μƒν˜„
ν™ˆμ„œλ²„ 덕후

Synology SSH Key 접속

( μ—…λ°μ΄νŠΈ: )

By

SSH Key λ§Œλ“€κΈ° & μ„€μ •

ssh-keygen

ssh-keygen μ»€λ©˜λ“œλ₯Ό μ΄μš©ν•΄μ„œ ν‚€λ₯Ό μƒμ„±ν•œλ‹€.

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):[μ—”ν„°ν‚€]
Enter passphrase (empty for no passphrase): [μ—”ν„°ν‚€]
Enter same passphrase again: [μ—”ν„°ν‚€]
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.Code language: Bash (bash)

~/.ssh 폴더에 id_rsa, id_rsa.pubν‚€κ°€ μƒμ„±λœλ‹€.

public key synology에 전솑 (with: ssh-copy-id)

ssh-copy-id μ»€λ§¨λ“œκ°€ κ°€λŠ₯ν•˜λ‹€λ©΄ κ°„λ‹¨ν•˜κ²Œ public key νŒŒμΌμ„ 전솑할 수 μžˆλ‹€.

ssh-copy-idλŠ” 둜컬호슀트의 곡용 ν‚€λ₯Ό 원격 호슀트의 authorized_keys νŒŒμΌμ— λ³΅μ‚¬ν•©λ‹ˆλ‹€. 그리고 μ•Œλ§žμ€ κΆŒν•œμ„ remote-host μœ μ €μ˜ μ•„λž˜ λͺ©λ‘ 파일, 폴더에 λΆ€μ—¬ν•©λ‹ˆλ‹€.

  • ν™ˆ ~/
  • ~/.ssh
  • ~/.ssh/authorized_keys
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-hostCode language: Bash (bash)

μœ„ λͺ…λ Ήμ–΄λ₯Ό μ‹€ν–‰ν•˜λ©΄ ssh λ‘œκ·ΈμΈμ„ μ‹œλ„

home 파일 κΆŒν•œ 확인

κΆŒν•œμ΄ ssh-copy-id둜 μ„€μ •λ˜κ² μ§€λ§Œ ν•œλ²ˆλ” ν™•μΈν•©μ‹œλ‹€.

chmod 755 ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysCode language: Bash (bash)

Synology sshd config

sudo vim /etc/ssh/sshd_configCode language: Bash (bash)

μ•„λž˜μ™€ 같은 λ‚΄μš©μœΌλ‘œ 섀정을 λ³€κ²½ν•΄μ€€λ‹€.

RSAAuthentication yes
PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keysCode language: plaintext (plaintext)

DSM7.0으둜 λ„˜μ–΄μ˜€λ©΄μ„œ RSAAuthentication yes이 섀정이 μ—†μ–΄μ„œ μ—…κ·Έλ ˆμ΄λ“œν•˜λ©΄μ„œ 제거된 쀄 μ•Œμ•˜λ‹€. μ—†μœΌλ©΄ μΆ”κ°€ν•΄μ£Όμž.

sudo synoservicectl --restart sshd  # DSM6.0
sudo synosystemctl restart sshd  # DSM7.0Code language: Bash (bash)

μ΄λ ‡κ²Œ μ„€μ •ν–ˆλ‹€λ©΄ μ •μƒμ μœΌλ‘œ Synology server sshλ₯Ό keyλ₯Ό ν†΅ν•΄μ„œ 접속할 수 μžˆλ‹€.

βœ… λΉ„λ°€λ²ˆν˜Έ 접속 μ œν•œ (option)

λ‚˜λŠ” ssh key 섀정을 λΉ λ₯Έ λ‘œκ·ΈμΈμ„ μœ„ν•΄μ„œ μ„€μ •ν•œ 것이 μ•„λ‹ˆλΌ λ³΄μ•ˆμ„ μœ„ν•΄μ„œ μ„€μ •ν–ˆλ‹€. κ·Έλž˜μ„œ μœ„ μ„€μ •μœΌλ‘œλ„ λ”°λ‘œ λΉ„λ°€λ²ˆν˜Έλ‘œ 접속할 수 있기 λ•Œλ¬Έμ— λΉ„λ°€λ²ˆν˜Έλ‘œ μ ‘μ†ν•˜λŠ” 것을 μ œν•œν•˜κ³ μ‹Άλ‹€.

μ–΄λ–»κ²Œ μ œν•œν•˜λ‚˜?

sudo vim /etc/ssh/sshd_configCode language: Bash (bash)
PasswordAuthentication noCode language: plaintext (plaintext)
sudo synoservicectl --restart sshd  # DSM6.0
sudo synosystemctl restart sshd  # DSM7.0Code language: Bash (bash)

λ³€κ²½ν•΄μ£Όλ©΄ λœλ‹€.