Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

SSH security problem

2
0
NAS
DS223j
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
I am use DS223j , all is updating to newewr version.
But i am receive from my Telecomunication service for secure problem with my NAS DS223j wit trhis text:

Taking care of customers and their data security, Tet maintains and regularly monitors the security of the infrastructure, as well as cooperates with the IT security incident prevention institution CERT.LV.

We have received information from CERT.LV that a cyber security threat open-ssh:cve-2023-48 has been detected in your Internet connection address.

Cybersecurity threats can be caused by an incorrectly configured computer, TV, external hard drive, WiFi router, and other devices connected to the Internet. You can learn more about the detected threat and the steps to be taken to prevent it here....


You received this e-mail because you have a device, which has a publicly available SSH service, that may be vulnerable to CVE-2023-48795.
Successful exploitation of this vulnerability allows remote attackers to bypass integrity checks, leading to a downgrade or disabling of security features. This vulnerability is known as a Terrapin attack and affects various products, including OpenSSH before 9.6, Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, and many others.
What to do:
We suggest that you check all devices, which have SSH services open to the internet, close all unused SSH services and update the necessary SSH software on your devices.

More info:
* If you lack the experience and knowledge to perform these activities – we recommend that you consider using the help of a competent IT specialist.
 
Looks like you have the SSH default port 22 open on the router facing the Internet. This is a high security issue, so the ISP is warning you. It would be best to shut that down. You can use the ssh and its port internally, just shut it down on the router.

Also it would be recommend to change the default SSH port (22) to some other number in case you do need to use SSH to begin with.
 
I copy all files from Synology NAS to another Synology NAS. I use this ssh protocol over internet. Please, can you please suggest another secure option to copy all files from one NAS to another NAS over the internet?
 
Both SSH and its secure file sharing service, SFTP, default to the same TCP port 22. However, in DSM you can change both to be running on different and non-standard TCP ports. This will enable you to treat the services separately, and if you want Internet access to one then you can do that. My setup has access to SSH blocked from the Internet (no port forwarding from my router's firewall) but has source limited access to SFTP. Both use non-standard ports, even for local access.

For any Internet accessible file-sharing service (SFTP and WebDAV) I have applied an access permission, in Control Panel, to block administrators from outside the LAN. What I'm trying to do is to ensure administrator access is from devices on the LAN only, while less privileged standard account can have access (provided they are from places I've allowed in my router's firewall). I also don't allow administrators to VPN into the LAN: first a standard user creates the VPN and then I can use my administrator accesses.
 
It this is for backup, you can use Hyper backup to copy from one NAS to the other and vv.
The syno firewall and backup vault give extra protection for this setup.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Similar threads

Good to know my friend, very useful thanks a lot
Replies
12
Views
2,004
Unless you are a high value target, it's unlikely any of these "security" patches will change your life.
Replies
7
Views
695
Try adding them one-at-a-time, saving, logging out, restarting* your computer, then logging back in until...
Replies
12
Views
1,583
Thanks for your response! I had that filled out but I deleted it to see if that advanced screen...
Replies
8
Views
1,063
It took a while to get iOS Syno Drive Client to reset and ask for my 2FA to log back in. It was set up...
Replies
2
Views
764

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top