# 🔐 Synology NAS SSH Access Guide **🟡 Intermediate Guide** This guide documents SSH access configuration for Calypso and Atlantis Synology NAS units. --- ## 📋 Quick Reference | Host | Local IP | Tailscale IP | SSH Port | User | |------|----------|--------------|----------|------| | **Calypso** | 192.168.0.250 | 100.103.48.78 | 62000 | Vish | | **Atlantis** | 192.168.0.200 | 100.83.230.112 | 60000 | vish | --- ## 🔑 SSH Key Setup ### Authorized Key The following SSH key is authorized on both NAS units: ``` ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuJ4f8YrXxhvrT+4wSC46myeHLuR98y9kqHAxBIcshx admin@example.com ``` ### Adding SSH Keys On Synology, add keys to the user's authorized_keys: ```bash mkdir -p ~/.ssh echo "ssh-ed25519 YOUR_KEY_HERE" >> ~/.ssh/authorized_keys chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys ``` --- ## 🖥️ Connection Examples ### Direct Connection (Same LAN) ```bash # Calypso ssh -p 62000 Vish@192.168.0.250 # Atlantis ssh -p 60000 vish@192.168.0.200 ``` ### Via Tailscale (Remote) ```bash # Calypso ssh -p 62000 Vish@100.103.48.78 # Atlantis ssh -p 60000 vish@100.83.230.112 ``` ### SSH Config (~/.ssh/config) ```ssh-config Host calypso HostName 100.103.48.78 User Vish Port 62000 Host atlantis HostName 100.83.230.112 User vish Port 60000 ``` Then simply: `ssh calypso` or `ssh atlantis` --- ## 🔗 Chaining SSH (Calypso → Atlantis) To SSH from Calypso to Atlantis (useful for network testing): ```bash # From Calypso ssh -p 60000 vish@192.168.0.200 ``` With SSH agent forwarding (to use your local keys): ```bash ssh -A -p 62000 Vish@100.103.48.78 # Then from Calypso: ssh -A -p 60000 vish@192.168.0.200 ``` --- ## ⚙️ Enabling SSH on Synology If SSH is not enabled: 1. Open **DSM** → **Control Panel** → **Terminal & SNMP** 2. Check **Enable SSH service** 3. Set custom port (recommended: non-standard port) 4. Click **Apply** --- ## 🛡️ Security Notes - SSH ports are non-standard (60000, 62000) for security - Password authentication is enabled but key-based is preferred - SSH access is available via Tailscale from anywhere - Consider disabling password auth once keys are set up: Edit `/etc/ssh/sshd_config`: ``` PasswordAuthentication no ``` --- ## 🔧 Common Tasks via SSH ### Check Docker Containers ```bash sudo docker ps ``` ### View System Resources ```bash top df -h free -m ``` ### Restart a Service ```bash sudo docker restart container_name ``` ### Check Network Interfaces ```bash ip -br link ip addr ``` ### Run iperf3 Server ```bash sudo docker run -d --rm --name iperf3-server --network host networkstatic/iperf3 -s ``` --- ## 📚 Related Documentation - [Network Performance Tuning](../infrastructure/network-performance-tuning.md) - [Synology Disaster Recovery](../troubleshooting/synology-disaster-recovery.md) - [Storage Topology](../diagrams/storage-topology.md) --- *Last updated: January 2025*