Setting up a non-root Git server on Synology DiskStation

[Tweet : nvALT]

I just got my first Synology. My Drobo crashed, and it was the second one in 5 years. Keeping a 20 TB backup in the cloud isn’t really feasible for me, so a local RAID is supposed to be the backup for less-essential data. So losing another Drobo meant potentially losing a bunch of data I’d rather keep around.

Here’s the really frustrating part of the story: after going through Drobo customer service, they diagnosed it as a chassis issue (versus a power supply issue) and offered to fix it for $375… or I could buy a new Drobo. The thing is, I’d lost trust in Drobo. Everybody has been telling me to get a Synology, so I figured it was time to invest in the switchover. I ordered a Synology DS418 (I know, I know, I now realize I should have gotten the 418play), along with 4 3.5” drives and a Drobo 5 bay to use to recover my data. The Drobo was returned and refunded as soon as I’d recovered my data. Here’s what really ticked me off, though: out of curiosity, I took the power supply from the new Drobo and plugged it into my old one. It booted perfectly and has been running fine since. All I really needed was a $35 power adapter. But, like I said, my trust level was too low and I was happy to be switching anyway.

I’m loving the Synology every bit as much as everybody said I would. A true NAS with an onboard CPU that can run a host of applications from media servers to DNS and VPN servers. Wow.

One of first things I discovered while going through all the features and packages available on the Synology was that it can run a Git server. I had no idea this was even going to be an option, so obviously I skipped everything else and dug right into getting that working. There were a few caveats to getting a truly useful system running, so I’m documenting them here.

Enable SSH

You need SSH enabled to install the Git server. To enable SSH on your Synology, open Control Panel and go to Terminal & SNMP, then check the box for Enable SSH service.

Go Password-free

To make using git pleasurable, you need to make sure you don’t have to type a password every time you push or pull. This is accomplished via SSH key pairs. For the purpose of the next few instructions, we’re going to pretend you don’t know how to do that, so if you do, bear with me.

Doing the following went smoothly for the root user, but I wanted to use a non-root user to administer the Git repositories. I recommend this for security reasons, so these instructions are written for a non-root user and include the steps needed to make that work.

Substitute your admin user name anywhere it says “USERNAME,” and the name of your Synology server wherever it says “SYNOLOGY_NAME.local”.

Generate keys

On your local machine, start by creating a pair of SSH keys. Unless you know what you’re doing and want something different, you can just hit return at every prompt.

$ ssh-keygen -t rsa

Output

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 username@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+

Both public and private keys are now located in ~/.ssh. The public key is id_rsa.pub, and the private key is just id_rsa.

$ cd ~/.ssh        
$ ls
    id_rsa id_rsa.pub

The public key is the one that gets copied to remote servers, and then compared against the private key (that’s only on your machine) at login.

Copy public key to server

You can do this manually, but there’s a great tool called ssh-copy-id that can make it a breeze.

Option 1: Automatic way

Install ssh-copy-id if you don’t have it (brew install ssh-copy-id)

ssh-copy-id USERNAME@SYNOLOGY_NAME.local
Option 2: Manual, in one step…
cat ~/.ssh/id_rsa.pub | ssh USERNAME@SYNOLOGY_NAME.local "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys && chmod 644 .ssh/authorized_keys"
Option 3: ALL THE STEPS

I offer this as a breakdown of option 2, just so you can see what’s happening.

  1. Instead of cating the key over an ssh command, we’ll use scp to copy it to our home directory on the server:

     $ scp ~/.ssh/id_rsa.pub USERNAME@SYNOLOGY_NAME.local:~/
    
  2. ssh into the synology, logging in with your password:

     $ ssh USERNAME@SYNOLOGY_NAME.local
    
  3. Add the public key to ~/.ssh/authorized_keys (setting permissions as we go)

     $ mkdir ~/.ssh
     $ chmod 700 ~/.ssh
     $ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
     $ chmod 644 ~/.ssh/authorized_keys
    

To be clear, the directory ~/.ssh must have its permissions set to 700, and the authorized_keys file must have permissions of 644.

Ensure home directory ownership and permissions

This is the important step that finally got non-root passwordless login working on my Synology. While logged into the Synology via ssh:

$ cd /var/services/homes/
$ chown USERNAME USERNAME
$ chmod 755 USERNAME

Subbing in your actual user name for “USERNAME,” of course. We’re just making sure we’re the owner of our own directory, then setting the permissions on it to 755 (drwxr-xr-x).

Test it out

At this point, if all went well, we should be able to ssh into the server without a password prompt:

$ ssh USERNAME@SYNOLOGY_NAME.local

Add a shortcut (optional)

If you’re planning to ssh into your Synology often (or just want to shorten your Git remote addreses), add a shortcut to by editing ~/.ssh/config on your local machine.

Add the following lines, modifying for your setup:

Host syn
    hostname SYNOLOGY_NAME.local
    user USERNAME
    IdentityFile ~/.ssh/id_rsa

If you want to be able to use this from outside networks, use whatever DDNS/port forwarding setup you’re using for remote access instead of the .local address.

And now you can just run:

$ ssh syn

And when you set up your git repo remote, it can be something like:

ssh://syn/volume1/homes/USERNAME/repos/myrepo.git

Install the Git server on Synology

Package Center -> Git Server

Ensure that your user has access under Git Server->Advanced Settings.

Now you have fast access to your Synology’s operating system, and a local git server to boot. I’ve found mine to be ridiculously fast compared to using offsite remote repos. Just edit an existing ~/.git/config or git remote add [origin] ssh://syn/volume1/homes/USERNAME/repos/myrepo.git.

Additional references: