Rsync backup using SSH without password on Synology DiskStation

I’ve shown you how to use rsync for a fast and reliable backup of your Mac files to your DiskStation. One draw-back is that rsync always asks for a password to access your DiskStation which makes it uncomfortable and impossible to use in scripts. See how it works without passwords, securely.

The easiest solution to that is to build a secure SSH connection using RSA keys. Here is what you need to do.

First, enable SSH in your Synology web interface. Log into your Synology from a Terminal with “ssh 192.168.x.y”.

Edit the file /etc/ssh/sshd_config using vi as following:

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Now on your Mac we need to create the key files using the following commands:

ssh-keygen -t rsa

Always respond by pressing enter, so the key files are store in ~/.ssh directory without a separate password. The public key in the file needs to be stored on the DiskStation now. Copy it to e.g. the public folder, and then on the DiskStation run the following commands:

cd ~
mkdir .ssh
mv /volumes1/public/ ~/.ssh/authorized_keys
chmod 700 .ssh
chmod 644 .ssh/authorized_keys
chown -R root .ssh
chown -R root .ssh/authorized_keys

Now type in reboot to restart the DiskStation.
The next login from your client should not ask you for a password any longer. If you want to use rsync via SSH to backup without passwords, just use the SSH parameter as following:

rsync -e '/usr/bin/ssh' 
  /source root@'/volume1/destination/'

Improvements and suggestions welcome!

Tags: , , , ,


  1. This seems to work for me if if I reference the volume directory via root@hostnameofNAS:/volume1/destination. However, it does not work if I reference the rsynch module directory, as in root@hostnameofNAS::destination.

    Why is that and wouldn’t it make more sense to reference the module directory if you are running an RSYNC server anyway? Are there any advantages or disavantages of one approach over the other? I am fairly new to this so appreciate any help… Thanks

  2. It will both work – however, I decided to reference to the full server path since I did not want to use the “NetBackup” shared drive but another one. Sure you could also edit rsyncd.conf to adjust the module paths.


  3. […] to pause to enter passwords if you get your .ssh keys set up correctly.  A good post on this is here.  I’ll just add to it that you can do the same for user (non-root) access, but make sure to […]

  4. Thanks Mick!. I had not realized that not every share on my NAS was in the rsyncd.conf, but only the NetBackup share. I opted for leaving my rsyncd.conf alone since it works either way…

  5. […] You can do this without having to manually enter passwords, if you get your .ssh keys set up correctly.  You create a public/private keypair using ssh-keygen, keeping the private key in your local ~/.ssh/, and appending the public key to the remote ~/.ssh/authorized_keys file.  A post on how to do it is here. […]

  6. […] Please also make sure first to have done all steps the enable SSH access without password in this post. Then, the simple command for keeping music in sync […]

Leave a Reply

Your email address will not be published. Required fields are marked *