Get access on your synology nas having ssh disabled without reset when you cannot bypass the Two-Factor Authentication

Few days ago, I couldn't connect to my synology backup NAS because I've reset my phone and therefore lost my Google Authenticator's data.
When I've tried to click the "Lost my phone" link, I got a message :
you have exceeded your emergency code limit
As this is a backup NAS, I've enabled only few services, i.e. not SSH.
And there is only one administrator account on this NAS.

I didn't wanted to reset my NAS and reconfigure all parameters.

Hopefully for me, rsync was enabled and I had another nas available with 2FA enabled also. So I've simply overriden the google_authenticator file using rsync.
That also lets me now to connect to my both NAS using the same code :)

Here is the command line :
rsync -avzh /usr/syno/etc/preference/admin/google_authenticator root@192.168.1.2:/usr/syno/etc/preference/admin/

  • 192.168.1.2 is the ip address of the NAS I wanted to get access
  • you have to use 'root' user, not 'admin'. And the password is the one set for 'admin' user

You can also simply get the google_authenticator file on your local computer using rsync the same way :
rsync -avzh root@192.168.1.2:/usr/syno/etc/preference/admin/google_authenticator .
You can then manually add an account in Google Authenticator.

If you want to delete the file on the NAS in order to be able to connect without 2FA:

  • download the whole directory (/usr/syno/etc/preference/admin/) on your local computer using rsync
  • delete the google_authenticator file on your local computer
  • upload the directory back on the server using the flag --delete on rsync

Comments

Post a Comment

Popular posts from this blog

Resolve "Cannot download packages whilst offline" issue in Deja-Dup backup software

If you got the error message "Cannot download packages whilst offline" but your internet connection is active, this is probably because you've managed the network configuration yourself and the network manager is reporting an offline status even if it's not correct. To fix this issue, simply edit the file /etc/NetworkManager/NetworkManager.conf and change the following configuration to be inline with: [ifupdown] managed=true Then restart the Network Manager : sudo service NetworkManager restart #1
Read more

ubuntu 20.04 / netplan / change mac address and static ip

I wasn't able to set together a virtual mac address and a static IP using netplan: either the mac address didn't change, or IP was not set. I finally got the trick using a fake nic definition that matches the new virtual mac address I've set.    network:   renderer: networkd   ethernets:     ens160:       match:         macaddress: 00:0c:29:5a:69:00       macaddress: 00:50:56:0c:de:a6     ens160_2:       match:         macaddress: 00:50:56:0c:de:a6        addresses: [ 139.99.5.72/32 ]       nameservers:         addresses: [ 8.8.8.8 ]       routes:       - to: 0.0.0.0/0         via: 139.99.5.254         on-link: true     ens192:       addresses: [192.168.103.14/24]       #dhcp4: true   version: 2
Read more

wireshark ssh remote connect on linux server

Image
First, install the optional component from Tools  section of Wireshark installer Then, select config gear of the SSH remote capture  from the welcome screen Configure the following information:           Server ip/hostname and port     Remote user name and private rsa key in OpenSSH format (use puttygen > conversions > export openssh key)  (user and password should work too) You shouldn't have to change anything in Capture tab If you get an error linked to Kex algos: Error by extcap pipe:  ** (sshdump.exe:8216): WARNING **: Error creating connection. ** (sshdump.exe:8216): WARNING **: Connection error: kex error : no match for method kex algos: server [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256], client [diffie-hellman-group14-sha1,diffie-hellman-group1-sha1] You have to add the requested al
Read more