Synology usage series 1 – SSH tunneling using putty and Bitvise Tunnelier


Dec 13 2009 Original article was a little bit outdated. Article is updated for the firmware 2.2 (0949).

Configure the DS207+

  1. Enable SSH from admin console: Network Services > Terminal > Enable SSH Service
  2. Create a normal user called ‘ssh’: Privileges > Users > Create
  3. SSH or Telnet to 207+ as root (login as root, password same as admin)
  4. Edit SSH Config file

    # vi /etc/ssh/sshd_config

    Edit the lines below

       AllowTcpForwarding yes
       TCPKeepAlive yes
    

    Save the file

  5. Restart sshd:
    /usr/syno/etc/rc.d/S95sshd.sh restart
  6. Edit passwd file

    # vi /etc/passwd

    Looks for ssh user, then update /sbin/nologin to /bin/sh

    ssh: x:1031:100::/var/services/homes/ssh:/bin/sh
    
  7. Create a new firewall rule to allow SSH traffic

    Network Services > Firewall > LAN > Click the Create button

    Ports: Select from a list of built-in applications

    Click ‘Encrypted terminal service’

    DiskStation: Adding a SSH firewall rule

    DiskStation: Adding a SSH firewall rule

    Then click OK to close the popup and continue.

    Source IP: All

    DiskStation: Firewall: Assign 'ALL' for source IP

    DiskStation: Firewall: Assign 'ALL' for source IP

    Action: Access: Allow

    DiskStation: Firewall: Allow an firewall rule

    DiskStation: Firewall: Allow an firewall rule

    Click to OK when done.

  8. Optional: Enable auto block to reduce the chance of being hacked into the SSH service.

    Network Services > Auto Block > Enable auto block

Setup Broadband Router to allow port fowarding of port 22 to DS207+

Following is the example of Linksys WRT54G broadband router

Linksys WRT54G: SSH Port forwarding setup

Linksys WRT54G: SSH Port forwarding setup