Enable Synology SSH root Login

Synology from DSM 6 offers the possibility like for Linux experts to use the SSH terminal, able to login as root. NAS are mostly behind firewalls and cannot be reached from Internet side via SSH, login as a user with subsequent “sudo su root” is considered as an additional effort. However, there is the option of logging in as root, as shown below.

First, the DSM Control Panel is called up, Extended mode must be activated so that the required icon Terminal & SNMP appears.

Enable Synology SSH root Login, Synolog DSM Control panel
Control panel

Under Terminal & SNMP the SSH-Service just can enable.

SSH-Service enable
SSH-Service enabled

Now establish an SSH connection to the Synology Diskstation using PuTTY or KiTTY and log in as admin, then change the root password.

sudo synouser -setpw root admin_passwort

Instead of admin_password, enter the same admin password that is used when logging in to Synology DSM.

Synology root Login

A message appears that you should respect privacy and be careful when typing. With great power comes great responsibility.

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:

  The password must be confirmed a second time for security.

Configure Synology SSH service to enable root login.

sudo vi /etc/ssh/sshd_config
Synology SSH sshd_config

Modify by press the i key the option #PermitRootLogin prohibit-password marked as a comment line by removing the # beforehand and set to yes.

PermitRootLogin yes

Save in vim with press the ESC key and hit ZZ (uppercase).

Now restart the DiskStation, or deactivate and reactivate the SSH service in the Control Panel, the change will take effect, now root@diskstation can log in directly to the Synology NAS.

  If you want to log in as root with WinSCP, the transmission protocol SCP (not SFTP) must be selected.

WinSCP Session Settings

Windows Server 2012 NTP Configuration

Windows Server NTP Network Time

Correct time synchronization in an AD domain environment is a prerequisite for stable operation. This article describes how NTP (w32tm) is configured on a Windows Server 2012 (FSMO). As a rule, the PDC operations master is the NTP service server in a forest. A PDC emulator in a domain is synchronized with an external time source. In order for a domain controller to be regarded as a reliable time source, this must be specified explicitly.

In order to make the PDC emulator a reliable time source that regularly synchronizes with time servers on the Internet, the following commands from PowerShell are executed as administrator:

net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"0.ch.pool.ntp.org 1.ch.pool.ntp.org"
w32tm /config /reliable:yes
net start w32time

Show which time server is currently in use.

w32tm /query /source

Execute the time synchronization immediately.

w32tm.exe /resync /rediscover /nowait

The clients and servers in domain forest as well as shared storages can now synchronize the time with the PDC emulator.

The firewall permit UDP port 123 inbound, e.g. allow outgoing.

The NTP configuration can also be done via GPO by calling gpmc.msc.

Group Policy Management
Computerkonfiguration/Administrative Templates/System/Windows-Timeservice/Timeserver
Group Policy Management Console
Group Policy Management Console

Following Test Displays a graph of the offset between synchronizing computers.

w32tm /stripchart /computer:pdc.domain.local /samples:1 /dataonly
W32tm stripchart
W32tm stripchart

The configuration can also be checked in the registry.

w32tm_registry
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters