Jump to content

How to access Synology NAS as Admin or Superuser using WinSCP


FrostByte

Recommended Posts

FrostByte

WinSCP is a popular SFTP client and FTP client for Microsoft Windows which can be used as a GUI alternative to Putty or Terminal.  The procedures below will allow you to perform tasks as Superuser just like you can with Putty or Terminal.

Superuser privileges may be needed for the following:

  • full read/write/ execute privileges
  • creating or installing files or software
  • modifying files and settings
  • deleting users and data

 If you do not need superuser access with WinSCP and just want to access your NAS using Admin then skip the steps (2, 3, and 6) in blue.

1. Enable SSH on Synology NAS

  • Open DSM Control Panel
  • Click Terminal & SNMP
  • Click Terminal tab
  • Check "Enable SSH service"

 

6.png.fd03d5d87037bf54b350d7882fff950e.png

  • Click "Apply"

2. Create script to modify sudoers config file on Synology NAS

This script modifies the sudoers file which is needed to prevent DSM from prompting administrators only for the Admin password again when switching to superuser during the login process as WinSCP can't handle this prompt.  This script is saved to rerun again later because DSM updates tend to overwrite any changes to the sudoers file.

  • Open DSM Control Panel
  • Click Task Scheduler
  • Create a Scheduled Task - User-defined script

1.png.5c6f273b0a7f329876fbb29673a4cfe7.png

  • Click General Tab
  • Set task name "Reset Sudoers"
  • Set user as "root"
  • Uncheck "Enabled" box

2.png.0baac66657877c1adb1c7217415d7c3f.png

  • Click Task Setting tab
  • Copy/paste the following into the Run command box

 

cat <<EOF > /etc/sudoers
Defaults syslog=authpriv
root ALL=(ALL) ALL
%administrators ALL=NOPASSWD: ALL
EOF
chmod ug=r,o= /etc/sudoers

 

3.png.d6c36ad15d15a29dbaced156b064d9b3.png

  • Click OK

 

3. Run the "Reset Sudoers" script on Synology NAS

This step will need to be rerun whenever a DSM update puts your sudoers file back to default

  • Highlight the new script you just created
  • Click Run

 

5.png.27eff6f5941794b93b3277a3dd2c5c31.png

  • Click Yes

 

4. Install WinSCP

 

5. Configure WinSCP to auto logon

Create a new session/site:

  • Change Login window using the following
    • File protocol: SCP
    • Host name: enter the NAS host name or IP address
    • Port number: enter the port number you used from step 3
    • Enter User name: "admin" and password

 

7.png.60e7ce2f865a1275c1276f8d92c557d8.png

 

6. Add switching to super user

  • Click the Advanced... button
  • In the the Advanced Site Settings window do the following:
    • Select SCP/Shell under Environment
    • Shell box: "sudo -i"

 

winscp.jpg.728ef8432aaeaaaccbeff351ccc9f38d.jpg

 

  • Click OK to return to the Login window
  • Click Save
  • Click "Login"

 

7. Create a saved workspace for WinSCP (this step is optional)

This will create a Windows shortcut to start WinSCP and automatically login to your session without any prompts

  • Log into your new session you created in Step 5
  • Click Sessions
  • Click Save Workspace...
  • type a name for your new workspace

8.png.4c093186508cd1b45410018cdce011b5.png

  • Click OK

8. Create a shortcut for WinSCP on taskbar (this step is optional)

  • While WinSCP is running Right Click the icon on the taskbar and choose "Pin to taskbar"
  • Right Click on the WinSCP icon on the taskbar again
  • Now Right Click on the WinSCP workspace you used in Step 7 and choose properties

image.jpeg.2a4b95cf67e63acfaf03154eb8cb6556.jpeg

Your shortcut should look something like the one below with the exception of the workspace you used above

image.jpeg.5de32915c12692d6b8f23a4cda1dd6ef.jpeg

Example Windows shortcut used on target line above

"C:\Program Files (x86)\WinSCP\WinSCP.exe" "Media-Server" /Desktop
  • Click OK
  • Click WinSCP icon on taskbar start WinSCP and be logged into your NAS as Superuser without any prompts

 

9. Disable SSH in DSM (this step is optional)

After you're all done using WinSCP it may be a good idea to close this port for security reasons.  Additionally, you can also disable your Admin account now if you enabled it to do this.  When you need to use WinSCP again just reenable SSH and you're ready.

  • Open DSM Control Panel
  • Click Terminal & SNMP
  • Click Terminal tab
  • Uncheck "Enable SSH service"

image.thumb.jpeg.5e1b9f800ca93893cc022d167f530d37.jpeg

  • Click "Apply"

 

Edited by FrostByte
Added benefits of being SU and Disabling SSH when done
  • Like 2
  • Thanks 5
Link to comment
Share on other sites

  • 5 months later...
FrostByte

Modified so people know what steps they can skip if they just want to use WinSCP with Admin and don't need to switch to superuser when accessing their NAS.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

FrostByte

If you ran the script and ever want to set DSM back so that it prompts administrators for the Admin password again when entering sudo commands then just use a text editor to modify the sudoers file and change the parameter from 'NOPASSWD' to 'PASSWD'.

 

 

Link to comment
Share on other sites

  • 2 months later...
FrostByte

Expanded the instructions on how to pin a Windows shortcut for WinSCP on the taskbar that automatically opens your workspace.

Edited by FrostByte
  • Like 1
  • Thanks 2
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...