30 July 2015

Get access on your synology nas having ssh disabled without reset when you cannot bypass the Two-Factor Authentication

Few days ago, I couldn't connect to my synology backup NAS because I've reset my phone and therefore lost my Google Authenticator's data.
When I've tried to click the "Lost my phone" link, I got a message :
you have exceeded your emergency code limit
As this is a backup NAS, I've enabled only few services, i.e. not SSH.
And there is only one administrator account on this NAS.

I didn't wanted to reset my NAS and reconfigure all parameters.

Hopefully for me, rsync was enabled and I had another nas available with 2FA enabled also. So I've simply overriden the google_authenticator file using rsync.
That also lets me now to connect to my both NAS using the same code :)

Here is the command line :
rsync -avzh /usr/syno/etc/preference/admin/google_authenticator root@192.168.1.2:/usr/syno/etc/preference/admin/

  • 192.168.1.2 is the ip address of the NAS I wanted to get access
  • you have to use 'root' user, not 'admin'. And the password is the one set for 'admin' user

You can also simply get the google_authenticator file on your local computer using rsync the same way :
rsync -avzh root@192.168.1.2:/usr/syno/etc/preference/admin/google_authenticator .
You can then manually add an account in Google Authenticator.

If you want to delete the file on the NAS in order to be able to connect without 2FA:

  • download the whole directory (/usr/syno/etc/preference/admin/) on your local computer using rsync
  • delete the google_authenticator file on your local computer
  • upload the directory back on the server using the flag --delete on rsync
Post a Comment