This guide configures SSH on vernon-nas to use a custom key path, avoiding the need to enable the "User Home" service.
Since the home directory doesn't exist, we store keys in a system-protected path.
# Create the directory structure
sudo mkdir -p /etc/ssh/keys/developer
# Set ownership to the developer user
sudo chown -R developer:users /etc/ssh/keys/developer
# Set strict permissions (SSH will fail if these are too open)
sudo chmod 755 /etc/ssh/keys
sudo chmod 700 /etc/ssh/keys/developerOn your local machine, copy your public key. Then, on the NAS, paste it into the new authorized_keys file.
# Create the file
sudo touch /etc/ssh/keys/developer/authorized_keys
# Edit the file and paste your 'ssh-ed25519 ...' or 'ssh-rsa ...' string inside
sudo vi /etc/ssh/keys/developer/authorized_keys
# Set file permissions
sudo chmod 600 /etc/ssh/keys/developer/authorized_keys
sudo chown developer:users /etc/ssh/keys/developer/authorized_keysTell the SSH daemon to look at our custom path and disable passwords.
sudo vi /etc/ssh/sshd_configEnsure these lines are set exactly as shown:
AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keysPubkeyAuthentication yesPasswordAuthentication noChallengeResponseAuthentication no
Tip: In
vi, use/to search for keywords andito enter Insert mode. PressEscthen:wqto save and exit.
Keep your current session open in case you need to revert changes. Open a new terminal window to test.
# Restart the SSH service
sudo synosystemctl restart sshd.service
# Test from your local machine
# ssh developer@<NAS_IP>Synology updates may occasionally overwrite /etc/ssh/sshd_config. If you are locked out:
- Log into DSM via the web browser.
- Go to Control Panel > Terminal & SNMP.
- Temporarily disable and re-enable SSH, or use the DSM Task Scheduler to run a script that fixes the config file.