SSH

How to tunnel SSH over SSL/TLS

The following is needed when you are unable to connect to your NAS via SSH directly, e.g. zscaler that blocks port 22.

NAS

Install stunnel SynoCommunity package
In the folder /var/packages/stunnel/target/etc/stunnel
- Create a file stunnel.conf with the following content:
  [ssh] accept = 0.0.0.0:443 connect = 127.0.0.1:22 cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.key
- Create a self-signed certificate:
  openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.key -newkey rsa:2048 cat stunnel.key >> stunnel.pem chmod 600 stunnel.key
- Ensure all files are owned by sc-stunnel:sc-stunnel
- Control Panel > Task Scheduler > Create > Scheduled Task > User-defined script
  - General -> Name: stunnel
  - General -> User: root
  - General -> Event: Boot-up
  - Task Settings -> User-defined script: /usr/local/bin/stunnel

Windows Client

Install stunnel WinGet package
```
winget install stunnel
```

Create a file stunnel.conf with the following content:

client = yes
[ssh]
accept = 5022
connect = <NAS_IP>:443

Run stunnel on startup, e.g. stunnel.exe -quiet on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key
Enjoy by connecting with ssh -p 5022 localhost

How to sign with RSA key pairs

See How do I sign in to DSM with RSA key pairs via SSH?

PreviousDDNS NextMigrate drives

Last updated 1 month ago