Synology NAS (DSM 7): Using Git Server and SSH
This “guide” is what worked for me when I was recently setting up a Git Server on my Synology NAS. It also includes the steps I took to set up SSH keys to turn off the need to enter my NAS user password in the terminal.
I used a Git Bash terminal on Windows 10. At times, I used the Git Bash terminal within Windows Terminal.
In this, I cover:
- Preparation needed to use SSH and the terminal to interact with your NAS (longest section — to skip past this section see my other story here),
- Using the Terminal on your PC to set up SSH keys for password-less use of Git with your NAS,
- Using the Terminal on your PC to initialize a bare repo on your NAS for use as a remote repository, and
- Using the Terminal on your PC to use that NAS remote repository with local repositories.
Preparation: On NAS via Browser
NOTE: You will need a stable address to use (static IP/domain) for the SSH key to continue working since the SSH key will be registered by the username which includes the domain name/IP address.
No directions are provided here for setting up a static IP address.
Create a Firewall Rule to Allow Encrypted Terminal Service
- Go into Control Panel > Security > Firewall.
- Click on Edit Rules under “Firewall Profile” to open the Edit Profile window.
- Click Create in the “Edit Profile” window to open the Create Firewall Rules window.
- Click on the radio button for Select from a list of built-in applications under “Ports”, and click on Select to open the Select Built-in Applications window.
- Check the box next to Encrypted terminal service (including encrypted rsync and SFTP), and click OK twice to return to the Edit Profile window.
- Move your newly added rule to be listed above any “Deny All” rule you may have, and click OK.
Enable SSH Service and Change Default Port Number
- Under Control Panel > Terminal & SNMP > Terminal
- Click the check box next to Enable SSH service.
- Change the default Port from 22 to another number.
- Click Apply.
Install Git Server
- Find and install Git Server from Package Center.
- Open Git Server and set permissions to allow/disallow access for users. Disallow Guest and Admin. (It is recommended to have a Git-only user account which only has access to Git Server and related directories — ex. git remote repo directory, user’s own home files, etc.)
Set up a Domain name for your NAS
Setting up a Domain name allows you to use the Domain name in the terminal instead of (or in addition to) your NAS’s static IP address.
- Under Control Panel > Login Portal > DSM
- Under “Domain”, enter a Customized domain name in the box next to that label, and click Apply.
Setting Up SSH For Password-less Git Use on NAS
Open two Git Bash terminal window
- PC Terminal — for taking action within your PC.
- NAS Terminal — for taking action within your NAS.
In PC Terminal:
Generate a new SSH key pair and add them to SSH agent.
ssh-keygen -t ed25519
eval “$(ssh-agent -s)”
ssh-add ~/.ssh/id_ed25519Copy SSH public key to NAS.
ssh-copy-id -p [ssh-port] -i ~/.ssh/id_ed25519.pub [git-user]@[ip/domain]In NAS Terminal
SSH into NAS, and open sshd_config file with an Administrative User (not the default Admin user)
ssh -p [port] [admin-user]@[ip/domain]
[enter password when prompted]
sudo vim /etc/ssh/sshd_configIn sshd_config, uncomment (remove “#” before) PubKeyAuthentication yesSave and exit file by pressing ESC, typing :wq, and pressing ENTER
Exit NAS in Terminal (“SSH out of” NAS)
exit
In NAS via Browser
Change permissions on homes/git-user to exclude all users but the git-user. (Without this step, the SSH key will not work for authentication because permissions on the NAS SSH key file are too permissive.)
- Open File Station > homes.
- Right-click on the homes folder for the git-user (the one with the .ssh folder in it), and click Properties to open the Properties window.
- Click on Permissions tab and click Advanced Options > Exclude inherited permissions
- On the bottom, left of the Properties window, click the checkbox for “Apply to this folder, subfolder, and files”, and click Save.
If you get a warning about being denied access to the shared folder, click Yes. (Side note: Though I got this warning, I did not experience any loss of access to my git-user’s folder from my other, admin-group account.)
In NAS Terminal: Test to see if SSH key works. You should not be ask for the git-user password.
ssh -p [port] [-v] [git-user]@[ip/domain]
exit(The -v flag above is optional. Including it will give a “verbose” output, which is good for debugging, if needed.)
Making the Remote Repo on NAS
In NAS via Web Browser:
Create a shared folder in Control Panel > Shared Folder for your Git Remote Repositories.
In NAS Terminal:
SSH into NAS, cd into Shared folder for Git Repos and create a folder for the new bare repository.
ssh -p [port] [git-user]@[ip/domain
cd volume1/[gitSharedFolder]
mkdir [repoName].git
cd [repoName].git
git init --bare
git symbolic-ref HEAD refs/heads/main
git update-server-info
cd ..The last cd .. moves you back up to the shared folder for all your git repos in case you wanted to repeat the steps starting with mkdir [repoName].git to make more remote repositories on your NAS.
Using the NAS Repo on Local Machines
In PC Terminal:
Connecting Local Git Repo To NAS Bare Repo: when your local repo has no remote.
cd [path/to/repo/on/PC]
git remote add origin ssh://[git-user]@[ip/domain]:[port]/volume1/gitSharedFolder/repoName].git
[git commit -m “[Git commit message]"]
git push origin main
git branch --set-upstream-to origin/mainIn PC Terminal:
Changing Local Repo’s Remote to NAS Repo: when your local repo already has a remote set.
This can be used to switch from a GitHub remote to your NAS remote, to correct a mistyped path used with git remote add origin, etc.
cd [path/to/repo/on/PC]
git remote set-url origin ssh://[git-user]@[ip/domain]:[port]/volume1/gitSharedFolder/repoName].git
git push origin main
git branch --set-upstream-to origin/mainIn PC Terminal:
Clone NAS Repo into an Empty Local Folder — to copy the NAS repo into a local folder, starting a new remote repo for the project.
cd [path/to/clone/repo/into/on/PC]
git clone ssh://[git-user]@[ip/domain]:[port]/volume1/gitSharedFolder/repoName].gitFurther Reading
For further information on things not covered in this post.
Working with SSH key passphrases | GitHub Docs
Explains how to auto-launch ssh-agent on Git for Windows
Checking for existing SSH keys | GitHub Docs
Troubleshooting SSH | GitHub Docs
Introduction to version control with Git — Learn | Microsoft Docs
20 Basic Linux Commands for Beginners Explained with Examples (linuxiac.com)
Resources Dump
Various resources I used in some way to get my Git server working and which, therefore, contributed to this post.
Guides Written By Others
Synology NAS Setup & Configuration Guide — (2021) | WunderTech
Git Remote Add With Another SSH Port (Not 22) — (2021) | linuxandubuntu.com
Instructions for setting up git server on Synology Diskstation — (2014) |walkerjeffd-GitHubGist
Official Synology, Git, Microsoft Learn, and SSH Documentation
Git Server | Synology Knowledge Center
Generating a new SSH key and adding it to the ssh-agent | GitHub Docs
Exercise — Collaborate by using a shared repo — Learn | Microsoft Docs
ssh-keygen is a tool for creating new authentication key pairs | SSH.com
ssh-agent single sign-on configuration, agent forwarding, the agent protocol | SSH.com
ssh-add program usage with ssh-agent and SSH keys | SSH.com
SSH config file syntax and how-tos for configuring the OpenSSH client | SSH.com
