top | item 38030239

(no title)

antsar | 2 years ago

Experienced this too. Having SSH access enabled on the Synology saved the day. There's no 2FA prompt on SSH, so you can SSH in and manually fix the time.

discuss

olyjohn|2 years ago

Kinda defeats the whole point of MFA if you can just bypass it like that.

caconym_|2 years ago

SSH and the web UI are two different interfaces running on separate ports that can be firewalled differently. You might, for instance, expose the web UI on an external port on your router while restricting SSH access to the NAS's subnet. In that case, the MFA is a critical extra layer of security.

TrickardRixx|2 years ago

If the SSH key is password-protected, then SSH access is MFA.

crazygringo|2 years ago

Which is why you have to manually enable SSH and it warns you that it's a big security risk.

You're entirely right -- the "proper" way is to login with MFA, enable SSH, do your thing, and then re-disable SSH.

jethro_tell|2 years ago

Well, maybe, if you have an ssh key, instead of an ssh password, there's a lot less surface area there.

naasking|2 years ago

Old tricks are the best tricks!