All posts by freesyno

Configure ssh for passwordless login

1. Make sure you have a public/private key pair on your host machine (or generate
it: sh-keygen -t rsa -b 4096 -C “you@yourmail.com”)

2. Copy your public key to your nas:
ssh-copy-id you@yournassip (if ssh-copy-id is available)

Or append home/.ssh/id_rsa.pub from your host to the .ssh/authorized_keys on
the nas.

3. Make sure permissions are correct (or your key will be refused)
– authorized_keys: 644
– .ssh: 700
– home directory (important !): 755

4. Autorize public key login in sshd config: /etc/ssh/sshd_config
RSAAuthentication yes
PubKeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

5. Restart sshd with synoservice –restart ssh-shell

5. Connect without a password: ssh you@yournas

To debug, connect with ssh -v you@yournas, and change the following in
sshd_config:
SysLogFacility AUTH
LogLevel VERBOSE (should be enough most of the time, or DEBUG)
Read logs in (FIXME???)

If you break ssh and can’t connect anymore, activate the telnet service in
dsm and fix sshd_config.

Restart Cloud Sync after failure without recreating unlinking and recreating (advanced)

Sometimes a connection to a webdavs share fails with a 401 error (according to to /var/log/cloudsync/daemon.log), and cloudsync doesn’t attempt to connect again, even after restarting the service.

To avoid deleting and recreating the service, the error can be reset directly in the sqlite
table, after which the service must be restarted.

Note the id of the connection in error (error=3 in my case), and reset it to 0.

sqlite3 /volume1/@cloudsync/db/config.sqlite
SQL> select * from connection_table;
SQL> update connection_table set error=0 where id=3;
^D

synoservice –restart pkgCtl-CloudSync

Synology support told me a way to update the password for a webdav connection would be added in the future. Meanwhile I have put this a cron job, available on request.

Install opkg for more packages

(only recommended on a docker DSM ! See previous post !)

Install with gui:

In package center > settings:
– add https://www.cphub.net/ to package sources
– Allow installation of packages published by Synology Inc. and trusted publishers

Install in this order:
– Perl in Developer Tools
– Easy Bootstrap Installer in Community (choose entware as optware doesn’t have any
recent updates)
– iPKGui in Community

Packages will be installed to /opt.

Command-line tool is opkg.
%opkg list-installed
%opkg list ‘*gcc*’

Source /opt/etc/profile at the end of the ~/.profile file for each user that needs
to use packages installed by ipkg.

Create a virtual DSM with Docker to avoid messing up your OS

If you have DSM >= 6.0 you can run Docker images, including one free virtual DSM..

Docker > DSM > Add

This will create a virtual server running DSM having its own IP that can be seen from the local network.
This virtual server can be started and stopped at will, as well as deleted and reinstalled, so use it to install 3rd party software without messing up your main install.

I will talk about installing 3rd party packages with ipkg in a later post.

Re-index media folders

If files are uploaded/moved through rsync or shell access, the media index will not be
rebuilt, and these changes will not be visible through DS Video or upnp.

Connect to your NAS through ssh and rebuild the index with the following:

synoindex -R video
synoindex -R all

Add a single missing file (much faster than a rescan, will not remove deleted files !)

synoindex -a filename

Or ad da new directory with

synoindex -A dirname

Syno commands are documented (you can use –help to discover more options)

 

 

Accéder au NAS par https sans compte synology

Registrer domaine freebox personalisé sur mafreebox.free.fr.

Sur le nas ouvrir control panel / security. Clicker certificate, add, add
new, get a certificate from let’s encrypt. Cocher set as default.

Configurer le certificat obtenu, remplacer le certificat synology.com par
votre domain (eg mondomaine.freeboxos.fr).

Dans control panel / network / DSM settings: cocher automatically redirect
http connections to https et enable http/2.