Cannot ssh as a user, but ssh as admin works.

Currently reading
Cannot ssh as a user, but ssh as admin works.

B

bvz2000

7
1
NAS
ds216j
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. iOS
I am trying to ssh into my synology using the command:

ssh -p <portnumber> [email protected]

I get challenged with a request for a password, but when I enter the password get a 'Permission denied, please try again.' message. I *am* able to log into dsm as this user with this password, so I know that information is correct. But trying ssh always gets me that permission denied message.

If I run the same command, but swapping in the admin for 'user' then it does work. So it seems like there is a permissions issue? But I do not know where I would address that. I cannot find anything that is specific to the user account that discusses ssh. Not for the group either.

I simply do not know how to ssh in as a regular user.

How would I enable this ability? Any and all help, no matter how small, is greatly appreciated.

Thanks!
 
Thanks all. I guess I should probably just stick to using an admin account for this stuff.

also, thanks for the link to the keyfile based authorization. I’ll check it out.
 
Telos said:
But only for admin stuff like SSH. Streaming, media, photos, and other everyday file use should come from a user account. Reduce your admin footprint to NAS administration. It's a good security practice.
Click to expand...
Thanks. Yes. That makes sense.

I have a ton of files that I need to move from share to share. Other areas need to have thousands of files deleted. (This is some file maintenance, not a regular thing by the way). If I log in via ssh I can shift them or delete them almost instantly vs. doing it via a client machine. I was trying to do that as the primary owner of these files but it makes sense to do it as admin.

does it make sense to disable the admin account and create a new one with a different name? I’ve seen that recommended now and again but I’d like some confirmation on that.
 
bvz2000 said:
does it make sense to disable the admin account and create a new one with a different name?
Click to expand...
There are different opinions on that. I'm in the minority. I believe the recommendation to disable the admin account is directed at the "lowest common denominator" user. For me, I have an immensely complex and long password for the admin account (I dare try to type it without an error). I also created a second administrator account, which is my primary one.

It's harmless to create a new admin account and to disable the default "admin" account. That said, there are some activities that require the "admin" account. For example... I recently reset the OS on my primary machine. To complete the basic setup, I had to use the "admin" account. My created administrator account was of no use, other than to change the password on the "admin" account so I could use it to complete the reset.
 
Thanks for the explanation. I had originally done the same thing but I realized that the name I chose “administrator” doesn’t really make much of a difference. (Assuming the point is security through obscurity - I’m not sure about that).

I too have a very very long and obscure password. I think I also turned off access from outside my subnet, but I need to double check that. Finally I change the SSH port. Hopefully that is enough.

But now I seem to be drifting from the original point of this thread. I appreciate all the help and insight from everyone here.
 
Ok, I am going to ask one more (relevant) question.

When I log in via ssh as admin, I get this warning:


Synology strongly advises you not to run commands as the root user, who has
the highest privileges on the system. Doing so may cause major damages
to the system. Please note that if you choose to proceed, all consequences are
at your own risk.


Is that warning me again using ssh as admin? Or is it warning me not to use su or sudo to become root or run commands as root?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

Q
Cannot access NAS from mobile apps
While using the "admin" is a a security issue and that account should be disabled, it is odd that it works...
Replies
1
Views
1,360
Rusty
Rusty
Y
  • Question
Cannot MAP Network drive on Win11 threw Webdav
FWIW, I use WebDAV to map folders from my DS110j to a Win10 laptop. Perhaps importantly for this thread...
Replies
16
Views
5,826
giorgitd
G
N
Cannot map a 2nd drive letter in windows 10
See the message about multiple connections. That is your issue.
Replies
1
Views
1,349
Telos
Telos
R
Existing reverse proxy entries work, but cannot be changed
I'm hoping someone can help confirm if this is an issue with my set up, or an issue introduced by DSM 7. I...
Replies
0
Views
1,239
ryan101
R
N
I updated my Linksys WHW03 firmware Now cannot conect to console
Thanks Rusty. I'm going to research and try the reverse proxy in the meantime. I'll PM you as well...
Replies
17
Views
2,530
NasNewb
N
T
  • Question
Cannot map network drive due to "System error 86"
Lots of good info here - am having problems of this sort, so will make my way through the various...
Replies
13
Views
12,441
dglp
D
K
Cannot access DSM or DS files (iOS)
Have you configured the new router to provide the same LAN subnet as the old router? How are IP addresses...
Replies
1
Views
2,739
fredbert
fredbert

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top