Skip to content
Mathieu Simon edited this page Aug 31, 2023 · 20 revisions

Synology Disk Station Manager or short DSM is an Linux-based operating system shipped with various devices made by Synology.

Connect to a Synology device via its web interface in order to apply these options:

  • Open the Control Panel
  • On the bar, scroll down to Connectivity and click on Terminal & SNMP
  • On the tab Terminal tab check if Enable SSH service is enabled
  • If yes, click on Advanced Settings
  • Select the security level Customize

This opens a window Customize encryption mode, which contains 3 rows: Cipher, KEX and MAC, configure them as follows:

Cipher

Only leave the following ciphers enabled:

aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

KEX

Only leave the following key exchange algorithms enabled:

curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512

MAC

Only leave the following MACs enabled:

hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com

Finally in click on Save to close this window, returning back to the windows Advanced Settings where you need to click on Save again. Finally back in the Control Panel, click on Apply.

Limitations

At least DSM version 7.2 doesn't allow you reaching a perfect score, since neither host keys, nor host-key algorithms can be updated or modified in a supported way other than by manually modifying /etc/ssh/sshd_config. Also those manual changes are likely overwritten by i.e. system updates or other configuration changes via the DSM web interface.