Old green screen computer terminal

How to use SSH to connect to Synology NAS

What is SSH?

SSH or Secure Shell is a cryptographic network protocol which allows you to connect securely to your Synology NAS by using a text-based interface. When a secure SSH connection is established, a shell session will be started, and you will be able to manipulate the Synology NAS by typing commands within the client on your local computer.

How does SSH work?

In order to establish an SSH connection, you need two components: a client and the corresponding Synology NAS server component. An SSH client is an application you install on the computer which you will use to connect to the Synology NAS. The client uses the provided Synology NAS server information to initiate the connection and if the credentials are verified, establishes the encrypted connection.

Enable SSH on Synology NAS

To get started, fire up DiskStation Manager, and then open up Control Panel and go to the Terminal setting page:

DiskStation Manager > Control Panel > Terminal & SNMP > Terminal

Check the “Enable SSH service” and specify a port number for SSH connections and save the settings by clicking Apply. To ensure system security, it is recommended replacing the default port 22 with another port between 49152 and 65535. In this example port 55555 is used.

To enhance the security of SSH connections, avoid using the ports listed in this article. As described in the article, the range 49152 – 65535 is used for private or customized services and can safely be used for this purpose.

The SSH service only supports a login to the system with accounts belonging to the local administrators group. To switch to a root account, please log into the system with SSH as a user belonging to the local administrators group, run the command sudo -i, and then enter the password of the account used to log in.

Please note that improper manipulation or modification of the Synology NAS may result in malfunctions or loss of data.

How to install SSH client

On macOS

If you are on macOS, you can use the Terminal application. This application is installed by default. You can launch it from Spotlight by hitting Command+Spacebar and typing “Terminal” and then return.

On Windows

On Windows 10, you can use the OpenSSH client, which is an installable feature of Windows 10 1809 and higher.

To install the OpenSSH client, start Settings then go to Apps > Apps and Features > Optional Features. Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select “Add a feature”, then locate “OpenSSH Client”, then click “Install”. Once the installation completes, return to Apps > Apps and Features > Optional Features and you should see the OpenSSH client listed.

PuTTY as an alternative SSH client on Windows

As an alternative you can use PuTTY as an SSH client. PuTTY has a graphical user interface and is fairly easy to operate. PuTTY was originally written for Windows, but it has been ported to various other operating systems.

Connect to Synology NAS via SSH

Now that you have the SSH client installed and have the Synology NAS prepared, you can establish a secure remote connection with your Synology NAS.

In this example the SSH client on Windows is used, but it should work similarly in the Terminal application on macOS or any other SSH client.

Using the ssh command

You can use the SSH client by running the ssh command. This works in either a PowerShell window or a Command Prompt window, so use whichever you prefer.

To quickly open a PowerShell window, right-click the Start button or press Windows+X and choose “Windows PowerShell” from the menu.

To view the syntax of the ssh command, just run it without arguments.

PS C:\Users\PROXIMA> ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] destination [command]
PS C:\Users\PROXIMA>Code language: Markdown (markdown)

As you can see there are quite a few options, but the most important are:

ssh [user@]host[:port]] [-p port]Code language: Markdown (markdown)

This command works the same as connecting to an SSH server via the ssh command on other operating systems like macOS or Linux. Its syntax, or command line options, are the same.

For example, to connect to an SSH server at xxxxxx.synology.me with the username “proxima”, you’d run:

ssh proxima@xxxxxxxx.synology.meCode language: Markdown (markdown)

By default, the command attempts to connect to an SSH server running on port 22, which is the default. However, you may need to connect to a server running on a different port. You do this by specifying a port with the -p switch. For example, if the server accepts connections on port 55555, you’d run:

ssh proxima@xxxxxxxx.synology.me -p 55555Code language: Markdown (markdown)

Instead of the fully qualified domain name xxxxxxxx.synology.me you can also use the IP address.

As with other SSH clients, you’ll be prompted to accept the host’s key the first time you connect. You’ll then get a command-line environment you can use to run commands on the remote system.

PS C:\Users\PROXIMA> ssh proxima@xxxxxxxx.synology.me -p 55555
The authenticity of host '[xxxxxxxx.synology.me]:55555([151.224.229.100]:55555)' can't be established.
ECDSA key fingerprint is SHA256:jvarYTRyJ9O+Ahhyw/SujJXD6o/mhrkYGVVeH03z6Nc.
Are you sure you want to continue connecting (yes/no)?
PS C:\Users\PROXIMA>Code language: Markdown (markdown)

Using PuTTY

As mentioned before, as an alternative you can use PuTTY as an SSH client.

After providing the connection type is SSH, host name is xxxxxxxx.synology.me and port number is 55555 you can connect to the Synology NAS by clicking Open. Don’t forget to save your configuration for future use.

After connecting to the server you can provide your username and password.

login as: proxima
proxima@sdekraa.synology.me's password:
proxima@DiskStation:~$Code language: Markdown (markdown)