Synology Notes
  • Synology Notes
  • Container Manager
    • Applications
      • Portainer
      • Shlink
      • Nextcloud
      • Home Assistant
        • Matter Server
  • Virtual Machine Manager
    • Virtual Machines
      • Supervised Home Assistant
  • Connectivity
    • DDNS
    • SSH
  • Storage
    • Migrate drives
    • Share NFS folder
  • Appendix
    • A. DSM CLI
    • B. Docker CLI
    • C. Nextcloud CLI
Powered by GitBook
On this page
  • How to tunnel SSH over SSL/TLS
  • NAS
  • Windows Client
  • How to sign with RSA key pairs
  1. Connectivity

SSH

PreviousDDNSNextMigrate drives

Last updated 27 days ago

How to tunnel SSH over SSL/TLS

The following is needed when you are unable to connect to your NAS via SSH directly, e.g. zscaler that blocks port 22.

NAS

  • Install SynoCommunity package

  • In the folder /var/packages/stunnel/target/etc/stunnel

    • Create a file stunnel.conf with the following content:

      [ssh]
      accept = 0.0.0.0:443
      connect = 127.0.0.1:22
      cert = /etc/stunnel/stunnel.pem
      key = /etc/stunnel/stunnel.key
    • Create a self-signed certificate:

      openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.key -newkey rsa:2048
      cat stunnel.key >> stunnel.pem
      chmod 600 stunnel.key
    • Ensure all files are owned by sc-stunnel:sc-stunnel

    • Control Panel > Task Scheduler > Create > Scheduled Task > User-defined script

      • General -> Name: stunnel

      • General -> User: root

      • General -> Event: Boot-up

      • Task Settings -> User-defined script: /usr/local/bin/stunnel

Windows Client

  • winget install stunnel
  • Create a file stunnel.conf with the following content:

    client = yes
    [ssh]
    accept = 5022
    connect = <NAS_IP>:443
  • Run stunnel on startup, e.g. stunnel.exe -quiet on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key

  • Enjoy by connecting with ssh -p 5022 localhost

How to sign with RSA key pairs

Install WinGet package

See

stunnel
How do I sign in to DSM with RSA key pairs via SSH?
stunnel