DevOps

Connect to a remote server via SSH

Profil Picture

Guillaume Briday

3 minutes

We’ll look at how to connect to a Synology NAS via SSH without having to type your password every time and securely. This method works for any server or machine running a Linux-based system with an active SSH server.

On Synology devices, to enable SSH, go to DSM, then select Control Panel > Terminal & SNMP. Click on Enable SSH service and choose a port (22 is the default).

If it’s not a Synology NAS but a standard server, you’ll need to modify the default configuration to accept public keys. In the /etc/ssh/sshd_config file, locate the following lines:

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

Replace them with:

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

For this article, let’s assume the NAS has the local address 192.168.2.23 and my account name is guillaume.

From now on, you can connect via SSH using the following command from a machine on your local network:

$ ssh [email protected] # -p 22
[email protected]'s password:

If you omit guillaume@ before the address, it will try to connect using your local machine’s session name, so you need to specify it. If you’ve changed the default port, use the -p flag (e.g., -p 1400 for port 1400).

At this point, it will prompt you for your account password (note: the password won’t appear as you type, which is normal). Once entered, you’re connected via SSH. You can then use standard Linux commands, navigate your volumes, or directly use Docker via the terminal.

However, performing this operation repeatedly can become time-consuming, and it’s inconvenient to type your password each time.

Creating an SSH key

To solve this, we’ll use SSH keys. They’re stored on your system in the ~/.ssh directory. You can (and should, for security) generate one per server using this command:

$ ssh-keygen -t rsa -f ~/.ssh/id_rsa,my_nas -C "my_nas, mbp_2016"

I’ve chosen to name my key id_rsa,my_nas, but you can use another name. Adding a comment is optional, but I find it helpful to identify which key belongs to which device once on the server. For example, I know this key is for my NAS and my MacBook Pro 2016.

You’ll be asked if you want to add a passphrase—adding one is highly recommended. This passphrase will be required when using the key, preventing its misuse if stolen.

Now, you can check that the key was generated:

$ ls ~/.ssh
id_rsa,my_nas
id_rsa,my_nas.pub

The file ending in .pub is the public key corresponding to your private key (which has no extension).

Adding an SSH Key to your server

Next, add your public key to the server. Log in one last time using the earlier method and connect as root:

$ ssh [email protected]
$ sudo -i
Password:

The root password is the same as guillaume.

Create a file called authorized_keys to store all your public SSH keys:

$ touch ~/.ssh/authorized_keys
$ chmod 644 authorized_keys # Adjust permissions for root

Now, copy your public key’s content (generated earlier) into the authorized_keys file on the server. To add multiple SSH keys, simply append them in this file.

Remember, we’re in the root user’s home directory, so these SSH keys will allow connections as root, not as guillaume.

That’s it! You can now connect securely without a password:

$ ssh [email protected]

On the first use of the key, you’ll be prompted for your passphrase if you set one.

Simplifying key management

While SSH keys simplify access, we can make things even easier by creating a local SSH configuration file called config in the ~/.ssh directory:

# ~/.ssh/config
Host *
  AddKeysToAgent yes
  UseKeychain yes

Host eve
  Hostname 192.168.2.23
  User root
  IdentityFile ~/.ssh/id_rsa,my_nas

The first part of the file is specific to macOS Sierra or later. It ensures that, regardless of the defined Host, the key is added to the ssh-agent, requiring you to enter your passphrase only once per session. Without this, you’d need to re-enter it every time you connect. If the session ends, you’ll need to re-enter the passphrase.

To avoid this behavior, you can use macOS’s Keychain Access to save the passphrase indefinitely with UseKeychain yes.

For more details, refer to the ssh_config manual:

$ man ssh_config

Now, configure each service individually.

Assign a name to your configuration (e.g., eve) for easier use instead of typing the server address each time. Define the Hostname (server address), User (e.g., root), and the private key file’s path using IdentityFile.

Verify the setup:

$ ssh eve
root@EVE:~#

Isn't that much simpler?

Bonus

This configuration also works with all SSH-based services. For example, you can easily transfer or retrieve files using scp:

$ scp -r . eve:/volume1/docker/blog

This command transfers the current folder’s content to eve in the /volume1/docker/blog directory.

Alternatively:

$ scp index.html eve:/volume1/docker/blog/index.html # SourceFile host:directory/TargetFile

You can also retrieve files from the server by reversing the parameters:

$ scp eve:/volume1/docker/blog/index.html index.html
index.html             100%   17KB  11.1MB/s   00:00

Thank you!

Simplify your time tracking with Timecop

Timecop is a time tracking app that brings simplicity in your day to day life.

Get startedTry it now
Timecop projects