Solved Reset Synology admin account
-
I have a Synology that no one can log in to for administrative purposes.
It is running just fine at the moment and apparently has the built in Synology backup tool syncing the data to another Synology that I can log in to.https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General_Setup/How_to_reset_my_Synology_NAS
That document says to hit the reset button for 3 seconds and will will default the admin user account back to no password. It also says it will reset the networking. I can fix that.But, it also says it resets Encrypted folders
Encrypted folders are unmounted and the feature Mount automatically on startup is disabled. For security reasons, if the cypher is a machine key, it is deleted from Key Manager. To learn how to retain the machine key for decrypting shared folders after reset, please refer to this article.
I don't know if the drives are encrypted or not.
The linked article is this, and it seems to me to assume that you have access after the reset and can recover the key?
https://www.synology.com/en-us/knowledgebase/DSM/help/DSM/AdminCenter/file_share_key_managerThis unit is critical to the daily operations of the site, so I do not want to do the admin reset if I am not clear on the impact. At least not until I have exhausted all other options.
-
@wirestyle22 said in Reset Synology admin account:
please refer to this article." here
Correct, that is what I linked above.
The odds of this being encrypted is tiny. But not zero.
It is not my call to make. I advise, educate, and recommend.
-
Is SSH enabled?
-
@VoIP_n00b said in Reset Synology admin account:
Is SSH enabled?
the root password is the administrator account password. won't work since he doesn't have it
-
@VoIP_n00b said in Reset Synology admin account:
Is SSH enabled?
Still need a password. I recovered access to 3 other Synology units here that way.
Their SSH password worked and I used
synouser -setpw admin NEWPW
to reset the GUI password and log in. -
Right, I understand that. Just wondering because it gives you more options.
-
@VoIP_n00b said in Reset Synology admin account:
Right, I understand that. Just wondering because it gives you more options.
Only if you can log in. Still unclear why SSH login worked for the other three devices when the GUI did not with the same credentials.
On to my question.. Anyone familiar with this encryption question?
-
@JaredBusch said in Reset Synology admin account:
@VoIP_n00b said in Reset Synology admin account:
Right, I understand that. Just wondering because it gives you more options.
Only if you can log in. Still unclear why SSH login worked for the other three devices when the GUI did not with the same credentials.
On to my question.. Anyone familiar with this encryption question?
I believe it uses the password you don't have for the encryption/decryption process. So if you reset it, you would not be able to read any of your encrypted files even if you transferred the key. No real way around this as far as I understand it.
-
@wirestyle22 said in Reset Synology admin account:
@JaredBusch said in Reset Synology admin account:
@VoIP_n00b said in Reset Synology admin account:
Right, I understand that. Just wondering because it gives you more options.
Only if you can log in. Still unclear why SSH login worked for the other three devices when the GUI did not with the same credentials.
On to my question.. Anyone familiar with this encryption question?
I believe it uses the password you don't have for the encryption/decryption process. So if you reset it, you would not be able to read any of your encrypted files even if you transferred the key. No real way around this as far as I understand it.
That is not what the documentation seems to say. Hence my question.
-
Do you have another unit you can test on?
-
Can you boot it into single mode? I found this article, it's a bit dated but perhaps still relevant:
https://wrgms.com/entering-single-user-mode-on-a-synology/ -
@marcinozga said in Reset Synology admin account:
Can you boot it into single mode? I found this article, it's a bit dated but perhaps still relevant:
https://wrgms.com/entering-single-user-mode-on-a-synology/Did you actually read that? Not happening. This is a business and not a hobby.
-
@JaredBusch said in Reset Synology admin account:
@wirestyle22 said in Reset Synology admin account:
@JaredBusch said in Reset Synology admin account:
@VoIP_n00b said in Reset Synology admin account:
Right, I understand that. Just wondering because it gives you more options.
Only if you can log in. Still unclear why SSH login worked for the other three devices when the GUI did not with the same credentials.
On to my question.. Anyone familiar with this encryption question?
I believe it uses the password you don't have for the encryption/decryption process. So if you reset it, you would not be able to read any of your encrypted files even if you transferred the key. No real way around this as far as I understand it.
That is not what the documentation seems to say. Hence my question.
Regardless of what the documentation says it uses eCryptFS so you need the key file you--or the person before you--had the option of downloading when creating the directory or exporting afterwards. I'm assuming you don't have this because you likely wouldn't be asking if you did. You can't export it now because no password.
I think it would make sense to sign the key of the backup nas with the production nas and vice versa so you can read any of the files on either NAS. I know you can't do this now, but I'm just saying for the future.
-
@JaredBusch said in Reset Synology admin account:
@marcinozga said in Reset Synology admin account:
Can you boot it into single mode? I found this article, it's a bit dated but perhaps still relevant:
https://wrgms.com/entering-single-user-mode-on-a-synology/Did you actually read that? Not happening. This is a business and not a hobby.
I didn't go into details there, but since Synology basically runs Linux, I see no reason not to boot into single user mode and changing root password there.
Edit: Nvm, I didn't realize you had to take it apart to hook up serial cable. -
If you don't know that there is an encrypted folder and there is no USB attached to the Synology then you won't be using Encryption on the SYnology.
-
See more here, which is what I have followed when I do the reset like you did on the back of the device
https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/file_share_key_manager -
@dbeato said in Reset Synology admin account:
See more here, which is what I have followed when I do the reset like you did on the back of the device
https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/file_share_key_managerThat does not tell me certain. The key store should not be on the device but it can be.
And even if it was on an external usb that is disconnected. Synology will continue to boot as long as the internal key is there. But doing an admin reset removes that
-
@JaredBusch I get it so then, there are two options:
- Backup the data and reset the password and transfer back.
- Reset the admin password and copy the data from the other Synology if you don’t see some data as encrypted.
Other then that someone will have to have the password. But nothing can be certain.
-
@dbeato said in Reset Synology admin account:
Backup the data and reset the password and transfer back.
I am in the process of copying the share to another device.
-
@JaredBusch said in Reset Synology admin account:
@dbeato said in Reset Synology admin account:
Backup the data and reset the password and transfer back.
I am in the process of copying the share to another device.
"Encrypted folders are unmounted and the feature Mount automatically on startup is disabled. For security reasons, if the cypher is a machine key, it is deleted from Key Manager. To learn how to retain the machine key for decrypting shared folders after reset, please refer to this article." here
Isn't the fear here that the key will be wiped from the keystore if it is hosted on the machine itself? There is also no way to verify as you can't access it right? I'm curious what backing up the files is going to do if you can't access them due to the reset wiping the key
-
@wirestyle22 said in Reset Synology admin account:
I'm curious what backing up the files is going to do if you can't access them due to the reset wiping the key
it is a share. You copy the files.