Solved Reset Synology admin account
-
@wirestyle22 said in Reset Synology admin account:
@JaredBusch said in Reset Synology admin account:
@VoIP_n00b said in Reset Synology admin account:
Right, I understand that. Just wondering because it gives you more options.
Only if you can log in. Still unclear why SSH login worked for the other three devices when the GUI did not with the same credentials.
On to my question.. Anyone familiar with this encryption question?
I believe it uses the password you don't have for the encryption/decryption process. So if you reset it, you would not be able to read any of your encrypted files even if you transferred the key. No real way around this as far as I understand it.
That is not what the documentation seems to say. Hence my question.
-
Do you have another unit you can test on?
-
Can you boot it into single mode? I found this article, it's a bit dated but perhaps still relevant:
https://wrgms.com/entering-single-user-mode-on-a-synology/ -
@marcinozga said in Reset Synology admin account:
Can you boot it into single mode? I found this article, it's a bit dated but perhaps still relevant:
https://wrgms.com/entering-single-user-mode-on-a-synology/Did you actually read that? Not happening. This is a business and not a hobby.
-
@JaredBusch said in Reset Synology admin account:
@wirestyle22 said in Reset Synology admin account:
@JaredBusch said in Reset Synology admin account:
@VoIP_n00b said in Reset Synology admin account:
Right, I understand that. Just wondering because it gives you more options.
Only if you can log in. Still unclear why SSH login worked for the other three devices when the GUI did not with the same credentials.
On to my question.. Anyone familiar with this encryption question?
I believe it uses the password you don't have for the encryption/decryption process. So if you reset it, you would not be able to read any of your encrypted files even if you transferred the key. No real way around this as far as I understand it.
That is not what the documentation seems to say. Hence my question.
Regardless of what the documentation says it uses eCryptFS so you need the key file you--or the person before you--had the option of downloading when creating the directory or exporting afterwards. I'm assuming you don't have this because you likely wouldn't be asking if you did. You can't export it now because no password.
I think it would make sense to sign the key of the backup nas with the production nas and vice versa so you can read any of the files on either NAS. I know you can't do this now, but I'm just saying for the future.
-
@JaredBusch said in Reset Synology admin account:
@marcinozga said in Reset Synology admin account:
Can you boot it into single mode? I found this article, it's a bit dated but perhaps still relevant:
https://wrgms.com/entering-single-user-mode-on-a-synology/Did you actually read that? Not happening. This is a business and not a hobby.
I didn't go into details there, but since Synology basically runs Linux, I see no reason not to boot into single user mode and changing root password there.
Edit: Nvm, I didn't realize you had to take it apart to hook up serial cable. -
If you don't know that there is an encrypted folder and there is no USB attached to the Synology then you won't be using Encryption on the SYnology.
-
See more here, which is what I have followed when I do the reset like you did on the back of the device
https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/file_share_key_manager -
@dbeato said in Reset Synology admin account:
See more here, which is what I have followed when I do the reset like you did on the back of the device
https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/file_share_key_managerThat does not tell me certain. The key store should not be on the device but it can be.
And even if it was on an external usb that is disconnected. Synology will continue to boot as long as the internal key is there. But doing an admin reset removes that
-
@JaredBusch I get it so then, there are two options:
- Backup the data and reset the password and transfer back.
- Reset the admin password and copy the data from the other Synology if you don’t see some data as encrypted.
Other then that someone will have to have the password. But nothing can be certain.
-
@dbeato said in Reset Synology admin account:
Backup the data and reset the password and transfer back.
I am in the process of copying the share to another device.
-
@JaredBusch said in Reset Synology admin account:
@dbeato said in Reset Synology admin account:
Backup the data and reset the password and transfer back.
I am in the process of copying the share to another device.
"Encrypted folders are unmounted and the feature Mount automatically on startup is disabled. For security reasons, if the cypher is a machine key, it is deleted from Key Manager. To learn how to retain the machine key for decrypting shared folders after reset, please refer to this article." here
Isn't the fear here that the key will be wiped from the keystore if it is hosted on the machine itself? There is also no way to verify as you can't access it right? I'm curious what backing up the files is going to do if you can't access them due to the reset wiping the key
-
@wirestyle22 said in Reset Synology admin account:
I'm curious what backing up the files is going to do if you can't access them due to the reset wiping the key
it is a share. You copy the files.
-
@wirestyle22 said in Reset Synology admin account:
please refer to this article." here
Correct, that is what I linked above.
The odds of this being encrypted is tiny. But not zero.
It is not my call to make. I advise, educate, and recommend.
-
I see my mistake here and get what you are doing
-
@jaredbusch said in Reset Synology admin account:
@wirestyle22 said in Reset Synology admin account:
please refer to this article." here
Correct, that is what I linked above.
The odds of this being encrypted is tiny. But not zero.
It is not my call to make. I advise, educate, and recommend.
So my original research was correct and it was simply a reset and pray.
As expected, the unit was not encrypted and all came up good.
-
@jaredbusch
Glad Assuming the drives could be identified as to what is RAID, could you have removed the redundant set, then progressed with the reset and if it worked, great. If not, then you could have put the redundant set back in and not have lost anything other than the time and knowledge that the drives were indeed encrypted?