Difference between revisions of "Setup Mac for ssh into synology"

From rbachwiki
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 18: Line 18:
  chmod 600 /volume1/homes/bacchas/.ssh/authorized_keys  
  chmod 600 /volume1/homes/bacchas/.ssh/authorized_keys  


== Verify "User Home Service" is Enabled ==
'''SSH keys won't work if the NAS isn't correctly mapping your home directory. '''
'''In DSM, go to Control Panel > User & Group > Advanced.'''
'''Scroll down to User Home and ensure Enable user home service is checked. '''


==Check Synology’s SSH Configuration ==
'''Sometimes PubkeyAuthentication is disabled in the system config. '''
'''On the NAS, edit the config file: '''
sudo vi /etc/ssh/sshd_config.
'''Find these lines and ensure they are uncommented (no # at the start):'''
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
'''If you made changes, restart the service in Control Panel > Terminal & SNMP by unchecking and re-checking the Enable SSH service box. '''
==Mac-Specific: Add Key to your SSH Agent==
'''On macOS, your terminal might not be "offering" the key automatically. Run this command on your Mac to manually add it to your current session:'''
ssh-add ~/.ssh/id_ed25519
==How to Troubleshoot==
'''If it still asks for a password, run the connection in "verbose" mode on your Mac:'''
ssh -vvv username@192.168.20.22
'''Look for a line that says "debug1: Next authentication method: publickey". If it says "Authentication refused: bad ownership or modes," it means the permission fix in Step 1 didn't stick or was applied to the wrong path. '''
==Restart the Service==
'''Changes to sshd_config do not take effect until the service restarts.'''
'''Command: sudo '''
synosystemctl restart sshd.
'''Alternative: Toggle "Enable SSH Service" off and back on in the DSM Control Panel. '''


=Create config file=
=Create config file=
Line 41: Line 68:




==[[ Backup_script_on_mac_config_and_setup| Mac Setup]] [[Bash| Bash menu]]-[[Main_Page| Home]]==
==[[ Backup_script_on_mac_config_and_setup| Mac Setup]] - [[Bash| Bash menu]]-[[Main_Page| Home]]==
[[Category:Bash]]
[[Category:Bash]]

Latest revision as of 19:02, 24 April 2026

Set up Password-less Login

For an unattended script, your Mac needs to log in without a password. Open Terminal on your Mac: Generate a key: 

ssh-keygen -t ed25519 (Press Enter through all prompts).

Copy it to the NAS: 

ssh-copy-id -i ~/.ssh/id_ed25519.pub your_nas_user@100.x.y.z

Test it: 

ssh your_nas_user@100.x.y.z. If you get in without a password, you’re ready.

Fix Permissions on the Synology

Log in to your NAS with your password one last time and run these commands to restrict access to your home folder: Set Home Directory to 755: SSH requires that your home directory is not writable by others. 

chmod 755 /volume1/homes/bacchas

Set .ssh Folder to 700: This folder must be readable only by you. 

chmod 700 /volume1/homes/bacchas/.ssh

Set authorized_keys to 600: The key file must be strictly protected. 

chmod 600 /volume1/homes/bacchas/.ssh/authorized_keys

Verify "User Home Service" is Enabled

SSH keys won't work if the NAS isn't correctly mapping your home directory. In DSM, go to Control Panel > User & Group > Advanced. Scroll down to User Home and ensure Enable user home service is checked.

Check Synology’s SSH Configuration

Sometimes PubkeyAuthentication is disabled in the system config. On the NAS, edit the config file: 

sudo vi /etc/ssh/sshd_config.

Find these lines and ensure they are uncommented (no # at the start): 

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

If you made changes, restart the service in Control Panel > Terminal & SNMP by unchecking and re-checking the Enable SSH service box.

Mac-Specific: Add Key to your SSH Agent

On macOS, your terminal might not be "offering" the key automatically. Run this command on your Mac to manually add it to your current session: 

ssh-add ~/.ssh/id_ed25519

How to Troubleshoot

If it still asks for a password, run the connection in "verbose" mode on your Mac: 

ssh -vvv username@192.168.20.22

Look for a line that says "debug1: Next authentication method: publickey". If it says "Authentication refused: bad ownership or modes," it means the permission fix in Step 1 didn't stick or was applied to the wrong path.

Restart the Service

Changes to sshd_config do not take effect until the service restarts. Command: sudo 

synosystemctl restart sshd.

Alternative: Toggle "Enable SSH Service" off and back on in the DSM Control Panel.

Create config file

Create a config file in the ~/.ssh/config This file contains the host name and the path to the ssh keys 

Host wendy
	HostName 192.168.20.22
	User myname
	IdentityFile ~/.ssh/keyidfile
	IdentitiesOnly yes

#for tailscale

Host wendy-tailscale
	HostName 1.1.1.1
	User myname
	IdentityFile ~/.ssh/keyfile
        IdentitiesOnly yes


Mac Setup - Bash menu- Home

Retrieved from "https://www.r512.com/index.php?title=Setup_Mac_for_ssh_into_synology&oldid=2958"