I logged into the backup host and re-ran the repository resync process, to be greeted by the same error.
|Synology DSM 5.1 error|
As it turns out, this version of SSH doesn't enable the required key exchange protocol by default; luckily, that's an easy edit of the /etc/ssh/sshd_config file. And to play it safe, I added not only the needed Kex parameter, I also added the published defaults.
KexAlgorithms diffie-hellman-group1-sha1,email@example.com,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1After restarting SSH in the DSM control panel, then re-scanning the repository, all was not quite fixed:
Back to the manfile for sshd_conf...
The list of supported ciphers is impressive, but rather than add all of them into the list, I thought it would be useful to get a log entry from the daemon itself as it negotiated the connection with the client. Unfortunately, it wasn't clear where it was logging, so it took some trial-and-error with the config settings before I found a useful set of parameters:
SyslogFacility USERAt that point, performing a rescan resulted in an entry in /var/log/messages:
Ciphers aes128-cbc,blowfish-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,firstname.lastname@example.org,email@example.com,firstname.lastname@example.orgOne more rescan, and all was well, making it possible to retry the failed jobs.
There have been responses of both successes and failures from people using this post to get their repository back on line. I'm not sure what's going on, but I'll throw in these additional tips for editing sshd_config:
- Each of these entries (KexAlgorithms and Ciphers) are single line entries. You must have the keyword—case sensitive— followed by a single space, followed by the entries without whitespace or breaks.
- There's a spot in the default sshd_config that "looks" like the right place to put these entries; that's where I put them. It's a heading labelled "# Ciphers and keying." Just drop them into the space before the Logging section. In the screenshot below, you can see how there's no wrap, no whitespace, etc. This works for me.
- Restart the SSH service. You can use the command line (I recommend using telnet during this operation, or you'll loose your SSH connection as the daemon cycles) or the GUI control panel. If using the latter, uncheck SSH, save, check SSH.
Saved my day and my critical backup
Best regards from Denmark
Great post, but when I add them to the sshd_config ( below all the lines ) my SSHD can't startReplyDelete
DS1812> synoservicectl --restart sshd
sshd failed to restart... error unknow [0x0000 (null):0]
Found it !Delete
not below all lines but between de lines :-) THX great post.
You saved my dayReplyDelete
Worked for me
But still issue with veeam
No offloading to the CPU of the Synology like it used too.
I made the mistake to update python ... I think there is an issue like that
Python isn't used by Veeam, it's all Perl. Not sure which offload you're wanting; maybe you intend it to be a backup proxy in addition to being a repository?Delete
This did not work. I cannot start ssh after I edit my sshd_config.ReplyDelete
If it works by you, can you send me your full sshd_config?
Today I wrote to the Software enginer of Synology between this Problem.
Synology Support Veeam till 5.0
Updated post with tips for sshd_config. The only changes from the default is there in those two lines.Delete
Worked great, thanks so much.ReplyDelete
Add lines anywhere in config file and make sure to restart your SSH service folks.
now it works... I have to use not the last Lines in the sshd_config
# obsoletes QuietMode and FascistLogging
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
# similar for protocol version 2
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
# Don't read the user's ~/.rhosts and ~/.shosts files
# To disable tunneled clear text passwords, change to no here!
# Change to no to disable s/key passwords
# Kerberos options
# GSSAPI options
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePrivilegeSeparation sandbox # Default for new installations.
# no default banner path
# override default of no subsystems
#Subsystem sftp /usr/libexec/sftp-server
Subsystem sftp internal-sftp -f DAEMON -u 000
# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
# disable hpn performance boosts
# buffer size for hpn to non-hpn connections
# allow the use of the none cipher
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match User root
Putting the KexAlgorithms line in at the ***end*** of the file resulted in the errorReplyDelete
"sshd failed to restart... error unknow [0x0000 (null):0]"
When I ran /usr/bin/sshd to start the daemon interactively it spat out:
"/etc/ssh/sshd_config line 151: Directive 'KexAlgorithms' is not allowed within a Match block"
So, as someone pointed out earlier, move the line up somewhere else in the file and it should work - I put it up near the top.
when i ssh using putting and try to edit the file using the root and admin account, it get permission denied!ReplyDelete
Can you please help.
Using root account, you might need to change the permissions (chmod) to make it writeable, but *I* didn't have to. Admin account needs 'sudo' unless permissions are open wider than usual.Delete
Thank you for saving my sanity.ReplyDelete
You sir are awesome! I certainly did not have the energy to dive that deep into this issue this morning. But a couple of lines added to the right file as you instruct, and problem solved. I am however disappointed that a simple DSM update caused such a headache.ReplyDelete
Wow, this is what I would call a "job well done"! This fixed it for me. Thank you very much for getting to the bottom of the problem AND providing a quick fix that everybody should be able to perform. First time I've ever been disappointed by Synology for causing such troubles with a simple update and, even worse, denying they caused the problem and not providing us with a solution.ReplyDelete
Second time I have had to resource this post. DSM 5.1-1021 broke Veame again. Many, many thanks for the write up!ReplyDelete
awesome stuff... thanks so much.. now back to a faster speed with NFS ;)ReplyDelete
Thank you very much, I had this error as well ("server does not support diffie-hellman-group1-sha1") after a recent firmware update on our QNAP Nas, and your modifications in sshd_config fixed this problem.ReplyDelete
Thanks for psoting this. Had some problems with my QNAP and your post resolved my errors.ReplyDelete
Worked for me. Thank you.ReplyDelete
Lifesaver! Fixed our QNAP issue with Veeam 8.0.ReplyDelete
Thanks a lot. You saved my time :)ReplyDelete
I have the synology ds2415 installed DSM 5.1-5022 Update 4 and Veeams 8, getting same error.ReplyDelete
Tried to edit the sshd_config fie but it does not let me.. do I need to login as root .
have tried commands sudo , su - admin ,
new to linix, how can I edit the file in the thermal: vi sshd_config
Same workaround used for do Backup from Cisco Unified Callmanager. Helped a lot, thank you very much.ReplyDelete
The gui has a built in option to do this now. I the screen where you enable/disable SSH, click the "Advanced settings" button, and select "low".ReplyDelete
I'm on DSM 5.2-5592
It worked！Thanks a lot~ReplyDelete
In DSM 5.2 you can choose the ciphers KEX and MAC in web GUI under Customize in ssh screen.ReplyDelete
I also noticed that in DSM 5.2 none of the restarting of sssh mentioned above works. The only way was:
This forced sshd to reload the config and even not to drop active ssh connections (like the terminal you typed that command in.
Here is the example how to find the PID of sshd and command to force sshd to reload the config:
DSM> ps w | grep ssh
19982 root 16836 S /usr/bin/sshd
22228 root 54632 S sshd: root@pts/1
22253 root 3768 S grep ssh
DSM> kill -1 19982
It is a great website.. The Design looks very good.. Keep working like that!. SubZero, Viking, Scotsman Ice Maker Repair in SANTA MONICAReplyDelete
The very first thing you must do before hiring an appliance repair company is to evaluate the problem thoroughly. Licensed Sub Zero Appliance Repair Service CenterReplyDelete
Programming devices are utilized in pretty much every cellular phone repair focus. Handy reparaturReplyDelete
In conclusion, if the split is a pressure split, implying that it created without an outside break, at that point either your windshield is damaged or your vehicle outline has by one way or another distorted that an anomalous pressure design is applied on the windshield. for more informationReplyDelete
After going over a handful of the blog articles on your site, I honestly appreciate your technique of blogging. best online grocery store in dubai I saved as a favorite it to my bookmark site list and will be checking back in the near future. Please check out my website too and tell me your opinion.ReplyDelete
Is your fridge’s temperature off? Is your oven not cooking your meals properly? Is your dryer making strange, loud noises? No matter what issue you are experiencing with your household appliances (such as your fridge, stove, oven, washer, dryer, dishwasher, freezer), you need to know that you can rely on an appliance repair Vancouver company to provide quick and reliable repairs.fridge repairReplyDelete
Impressive!Thanks for the postReplyDelete
Usually I never comment on blogs but your article is so convincing that I never stop myself to say something about it. You’re doing a great job Man,Keep it up.ReplyDelete
Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me. black satta kingReplyDelete
Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place.. black satta kingReplyDelete
There are several dissertation online websites on-line while you at the same time attain evidently maintained in your own web-site. poker terimleriReplyDelete
Nice to be visiting your blog again, it has been months for me. Well this article that i've been waited for so long. I need this article to complete my assignment in the college, and it has same topic with your article. Thanks, great share. Weed For SaleReplyDelete
Very interesting blog. Alot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definately interested in this one. Just thought that I would post and let you know. THC Cartridges For SaleReplyDelete
I am happy to find this post very useful for me, as it contains lot of information. I always prefer to read the quality content and this thing I found in you post. Thanks for sharing. thc vape juice deliveryReplyDelete
This is a brilliant blog! I'm very happy with the comments!.. thc carts for sale bulkReplyDelete
I have a hard time describing my thoughts on content, but I really felt I should here. Your article is really great. I like the way you wrote this information. mail order weed onlineReplyDelete
I really like your writing style, great information, thankyou for posting. reliable mail order marijuanaReplyDelete
Thank you so much as you have been willing to share information with us. We will forever admire all you have done here because you have made my work as easy as ABC. dispensaries that shipReplyDelete
hi was just seeing if you minded a comment. i like your website and the thme you picked is super. I will be back. Mail Order MarijuanaReplyDelete
I think that thanks for the valuabe information and insights you have so provided here. thc oil cartridges shipped anywhereReplyDelete
Wow, cool post. I’d like to write like this too – taking time and real hard work to make a great article… but I put things off too much and never seem to get started. Thanks though. Weed For Sale OnlineReplyDelete
That is the excellent mindset, nonetheless is just not help to make every sence whatsoever preaching about that mather. Virtually any method many thanks in addition to i had endeavor to promote your own article in to delicius nevertheless it is apparently a dilemma using your information sites can you please recheck the idea. thanks once more. 420 Mail OrderReplyDelete
Wow, What an Outstanding post. I found this too much informatics. It is what I was seeking for. I would like to recommend you that please keep sharing such type of info.If possible, Thanks. legit online dispensaries ship all 50 statesReplyDelete
I really appreciate this wonderful post that you have provided for us. I assure this would be beneficial for most of the people. cheap thc cartsReplyDelete
I got too much interesting stuff on your blog. I guess I am not the only one having all the enjoyment here! Keep up the good work. Buy Weed OnlineReplyDelete
This is my first time i visit here and I found so many interesting stuff in your blog especially it's discussion, thank you. yabancı bahis siteleriReplyDelete
Nice knowledge gaining article. This post is really the best on this valuable topic. bahis siteleriReplyDelete
Nice to read your article! I am looking forward to sharing your adventures and experiences. toppe ricamateReplyDelete
I appreciated your work very thanks perdite impiantoReplyDelete
I learn some new stuff from it too, thanks for sharing your information. palmsbetReplyDelete
I'm glad to see the great detail here!. betson10ReplyDelete
The whole characteristic cycle of your brain work is lost into another domain. It is imperative to initially comprehend the brain so it would empower us to comprehend the disadvantages of a brain injury. FactsReplyDelete
My brand name was deemed catchy because of the help brought to me by taking this online course. Thank you, Alexandra for the very informative session in getting my brand name professionally done. Samsung repair iPad repairReplyDelete
If your clothes are taking forever to dry, or your dryer is making odd noises, then you need to intervene. Let Doctor Appliance's skilled and efficient technicians handle the issue for you. Their personalized appliance repair specialists will fix it immediately! For all dryer repair needs in the city of Ottawa, trust Doctor ApplianceReplyDelete
Effectively perceive the amount you need to arrange at this moment, buy klonopin online with the goal that you don't get captured short, or incidentally request excessively.ReplyDelete
To find legal medical marijuana dispensaries in Colorado, here are some steps you can follow: craft canabisReplyDelete
Do you need Personal Loan?ReplyDelete
Business Cash Loan?
Fast and Simple Loan?
Quick Application Process?
Approvals within 24-72 Hours?
No Hidden Fees Loan?
Funding in less than 1 Week?
Get unsecured working capital?
Loan Amount Needed:.
Purpose of loan:.......
Mobile / Cell:....
Buy Crystal Mеth OnlineReplyDelete
Buy Meth Online. Crystal mеth iѕ the common name fоr сrуѕtаl methamphetamine, a ѕtrоng аnd highly addictive drug that affects the central nеrvоuѕ ѕуѕtеm. meth for sale, buy meth, buy crystal meth online, buy methamphetamine online, crystal meth online, buy crystal meth, order meth online
Cocaine for sale, iѕ a ѕtimulаnt drug dеrivеd frоm соса рlаnt lеаvеѕ. It еnhаnсеѕ thе еffесtѕ оf a brаin сhеmiсаl саllеd dораminе, lеаding tо a ѕеnѕе оf inсrеаѕеd еnеrgу аnd роwеr. Thе inсrеаѕеd imрасt оf dораminе аlѕо саuѕеѕ thе еuрhоriс аnd рlеаѕurаblе ѕеnѕаtiоn оf a “high” оn сосаinе. Cocaine for sale, Buy Cocaine Online, cocain for sale, crack cocaine for sale, buying cocaine online, how to buy cocaine online, order cocaine online, how to buy cocainReplyDelete
Buy Dmt оr N, N-dimеthуltrурtаminе in mеdiсаl tаlk — iѕ a hаlluсinоgеniс trурtаminе drug. Sоmеtimеѕ rеfеrrеd tо аѕ Dimitri, thiѕ drug рrоduсеѕ еffесtѕ ѕimilаr tо thоѕе оf рѕусhеdеliсѕ, likе LSD аnd mаgiс muѕhrооmѕ.. 5 meo dmt buy, 4 aco dmt buy, dmt drug buying online, where to buy dmt, dmt for sale, where can you buy dmtReplyDelete