Synology NAS (DSM 7): Using Git Server and SSH
This “guide” is what worked for me when I was recently setting up a Git Server on my Synology NAS. It also includes the steps I took to set up SSH keys to turn off the need to enter my NAS user password in the terminal.
I used a Git Bash terminal on Windows 10. At times, I used the Git Bash terminal within Windows Terminal.
In this, I cover:
- Preparation needed to use SSH and the terminal to interact with your NAS (longest section — to skip past this section see my other story here),
- Using the Terminal on your PC to set up SSH keys for password-less use of Git with your NAS,
- Using the Terminal on your PC to initialize a bare repo on your NAS for use as a remote repository, and
- Using the Terminal on your PC to use that NAS remote repository with local repositories.
Preparation: On NAS via Browser
NOTE: You will need a stable address to use (static IP/domain) for the SSH key to continue working since the SSH key will be registered by the username which includes the domain name/IP address.
No directions are provided here for setting up a static IP address.
Create a Firewall Rule to Allow Encrypted Terminal Service
- Go into Control Panel > Security > Firewall.
- Click on Edit Rules under “Firewall Profile” to open the Edit Profile window.
- Click Create in the “Edit Profile” window to open the Create Firewall Rules window.
- Click on the radio button for Select from a list of built-in applications under “Ports”, and click on Select to open the Select Built-in Applications window.
- Check the box next to Encrypted terminal service (including encrypted rsync and SFTP), and click OK twice to return to the Edit Profile window.
- Move your newly added rule to be listed above any “Deny All” rule you may have, and click OK.
Enable SSH Service and Change Default Port Number
- Under Control Panel > Terminal & SNMP > Terminal
- Click the check box next to Enable SSH service.
- Change the default Port from 22 to another number.
- Click Apply.
Install Git Server
- Find and install Git Server from Package Center.
- Open Git Server and set permissions to allow/disallow access for users. Disallow Guest and Admin. (It is recommended to have a Git-only user account which only has access to Git Server and related directories — ex. git remote repo directory, user’s own home files, etc.)
Set up a Domain name for your NAS
Setting up a Domain name allows you to use the Domain name in the terminal instead of (or in addition to) your NAS’s static IP address.
- Under Control Panel > Login Portal > DSM
- Under “Domain”, enter a Customized domain name in the box next to that label, and click Apply.
Setting Up SSH For Password-less Git Use on NAS
Open two Git Bash terminal window
- PC Terminal — for taking action within your PC.
- NAS Terminal — for taking action within your NAS.
In PC Terminal:
Generate a new SSH key pair and add them to SSH agent.
ssh-keygen -t ed25519
eval “$(ssh-agent -s)”
ssh-add ~/.ssh/id_ed25519
Copy SSH public key to NAS.
ssh-copy-id -p [ssh-port] -i ~/.ssh/id_ed25519.pub [git-user]@[ip/domain]
In NAS Terminal
SSH into NAS, and open sshd_config file with an Administrative User (not the default Admin user)
ssh -p [port] [admin-user]@[ip/domain]
[enter password when prompted]
sudo vim /etc/ssh/sshd_config
In sshd_config, uncomment (remove “#” before) PubKeyAuthentication yes
Save and exit file by pressing ESC, typing :wq
, and pressing ENTER
Exit NAS in Terminal (“SSH out of” NAS)
exit
In NAS via Browser
Change permissions on homes/git-user to exclude all users but the git-user. (Without this step, the SSH key will not work for authentication because permissions on the NAS SSH key file are too permissive.)
- Open File Station > homes.
- Right-click on the homes folder for the git-user (the one with the .ssh folder in it), and click Properties to open the Properties window.
- Click on Permissions tab and click Advanced Options > Exclude inherited permissions
- On the bottom, left of the Properties window, click the checkbox for “Apply to this folder, subfolder, and files”, and click Save.
If you get a warning about being denied access to the shared folder, click Yes. (Side note: Though I got this warning, I did not experience any loss of access to my git-user’s folder from my other, admin-group account.)
In NAS Terminal: Test to see if SSH key works. You should not be ask for the git-user password.
ssh -p [port] [-v] [git-user]@[ip/domain]
exit
(The -v
flag above is optional. Including it will give a “verbose” output, which is good for debugging, if needed.)
Making the Remote Repo on NAS
In NAS via Web Browser:
Create a shared folder in Control Panel > Shared Folder for your Git Remote Repositories.
In NAS Terminal:
SSH into NAS, cd into Shared folder for Git Repos and create a folder for the new bare repository.
ssh -p [port] [git-user]@[ip/domain
cd volume1/[gitSharedFolder]
mkdir [repoName].git
cd [repoName].git
git init --bare
git symbolic-ref HEAD refs/heads/main
git update-server-info
cd ..
The last cd ..
moves you back up to the shared folder for all your git repos in case you wanted to repeat the steps starting with mkdir [repoName].git
to make more remote repositories on your NAS.
Using the NAS Repo on Local Machines
In PC Terminal:
Connecting Local Git Repo To NAS Bare Repo: when your local repo has no remote.
cd [path/to/repo/on/PC]
git remote add origin ssh://[git-user]@[ip/domain]:[port]/volume1/gitSharedFolder/repoName].git
[git commit -m “[Git commit message]"]
git push origin main
git branch --set-upstream-to origin/main
In PC Terminal:
Changing Local Repo’s Remote to NAS Repo: when your local repo already has a remote set.
This can be used to switch from a GitHub remote to your NAS remote, to correct a mistyped path used with git remote add origin
, etc.
cd [path/to/repo/on/PC]
git remote set-url origin ssh://[git-user]@[ip/domain]:[port]/volume1/gitSharedFolder/repoName].git
git push origin main
git branch --set-upstream-to origin/main
In PC Terminal:
Clone NAS Repo into an Empty Local Folder — to copy the NAS repo into a local folder, starting a new remote repo for the project.
cd [path/to/clone/repo/into/on/PC]
git clone ssh://[git-user]@[ip/domain]:[port]/volume1/gitSharedFolder/repoName].git
Further Reading
For further information on things not covered in this post.
Working with SSH key passphrases | GitHub Docs
Explains how to auto-launch ssh-agent
on Git for Windows
Checking for existing SSH keys | GitHub Docs
Troubleshooting SSH | GitHub Docs
Introduction to version control with Git — Learn | Microsoft Docs
20 Basic Linux Commands for Beginners Explained with Examples (linuxiac.com)
Resources Dump
Various resources I used in some way to get my Git server working and which, therefore, contributed to this post.
Guides Written By Others
Synology NAS Setup & Configuration Guide — (2021) | WunderTech
Git Remote Add With Another SSH Port (Not 22) — (2021) | linuxandubuntu.com
Instructions for setting up git server on Synology Diskstation — (2014) |walkerjeffd-GitHubGist
Official Synology, Git, Microsoft Learn, and SSH Documentation
Git Server | Synology Knowledge Center
Generating a new SSH key and adding it to the ssh-agent | GitHub Docs
Exercise — Collaborate by using a shared repo — Learn | Microsoft Docs
ssh-keygen is a tool for creating new authentication key pairs | SSH.com
ssh-agent single sign-on configuration, agent forwarding, the agent protocol | SSH.com
ssh-add program usage with ssh-agent and SSH keys | SSH.com
SSH config file syntax and how-tos for configuring the OpenSSH client | SSH.com