Tag Archives: Port tunnel

Synology DiskStation SSH Tunnelling

Included in the SSH specification is the hugely overlooked ability to tunnel traffic. Looking on the Synology forums and the Web in general I saw plenty of articles and blog posts on how to enable port forwarding on your router for all the various services these appliances can provide. Many of these services transmit their data in non-encrypted form, with passwords being sent in clear text. However, there is a better way – one that can allow you secure remote access to absolutely anything on your home LAN. I had used this method to connect to my hacked TiVo many years ago because its web interface didn’t have the option of SSL. I did find some Synology-specific info about it, but I suspect it was from much earlier DSM versions which perhaps didn’t have a decent SSH daemon, and so called for additional packages to be installed. I was sure that there must be a simple way to tweak the config of the existing daemon. Luckily I found this blog post which seems to be quite hard to find via Google.

UPDATE – no config changes are necessary, at least with DSM 3.2 onwards (can’t remember for 3.1).

The concept is simple. You connect via SSH with PuTTY, but in setting up the connection you define some port mappings. So let’s say you wanted to be able to remotely use the DSM software on TCP5000, you can define a local port of say 8500 and remap that to the private IP of your Synology NAS at home on port 5000 (so in my case):

PuTTY tunnel settings

Don’t forget to click Add. Also in the options navigate to Window > Translation and set the character set to UTF-8.

Once you’re connected in PuTTY, point a browser to http://localhost:8500 and you’ll be connected to the DSM at the other end of the SSH tunnel – and securely too.

If you’re using a Mac or Linux computer the normal SSH client can be configured similarly from the terminal, e.g.:
ssh root@mynasip -L 8500: -L 8123:

One final little mod is to enable coloured output in directory listings, and displaying of the current directory path in the shell prompt. Type:

echo alias ls="'ls --color'" >> ~/.profile
echo export PS1="'\w\$ '" >> ~/.profile

This will take effect at next logon. Directories are blue, executables are green, and symbolic links are cyan.

Shell colour directory listing