SSH

How to tunnel SSH over SSL/TLS

The following is needed when you are unable to connect to your NAS via SSH directly, e.g. zscaler that blocks port 22.

NAS

  • Install stunnel SynoCommunity package

  • In the folder /var/packages/stunnel/target/etc/stunnel

    • Create a file stunnel.conf with the following content:

      [ssh]
accept = 0.0.0.0:443
connect = 127.0.0.1:22
cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.key

    • Create a self-signed certificate:

      openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.key -newkey rsa:2048
cat stunnel.key >> stunnel.pem
chmod 600 stunnel.key

    • Ensure all files are owned by sc-stunnel:sc-stunnel

    • Control Panel > Task Scheduler > Create > Scheduled Task > User-defined script

      • General -> Name: stunnel

      • General -> User: root

      • General -> Event: Boot-up

      • Task Settings -> User-defined script: /usr/local/bin/stunnel

Windows Client

  • Install stunnel WinGet package

    winget install stunnel

  • Create a file stunnel.conf with the following content:

    client = yes
[ssh]
accept = 5022
connect = <NAS_IP>:443

  • Run stunnel on startup, e.g. stunnel.exe -quiet on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key

  • Enjoy by connecting with ssh -p 5022 localhost

How to sign with RSA key pairs

See How do I sign in to DSM with RSA key pairs via SSH?

PreviousDDNSNextMigrate drives

Last updated