3

I have enabled SSH service on my Synology NAS and changed the port number as recommended in many articles online.

Until recently I was able to log into it without any issues but now (over the past couple of days) I keep getting the following error

user@MY-MBP ~ % ssh user1@xxx.xxx.x.xxx -p 163
kex_exchange_identification: read: Connection reset by peer

and Synology blocks my IP address.

I am trying to ssh into Synology from within my local (home) network.

I am not sure what has changed on the NAS. Could it be because I restarted the NAS while still connected (sshed) to the NAS?

How do I resolve this issue?

A j
  • 225

4 Answers4

1

I had to edit the ~/.ssh/know_hosts file and remove the entries for my synology.

I restarted the NAS.

Then tried to connect and it will show up as if it is the first time your are connecting to the NAS via ssh.

user@MY-MBP ~ % ssh user1@xxx.xxx.x.xxx -p 163
The authenticity of host '[xxx.xxx.x.xxx]:163 ([xxx.xxx.x.xxx]:163)' can't be established.
ECDSA key fingerprint is SHA256:oH1mppmtt3aVMkJBUZrByxhUpelvmNQmvB4r9kvIo0Q.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[xxx.xxx.x.xxx]:163' (ECDSA) to the list of known hosts.
user1@xxx.xxx.x.xxx's password:
A j
  • 225
1

According to this Synology Community forum post, after update to DSM 6.2.2-24922, users that are not in the "local administrators" group cannot log in remotely via SSH anymore. This may explain why a previously created non privileged user may no longer rsync using ssh, for example.

Debugging ssh with the -v setting on the client side, will report

Permission denied, please try again.

Entries in /var/log/auth.log on the Synology will report:

<somedate>T15:38:34+01:00 NAS sshd[24626]: pam_unix(sshd:session): session opened for user rsync.maybe by (uid=0)
<somedate>T15:38:34+01:00 NAS sshd[24626]: pam_unix(sshd:session): session closed for user rsync.maybe
simonpa71
  • 111
0

This is usually a sign that the SSH permissions for that user-account got messed up on the Syno side or on the client side (or both).

Best approach usually is on the client side to remove any saved SSH keys/credentials/keys.
And on the Syno side to remove SSH permission from the user-account, reboot the Syno, go to the home-folder of that user on the Syno and remove any SSH config/credentials/keys there. Then add the SSH permission back for that user.
That should provide the user-account with a fresh start regarding SSH.

Tonny
  • 33,276
0

I've been struggling with this situation for a couple of days. There are, apparently, multiple reasons why this error may occur. In my case, I got blocked by Auto Block, but SSH didn't tell me I was, and I didn't see anything hinting in that direction in the Logs.

So what you should do is go to Control Panel > Security > Protection, click Allow/Block List button, go to Block List tab, search for your client (where you run ssh from) IP, and if found, Remove it. You can also add it to Allow List afterwards.

texnic
  • 565