Knowledge Center

Terminal

Enabling options at Control Panel > Terminal & SNMP > Terminal allows your Synology NAS to support Telnet and SSH command-line interface services. You can also change the security level of the SSH encryption algorithm.

To enable Telnet/SSH service:

  1. Check the box next to the desired protocol (SSH or Telnet).
  2. Click Apply.

To change SSH service port:

  1. In Port, enter a new port number.
  2. Click Apply.

A variety of encryption algorithms with different security levels are used in securing SSH connections. You can decide which algorithms are used to best meet your needs.

To change the SSH encryption algorithm security level:

  1. Click Advanced Settings.
  2. Select a security level for the encryption algorithms. If you want to specify exactly which algorithms can be used, select Customize to choose from three groups: Cipher, KEX (Key Exchange), and MAC (Message Authentication Code).
  3. Click Apply.

Some models support hardware acceleration for certain encryption algorithms. You can check the option Only use hardware accelerated ciphers to improve the transfer speeds of SSH-related services, including encrypted Network Backup and SFTP services. In the advanced page, algorithms capable of using hardware acceleration are shown in red.

To prohibit the use of console port:

  1. Tick Prohibit the use of console port.
  2. Click Apply.

Note:

  • Some services (e.g. network backup, SFTP) automatically enable SSH and open port 22. In this case, you must enable SSH service at Control Panel > Terminal & SNMP > Terminal to log into DSM using SSH.
  • SSH/Telnet only supports login to the system with accounts belonging to the local administrators group. To switch to a root account, please log into the system with SSH/Telnet as a user belonging to the local administrators group, run the command sudo -i, and then enter the password of the account used to log in.
  • The password cannot be left blank when you are signing in to the system with SSH/Telnet.
  • When SSH service is disabled, all SSH connections are terminated, including any encrypted network backup tasks that are currently running. We suggest performing network backup tasks again after SSH service is disabled.
  • Improper manipulation or modification of the Synology NAS may result in malfunctions or loss of data.
  • Selecting a higher security level or only using hardware accelerated ciphers may cause some SSH clients to be unable to connect due to compatibility issues.
  • Depending on the selected security level, certain algorithms that support hardware acceleration may not be available.