Note: I recently purchased a Synology DiskStation DS411j & I’m putting up posts about things I figure out. This is part of that series.

While we’re busy setting up SSH keys on the Synology DiskStation & enabling users other than root to log in with SSH keys, you might as well change the default port that SSH uses as well. This adds a layer of obfuscation to help frustrate any attacker. It’s not an impregnable wall to a determined foe, but it’s also enough of a speed bump that most scanners & script kiddies will be somewhat tricked. And anyway, it doesn’t hurt.

The default port for SSH is 22, & you want to pick a different, unused port. The word unused is key here—you don’t want to pick one that another service is using, or even could use. Use less or some other pager1 to view the contents of /etc/services & find a nice, high-numbered port (five-digits are usually good) that either unused or likely will never be used on your DiskStation.

Again, edit /etc/ssh/sshd_config & change this line:

#Port 22

To this:

Port 12345

Please note I just typed 12345 there; I have no idea if that’s a good port number to use or not. Do your research first!

Tomorrow, January 18th, this site is blacked out to protest SOPA, so please check back in on January 19th for how to log in to a Synology DiskStation quicker & easier using an SSH config file.

  1. Everyone know that less is more, so use less instead of more. Unfortunately, by default, the Synology DiskStation doesn’t come with less installed. To get it, use ipkg (discussed previously in Installing 3rd party software on your Synology DiskStation DS411j) & install less