Synology DSM - Can't log as root (but works with admin)

After some automatic updates (or being hacked?) I have many things broken and a huge problem to resolve them since I can't login as root anymore.

ssh admin: login success
su root: permission denied (probably not the same password)

What I have tried:

read log: but permission denied
use 'synopass' and empty password: failed
use synouser: permission denied
change password of admin hoping it will update the root password: failed.
check the root user in /etc/passwd: he is ok (with ash)
restart all the server: failed

I have no idea what is going on. Any advice?

user2668735

Posted 2016-03-27T12:20:45.027

Reputation: 305

sudo su works and solve the problem but the situation is not clear. – user2668735 – 2016-03-27T12:46:46.377

In /etc/shadow we can see "root:*:" so I suppose we can't login in root directly anymore and we have to use sudo. DSM release notes just speak about ssh but... ok ^^ – user2668735 – 2016-04-04T05:46:17.097

Answers

Your Synology probably upgraded to DSM6, in which security has been hardened... In DSM6 you can no longer use root for SSH, but you can use any other member account of the administrators group. Mind that you now need to sudo when logged in using SSH.

See the DSM6 release notes!

Victor Vogelpoel

Posted 2016-03-27T12:20:45.027

Reputation: 304

1I knew that we could not ssh as root (I checked the ssh conf). What I don't understand is why we can't "su root" ? I mean, we can, but the root password is not the same as admin anymore and I have no idea what it is. – user2668735 – 2016-03-29T13:50:17.953

This answer has the reason and will be complete if merged with @JulienGrimal answer that has the solution. Also, the "See release notes" statement will be great if it's linked. – gmo – 2017-01-08T19:09:16.513

If your synology is in DSM6 and you're logged with a user part of administrator group, you can do :

sudo -i

enter your root/admin password

or even sudo su - (it works to)

now you're root tadaaa

Julien Grimal

Posted 2016-03-27T12:20:45.027

Reputation: 341

Here's the synology documentation : https://www.synology.com/en-global/knowledgebase/DSM/tutorial/General/What_is_the_username_and_default_password_for_accessing_my_Synology_Product_via_Telnet_SSH

– Brice – 2016-11-18T10:14:44.087

+1 But for sudo -i has to enter the *current logged user password* (in admin group of course). Use admin pass only if you are logged in as admin. >DSM 6 Doc.

– gmo – 2017-01-08T19:04:17.717

In DSM Version 6 you can still login as root when using RSA keys. Therefore just copy your public key as admin to your Synolgy:

$ cat ~/.ssh/id_rsa.pub | ssh admin@192.168.1.10 'umask 077; cat >>/tmp/authorized_keys'

After that login to your Synology as admin and become root:

$ ssh admin@192.168.1.10
admin@192.168.1.10's password:
admin@My-Synology:/$ sudo -i
Password:

No create the .ssh directory for root, move your key and change the owner of that file:

root@My-Synology:~# mkdir -m0700 /root/.ssh
root@My-Synology:~# mv /tmp/authorized_keys /root/.ssh/
root@My-Synology:~# chown root:root /root/.ssh/authorized_keys

After that you can login to your Synology as root without having to enter the password.

F.B.

Posted 2016-03-27T12:20:45.027

Reputation: 41

Does this expose any security concern? – The-Vinh VO – 2018-07-02T03:49:14.060

You can also just SSH using rsa keys, then you can SSH as root, even after installing DSM6, without making any additional changes.

briped

Posted 2016-03-27T12:20:45.027

Reputation: 1

If you're still with DSM Version 5, you might have logged in as admin instead of root. This makes a difference, even though root and admin share the same password.

To solve, do

ssh root@synology.local

with using the admin password.

This will log you in as root, with root access.

Marcel

Posted 2016-03-27T12:20:45.027

Reputation: 456