Strongbox Newsletter #2

This is issue 2 of our newsletter (April 26th 2021) sent out to our subscribers by mail every now and then. Interested to hear news and updates about Strongbox, KeePass, Password Management and the wider InfoSec world.

Continue reading

Syncing With a Synology NAS

It seems that Synology released an update (version 5.15.0 on April 13th 2021) to their DS File App which appears to be problematic for users who use the “Files” method to sync their databases with Strongbox. Unfortunately we don’t know exactly what Synology have done here, and there’s little we can do to fix things. So we would like to make sure everyone is aware of the best way to perform sync with a Synology device.

Update 13-Sept-2021: We are receiving reports that Synology have now fixed their App. We continue to recommend the methods below.

Recommended Methods

We always recommend users use either WebDAV or SFTP to sync their databases with their Synology NAS devices as it appears to be a much more reliable method and isn’t prone to getting things out of sync or randomly failing. You can also access your NAS via SFTP/WebDAV using the MacOS version of Strongbox.

A Note on using SMB

Unfortunately there are reports that SMB isn’t very reliable via iOS Files and also suffers from security issues, so using it over the public Internet isn’t recommended.

WebDAV & SFTP – Recommended

So we’ll stick with WebDAV & SFTP. This is all the more pressing now with the release of the broken DS File update. In this article we’ll cover getting WebDAV or SFTP up and running and connecting via Strongbox’s built in WebDAV support.

WebDAV

The authoritative Synology instructions can be found here. In a very short summary you need to:

  1. Log in to the Disk Station Manager or DSM with an account belonging to the administrators group.
  2. Go to Package Center to install WebDAV Server.
  3. Launch WebDAV Server and check Enable HTTPS checkbox. You can customise the port number if you like.
  4. Save the settings.
  5. To access from Strongbox, choose Add Existing Database
  6. Choose WebDAV
  7. Enter the IP address or the hostname of your Synology NAS followed by a colon followed by the port number (usually 5006 but may be different depending on how you have configured it). For example: https://my.host.com:5006
  8. Enter your username/password.
  9. You may not have configured a fully functional certificate (we would recommend that you do, you could use Lets Encrypt for example), if your certificate isn’t valid, then tick the ‘Allow Untrusted Certificate’ checkbox in Strongbox.
  10. All going well you should now be able to browse your file system for your password database.
  11. Finally add that database and you’re all set!

Some tips/tricks from other users who managed to get WebDAV working on their setups. These may or may not apply to you and haven’t been verified:

  • Ensure that the correct WebDAV port number is used in the URL/Address you enter
  • Make sure the WebDAV port is enabled in the Synology’s firewall
  • Make sure the WebDAV port is forwarded on the router if accessing remotely
  • Ensure Synology user account has WebDAV permissions
  • If using your own (untrusted) SSL certificate, ensure “Allow Untrusted Certificate” is enabled
  • In some cases you may need to append /home to your WebDAV URL. See here for more details.
  • Ensure the user password does not have any special characters if you are getting authentication errors
  • TLS/ SSL Profile Levels at “Modern compatibility” seem to work but you may want to change this if you have trouble.

SFTP

The authoritative Synology instructions can be found here. In a very short set of instructions:

  1. Log in to the Disk Station Manager or DSM with an account belonging to the administrators group.
  2. Click on Control Panel
  3. Click on File Services
  4. Click on the FTP tab
  5. Scroll down to the SFTP Section and enable
  6. Now, SFTP is live. We just need to make sure that a user is able to access the SFTP service. You can do this under Control Panel also. Select the Users component and create or ensure your user has SFTP access.
  7. To access from Strongbox, choose Add Existing Database
  8. Choose SFTP
  9. Enter the IP address or the hostname of your Synology NAS.
  10. Enter your username/password.
  11. All going well you should now be able to browse your file system for your password database.
  12. Finally add that database and you’re all set!

There is a good YouTube video which explains the steps to configure your Synology as an SFTP server.

Other Helpful Hints, Tips and Tricks

There is a plethora of information in the below video for how to configure your NAS for external connectivity which you may find helpful. It is presented in a friendly and funny way. Worth a look.

Please let us know if we should any other details, or how your experience was with these instructions, so that we can update this article for others.