QNAP NAS – Enabling and Securing SSH for Use with RPI SSH Pro

Support → RPI SSH Pro
, , , ,
1

In this guide, I will show you how to enable SSH access on a QNAP NAS device and how to configure it securely for use with the RPI SSH Pro application.

This guide is written for QTS, but the process is very similar on QuTS hero as well.

:one: Enabling SSH in QTS

  1. Log in to your QNAP web interface.
  2. Open: Control Panel
  3. Click: Network & File Services
  4. Select: Telnet / SSH
  5. Check: Allow SSH connection

Default port: 22

Click Apply.

The SSH service will become active immediately.

:two: Changing the SSH Port (Optional)

For security reasons, you may change the default SSH port (for example, to 2222).

If you modify the port:

  • Save the settings
  • Allow the new port in the QNAP firewall
  • Enter the same port number in RPI SSH Pro

:warning: If the port is not allowed in the firewall, you may receive a Connection timed out error.

:three: Checking the QNAP Firewall

If QNAP Firewall is enabled:

  1. Go to Control Panel → System → Security → Firewall
  2. Ensure that your selected SSH port is allowed
  3. It is recommended to create an Allow rule for your local network

If not properly configured, the connection may fail.

:four: User Permissions

Not every user account can log in via SSH.

Recommended best practices:

  • Avoid using the admin account
  • Create a dedicated user for SSH access
  • Assign appropriate permissions

Advanced users may enable root access, but this should only be done with caution.

:five: Remote Access – VPN Strongly Recommended

:warning: It is not recommended to expose the SSH port directly to the internet.

A safer solution:

After connecting via VPN, your NAS will be accessible as if you were on the local network.

This significantly reduces the risk of automated brute-force attacks.

:six: Configuration in RPI SSH Pro

Host: QNAP NAS IP address

Port: The SSH port configured in QTS

Username: QNAP user account

Authentication: Password

On the first connection, the application:

  • Retrieves the NAS SSH host key
  • Stores it securely
  • Displays a warning if the key changes

If approved by the user, the stored host key will be updated.

:locked_with_key: Additional Security Recommendations

  • Enable IP-based blocking
  • Use a strong password
  • Consider setting up SSH key authentication
  • Disable Telnet service (if not needed)

:red_exclamation_mark: Common Errors

Connection refused

→ SSH service is not enabled

Connection timed out

→ Firewall or port is not properly configured

Permission denied

→ Incorrect username or password

:speech_balloon: Need Help?

Please provide:

  • QTS / QuTS hero version
  • SSH port used
  • Local or VPN connection
  • Exact error message