How can I mount encrypted folder via SSH in Synology NAS?

Question

Now I mount an encrypted folder:

open browser and login to NAS gui
click Control panel -> Shared Folder > Encryption > Mount
enter key

after folder is mounted:

rsync -ah --progress --delete /path/* admin@ipadress:/volume1/path/

Can I bypass 1.-3. and use ssh only?

You're asking if you can run one ssh command that opens a browser, logs in to the NAS, clicks in specific places, enters a key, then runs an rsync command? — Jeff Schaller, Jul 15 '16 at 22:16
I can connect to NAS with ssh, therefore bypassing the gui altogether. If I can do this with ssh, I can automatize this process. — Ohto Nordberg, Jul 16 '16 at 08:33
No. The key is in an encrypted file, which I first open, then paste to NAS gui. — Ohto Nordberg, Jul 16 '16 at 14:23
Does the "ssh" process need to open this encrypted file, or else how will the key be transmitted? — Jeff Schaller, Jul 16 '16 at 14:44
Good question. I assume there exists a command which mounts encrypted folder and has the key as argument. — Ohto Nordberg, Jul 16 '16 at 14:55

score 10 · Accepted Answer · answered Jul 16 '16 at 16:31

Use the gui to mount the encrypted directory, then login to the synology as root over ssh and type mount. You will see a line like

 /volume1/@mycryptdir@ on /volume1/mycryptdir type ecryptfs (rw,relatime,ecryptfs_fnek_sig=88...,ecryptfs_sig=88...,ecryptfs_cipher=aes,ecryptfs_key_bytes=32)

This shows your directory /volume1/mycryptdir is implemented on an underlying /volume1/@mycryptdir@ directory using ecryptfs. Unmount the directory with the gui, then try the following command:

# ecryptfs-add-passphrase
Passphrase:

Type in the cleartext passphrase you originally used (not the .key file). It will reply

Inserted auth tok with sig [88...] into the user session keyring

Now type the mount command using the options you saw before. You will need to create the mount point directory:

# mkdir /volume1/mycryptdir
# mount /volume1/\@mycryptdir\@/  /volume1/mycryptdir/ -t ecryptfs -o rw,relatime,ecryptfs_fnek_sig=88...,ecryptfs_sig=88...,ecryptfs_cipher=aes,ecryptfs_key_bytes=32

Your filesystem should now be mounted and useable. You should now clear the password from the in-memory keyring:

# keyctl clear @u

When you have finished, unmount the directory with umount /volume1/mycryptdir.

Or perhaps more directly: https://superuser.com/a/1104513/402193 — r2evans, Jun 12 '20 at 16:05

How can I mount encrypted folder via SSH in Synology NAS?

1 Answers1