Synology ssh with public key
2016-10-29Generating SSH keys
First of all generate SSH private and public keys on your local machine.
local> ssh-keygen -t rsa -b 4096 -C "yourmail@example.com"
New user
It is good idea to create dedicated user for rsync.
synology> adduser rsync
SSH with public key on Synology
Directories
By default Synology sets home directory rights to 777. sshd is very picky and its needs different home directory rights.
synology> chmod 755 /var/services/homes/rsync
Then you need to create the authorized_keys file on Synlogy. To this file remote users add their public keys. File permissions are crucial here and if they are wrong ssh will refuse you.
synology> su -s rsync
synology> cd
synology> pwd # make sure you are in /var/services/homes/rsync
synology> mkdir .ssh
synology> chmod 700 .ssh
synology> touch .ssh/authorized_keys
synology> chmod 600 .ssh/authorized_keys
Typically you want the .ssh directory permissions to be 700 (drwx------), home directory to be 755 (drwxr-xr-x) and the public key (.pub file) to be 644 (-rw-r--r--). Your private key (id_rsa) should be 600 (-rw-------). authorized_keys should be 600 (-rw-------).
Adding public key
Then add public key corresponding to a private key in one line in authorized_keys. You can use this command.
local> cat ~/.ssh/id_rsa.pub | ssh user@hostname 'cat >> .ssh/authorized_keys'
sshd configuration
Now, you need to modify /etc/ssh/sshd_config on Synlogy. Make sure it has the following line uncommented.
# ...
PubkeyAuthentication yes
# ...
Restarting/appling settings
Now restart Synology or quicker just force the ssh deamon to reload its config.
synology> ps | grep sshd
synology> kill -HUP $PID
Testing
You should now be able ssh to Synology as rsync with no password.
local> ssh rsync@synology
How to change shell for user?
Sometimes you want to change default shell for particular client.
chsh -s /usr/local/bin/bash username
/sbin/nologin is specific type of shell - it disables login.