Synology usage series 5 – Automatically SSH login to DS207+ without password using putty

II. Create a private/public key pairs

Firstly, telnet to DS box as root.

Then figure out the home directory of the user.

# more /etc/passwd | grep <user name>

<user name>:x:1029:100::/var/services/homes/<user name>:/sbin/nologin

From the example above:

/var/services/homes/<user name> is the home directory of <user name>.

Verify if the home directory is existed, if not existed, just create it.

# mkdir /var/services/homes/<user name>

/sbin/nologin is the default shell assigned to the user.

change the /sbin/nologin to /bin/sh.

# vi /etc/passwd

<user name>:x:1029:100::/var/services/homes/<user name>:/bin/sh

By default, the var directory is accessible by root only. Synology, however, assigned user home under var directory. Since the shell cannot access user home directory, user will have problem login using telnet/ssh. We need to change the permission of /var to be accessible by all users.

# chmod 755 /var

Now we need a .ssh subdirectory under the home directory. Create it if it is not existed.

# mkdir /var/services/homes/<user name>/.ssh

Create the ssh key pairs

# cd /var/services/homes/<user name>/.ssh
# ssh-keygen -t rsa

It will asks for where to save the public/private keys:

Enter file in which to save the key (…): /var/services/homes/<user name>/.ssh/id_rsa

Enter passphrase (empty for no passphrase): Hit Enter Here to bypass passphrase!!

Since we want the login process totally automatic, just hit enter. There is security concerns for skipping passphrase however. Anyone who happened to gain access to your private key would be able to login your box! If you don’t feel comfortable, input your passphrase. The passphrase should be different with the password of the username.

The private and public keys should be generated at <user home>/.ssh

id_rsa is the private key is the public key

We need to rename the public key according to the SSH server setup

# cd /var/services/homes/<user home>/.ssh/
# mv authorized_keys

Download the id_rsa to your PC for now and delete it from your DS207+.

Finally, setup permission as below

# chown -R <user name>:users /var/services/homes/<user name>
# chmod 755 /var/services/homes/<user name>
# chmod 755 /var/services/homes/<user name>/.ssh
# chmod 644/var/services/homes/<user name>/.ssh/authorized_keys
# chmod 600 /var/services/homes/<user name>/.ssh/id_rsa

Examples below:

#chown -R <user name>:users /var/services/homes/<user name>
#chmod 755 /var/services/homes/<user name>
#chmod 755 /var/services/homes/<user name>/.ssh
#chmod 644 /var/services/homes/<user name>/.ssh/authorized_keys
#chmod 600 /var/services/homes/<user name>/.ssh/id_rsa

One thought

  1. Pingback: Synology DS207+ usage series 6 – Securing Squid and Socks5 connection using Bitvise Tunnelier « BLoG of R@y

Leave a Reply

Your email address will not be published. Required fields are marked *