-ssl.ipk
    bootstrap/ipkg.ipk
    bootstrap/ipkg.sh
    bootstrap/bootstrap.ipk
    bootstrap/bootstrap.sh
    bootstrap/openssl.ipk
    48201+1 records in
    48201+1 records out
    Creating temporary ipkg repository… success
    Installing DS101(g)-bootstrap package…Unpacking bootstrap.ipk…Done.
    Configuring bootstrap.ipk…
    Adding /opt/lib to dynamic linker configuration…
    Regenerating dynamic linker cache…
    /opt/sbin/ldconfig: /opt/sbin/ldconfig: 1: Syntax error: word unexpected (expect
    ing “)”)
    Modifying /etc/profile…
    Modifying /etc/rc.local
    Done.
    success
    Installing IPKG package… (Ignore missing md5sum warning)
    Unpacking ipkg.ipk…Done.
    Configuring ipkg.ipk…./ipkg.sh: ./ipkg.sh: 1170: md5sum: not found
    Done.
    Removing temporary ipkg repository…
    Installing OpenSSL../opt/bin/ipkg: /opt/bin/ipkg: 1: Syntax error: word unexpect
    ed (expecting “)”)

    BusyBox v1.1.0 (2007.02.26-05:56+0000) Built-in shell (ash)
    Enter ‘help’ for a list of built-in commands.
    NAS>

  3. Hi,
    Followed your instructions. Am getting permission denied, please try again, when looging in with the non root user. any tips?

  4. Hi,
    Yes the root account works fine. Have created new keys and that also works fine for root. Have checked all the file / directory permissions and all looks ok.
    Found some stuff about tty sessions, but this didn’t help.
    diskstation = DS-101j firmware = 2.0.3 – 0518.

    //Stig

  5. :-)….I am a windows man!!!!! where do I find the ssh logs? There is nothing in the messages file

    //Stig

  6. yes….there is no syslog_conf either. so unable to configure the Ssh logging. It seems that everything is owned by root! that is probably not a good start :-)
    Thanks anyway!

  7. salut, novice en NAS et Linux, je voudrais installer le nouveau Openssh: openssh-5.0p1.tar.gz mais IPKG ne supporte pas ce format. Comment faire le package pour le NAS 107+(128MB)?
    Comment installer Openssh? J’ai déjà l’ancien openssh installé et activé la version de Synology.
    Merci de me répondre.

  8. Désolé, aucune idée. J’ai vite remplacé mon Synology 101 par un NSLU2 sous Debian car ce genre de problèmes étaient ennuyants (en plus du filesystem en partie propriétaire).

Comments are closed.