synology nas

Get terminal access to your Synology

Terminal Aug 20, 2021

Complete tutorial how to enable SSH and get terminal access to your Synology

Several guides and tutorials on this site use terminal access through SSH (Secure Shell) to access Synology devices. This guide will provide terminal access. Terminal access is achieved with the help of SSH (Secure Shell). Configuring your Synology for remote terminal login is pretty straightforward. However, we will make some changes to the defaults, and I will explain why these changes are recommended. [Edit: Updated for DSM 7]

Quick Start

  1. Login into your DSM with your administrator account
  2. Open the Control Panel
  3. Go to Terminal & SNMP
  4. Check Enable SSH Service
  5. Set Port: 32
  6. Open Advanced Settings
  7. Set the security level to High
  8. Click Apply on the Advanced Settings window
  9. Click Apply on the Control Panel window
DSM 7: Configure SSH
DSM 6.2 Enable ssh access
DSM (6.2) Configure terminal access


The steps described in the Quick Start to enable Synology SSH access have a few decisions embedded within them. I will give these some more attention. We are configuring the SSH service not to run on its default port, 22 but on port 32. Since the default is 22 and if you expose your Synology to the internet, then some bot scanners will try to scan port 22 to see if an SSH service is running. Subsequently, this has multiple advantages; the first is security.

Secondly, I like my port forwarding to match. Whenever I expose a port to the internet, I try to make sure the external port is the same as the internal one. Or the common, “what was that port for again ?”. This saves a lot of headaches on complicated documentation.

Lastly, we want to keep port 22 available because we might want to run some Git services like GitLab. And if a scanner finds SSH on port 22, then in the last case they will end up in a sandbox git environment in which they cannot do anything. In addition, in the future, I will post an entire series on how to set up the ultimate home GitLab environment.

Finally, in the tutorial, we decided to run the SSH Service with a high-security profile. When you are configuring SSH, I highly recommend this. We want to run a secure server.

Getting Access

When you want to access your Synology over SSH, you require an SSH client. All the major operating systems come with an SSH client. Even Windows now has an SSH client available through its additional features instead of installing separate software.

  • Linux
    • Any distribution has ssh client available by default
  • Mac OS
    • Built-in client
  • Windows
    • Available through “Additional Features”
      Settings UI -> Apps -> Apps & Features -> Manage optional features -> Add a feature
      Select OpenSSH Client as the feature to be added

Open a terminal (On windows this is called Command Prompt.

ssh user@ip -p 32

Replace the user with an administrator username on your Synology. And replace IP with either the IP number x.x.x.x or the hostname of your Synology device. If you set the port number to 32 in the Quick Steps, you must include the additional parameter -p 32 to tell SSH to connect to port 32 instead of the default port 22. If you are running the SSH service on port 22, you can omit the entire parameter.

Get root access

Sometimes you will have to switch to the root user to perform specific tasks. For example, docker commands have to be executed as root on Synology. When you are logged in on the terminal, you can switch to the root user with the following command.

sudo -i

This will ask for the password of the main Synology admin account you created when initializing your Synology the first time.

Please be careful with the use of the root user. Root access allows you to perform any action on the system, including destructive ones.


If you enjoyed this tutorial for getting Synology SSH access, please leave a comment below. Any thoughts on how to improve this tutorial are very welcome. If you have any suggestions for an article, please get in touch with me by email.

Note: article migrated from my first blog website attempt