walkerjeffd/Synology-Diskstation-Git.md

git update-server-info saved me a headache. Thanks!

There is no /volume1/homes/ directory. Any other options or do I have to create them?

I think this gets created when you first create a normal user through DSM. There's also a simlink in /var/services that points to /volume1/homes.

When I was logging as admin using SSH was throwing the following error:

Could not chdir to home directory /var/services/homes/admin: No such file or directory

Which relates to:

There is no /volume1/homes/ directory. Any other options or do I have to create them?

I found a post that explains how to create the folder by enabling some settings in DSM https://www.chainsawonatireswing.com/2012/01/16/log-in-to-a-synology-diskstation-using-ssh-keys-as-a-user-other-than-root/

Basically go to Control Panel > User > Advanced > User Home > Enable user home service

🎉

Thanks for putting all this info together 🚀

Useful instructions, but kept getting:

fatal: unable to access './config': Permission denied

When attempting to do any git operation on the DSM server.
What solved it was doing a:

chmod -R 766 <name_of_git_repo>.git

i stuck here: scp ~/.ssh/id_rsa.pub [email protected]:/volume1/homes/gituser/.ssh
it said: /var/services/homes/admin/.ssh/id_rsa.pub: No such file or directory

@on3nx You should copy from you local computer's directory ~/.ssh/id_rsa.pub, not your diskstation's directory. So open a new terminal that's not ssh'ed to your diskstation and try to find ~/.ssh/id_rsa.pub. If it's still not there, it means you need to generate a pair of rsa keys(private/public). For instance on mac you can follow these instructions: https://docs.joyent.com/public-cloud/getting-started/ssh-keys/generating-an-ssh-key-manually/manually-generating-your-ssh-key-in-mac-os-x

I want to say thank you to everyone who has contributed in consolidating this information and putting all of this great information in one place. I am a recent SVN convert over to GIT and I was having a difficult time getting everything figured out. Over the last couple of weeks I've got it up and running on my own, and I'm excited to learn more and do more with GIT.

Thank you all again, it couldn't have been done without this article and the comments.

On the latest versions of Synology, authorized_keys should have 600 permissions, .ssh and gituser should both have 711 permissions.

root@backup:/var/services/homes/git/.ssh# ls -la
total 12
drwx--x--x 2 git users 4096 Mar 21 17:25 .
drwx--x--x 3 git users 4096 Mar 21 17:24 ..
-rw------- 1 git users  381 Mar 21 16:55 authorized_keys

Create repositories remotely using supported mechanism

Thank you for this guide! It is extremely useful. Thank you @walkerjeffd

The notes regarding permissions are very important in current Synology builds (thanks @gazgeek and @jerryfromearth).

However the usability needed improving

I was finding it annoying needing to use ssh to login to the Synology and run several commands so that I could create new repositories and do settings. Also I normally have admin disabled, as a security measure and only reenable when required (DSM Control Panel) so it was extra tedious.

To create NewRepo.git it could be as simple as running ssh [email protected] "git-create-repository NewRepo.git" on your local machine.

This guide will show you how to setup repositories remotely with one command.

Note: this uses fully supported features and should work through DSM upgrades and Git version updates. It uses an ability in git-shell to specify additional commands. This guide shows you how to do it and how to use it. Everything is designed around cut and paste.

1. Enable admin if it is disable and login in via ssh

ssh [email protected]

2. Sudo to become root

sudo -u root bash

3. Set the owner on the /volume1/git to be gituser.

chown -R gituser:user /volume1/git

4. Go to ~gituser and then create a git-shell-commands directory in the home directory of gituser

cd ~gituser
mkdir ~gituser/git-shell-commands

5. change the owner and permissions on ~gituser/git-shell-commands

chown gituser ~gituser/git-shell-commands
chmod 755 ~gituser/git-shell-commands

6. create a no-interactive-login script to prevent interactive logins now that this functionality is enabled. To make things easy the following can be copy and pasted directly into the shell and it will create the file.

cat >~gituser/git-shell-commands/no-interactive-login <<\EOF
#!/bin/sh
printf '%s\n' "Hi $USER! You have successfully authenticated, but "
printf '%s\n' "there is NO interactive shell access."
exit 128
EOF

7. create a help file to provide instructions or information. I put very little effort into this

cat >~gituser/git-shell-commands/help <<\EOF
#!/bin/sh
echo "Use ssh and command git-create-repository to create a new git repository on the Synology"
echo "The git repository will be placed in the git area and must use a name formatted as <repo-name>.git"
echo "The repository will be initialised and can then be used to push or pull data."
exit 1
EOF

8. create the git-create-repository file to create new repositories as required.

This script does have error checking and some security features but if you are concerned later please delete or remove execution permissions later.

Check the GIT_HOME setting in this script and edit if required before cutting and pasting

cat >~gituser/git-shell-commands/git-create-repository <<\EOF
#!/bin/sh


# Creates a new git repository to use as source or target.
# 
# Set GIT_HOME to location of the git repositories
# 
if ! test $# -eq 1  
then
  echo >&2 Usage\: git-create-repository \<repo-name\>.git
  exit 1
fi
#
GIT_HOME=/volume1/git
NEW_REPO=$1
#
# Only alphanumeric and period (.) are allowed
# Space is not permitted as it breaks this script and presents a security risk
#
regex='^[0-9a-zA-Z.]*$'
#
if ! [[ "$NEW_REPO" =~ $regex ]]
then
  echo >&2 Illegal character provided in new repository name.
  echo >&2 Only alphanumeric and period are permitted.
exit 1
fi
#
#
# Check for .git ending
regex2='^.*\.git$'
if ! [[ "$NEW_REPO" =~ $regex2 ]]
then
  echo >&2 Usage\: git-create-repository \<repo-name\>.git
  exit 1
fi
#
#
if test -d $GIT_HOME/$NEW_REPO 
then
echo >&2 Can not overwrite or reset existing repository.
exit 1
fi
cd $GIT_HOME
exec git --bare init $NEW_REPO

EOF

9. Change the user and permission on all the scripts in git-shell-commands directory to be owned by gituser and have read and execute permission only.

chown gituser ~gituser/git-shell-commands/no-interactive-login
chown gituser ~gituser/git-shell-commands/help
chown gituser ~gituser/git-shell-commands/git-create-repository
chmod 500 ~gituser/git-shell-commands/no-interactive-login
chmod 500 ~gituser/git-shell-commands/help
chmod 500 ~gituser/git-shell-commands/git-create-repository

10. check everything is okay in ~gituser.

bash-4.3# pwd
/var/services/homes/gituser
bash-4.3# ls -la git-shell-commands/
total 12
dr-xr-x--- 1 gituser users 90 Apr 4 01:07 .
drwxr-xr-x 1 gituser users 86 Apr 3 21:39 ..
-r-x------ 1 gituser users 835 Apr 3 23:04 git-create-repository
-r-x------ 1 gituser users 304 Apr 4 01:07 help
-r-x------ 1 gituser users 143 Apr 3 19:36 no-interactive-login
bash-4.3#

11. check the /volume1/git is ready. I have recycle bin on but #recycle may not exist in your directory

bash-4.3# ls -la /volume1/git
total 0
drwx------+ 1 gituser root 138 Apr 3 22:03 .
drwxr-xr-x 1 root root 664 Apr 3 04:32 ..
drwxrwxrwx+ 1 root root 8 Apr 3 04:33 @eadir
drwxrwxrwx+ 1 root root 22 Apr 3 04:33 #recycle
bash-4.3#

12. Go back to your development host and check that things are operating correctly using the help command. I am using diskstation.local as the Synology host name. ssh -l gituser diskstation.local help

bash-4.3# ssh -l gituser diskstation.local help
Use ssh and command git-create-repository to create a new git repository on the Synology
The git repository will be placed in the git area and must use a name formatted as .git
The repository will be initialised and can then be used to push or pull data.
bash-4.3#

13. Create a new git repository using git-create-repository.

Example is ssh -l gituser diskstation.local help "git-create-repository SynologyGitUsability.git"

bash-4.3# ssh -l gituser diskstation.local help "git-create-repository SynologyGitUsability.git"
Initialized empty Git repository in /volume1/git/SynologyGitUsability.git/
bash-4.3#

14. Mirror an existing git repository into SynologyGitUsability.git. Use git push --mirror to populate. An example would be git push --mirror ssh://[email protected]/volume1/git/SynologyGitUsability.git/

Remember to be in a directory containing a local git repository

bash-4.3# git push --mirror ssh://[email protected]/volume1/git/SynologyGitUsability.git/
Counting objects: 20, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (20/20), done.
Writing objects: 100% (20/20), 3.65 KiB | 622.00 KiB/s, done.
Total 20 (delta 3), reused 0 (delta 0)
To ssh://diskstation.local/volume1/git/SynologyGitUsability.git/

• [new branch] master -> master
  bash-4.3#

15. recheck the git repositories in /volume1/git

bash-4.3# ls -la /volume1/git
total 0
drwx------+ 1 gituser root 186 Apr 4 02:08 .
drwxr-xr-x 1 root root 664 Apr 3 04:32 ..
drwxrwxrwx+ 1 root root 8 Apr 3 04:33 @eadir
drwxrwxrwx+ 1 root root 22 Apr 3 04:33 #recycle
drwx------+ 1 gituser users 98 Apr 4 02:08 SynologyGitUsability.git
bash-4.3#

16. You can confirm data is being stored using disk usage on the directory /volume1/git. I added an Empty.git so you can see one without data

bash-4.3# du -sk /volume1/git/*
4 /volume1/git/#recycle
0 /volume1/git/@eadir
64 /volume1/Git/Empty.git
148 /volume1/Git/SynologyGitUsability.git
bash-4.3#

17. Exit the admin account and you can lock it again if desired. Critical activities can now be managed remotely.

This is the end. So far...

I will be loading all this code onto Github and sharing code and details. Look at SynologyGitUsability in @dmurphyoz

I am getting permission denied when I try to access with the gituser via ssh

via the Github for Windows bash, trying to clone the repo:
"Permission denied, please try again.
fatal: Could not read from remote repository."
Also tried to apply the method of dmurphyoz
But I'm also getting Permission denied after entering the password.

The git folder and all files withing have ownership of gituser:users

I get the feeling the SSH access isnt linked to the user on the nas ??

With my older users I can access the nas via SSH without any problems (same password)

@mahoromax the most likely cause of issues with your gituser is the permissions. Check the following permission.

1. gituser home directory (~gituser/. in bash) should be owned by gituser and have 711 permission rwx--x--x
2. gituser .ssh directory in their home directory (~gituser/.ssh/. owned by gituser and 711 permissions rwx--x--x)
3. the ssh authorized keys file in the .ssh directory (~gituser/.ssh/authorized_keys owned by gituser with 600 permissions rw-------).

For the git access check that the permissions on the git repository, the git directory and that git has been initialized.

1. Check the permissions on the git directory and the git repository you are trying to access
   ls -la /volume1/git/.

The dot directory . should have the following permissions

drwx------+ 1 gituser root 186 Apr 4 02:08 .

The repository directory should have the following permissions

drwx------+ 1 gituser users 98 Apr 4 02:08 SynologyGitUsability.git

2. Ensure git is pointing to the correct directory for git services

My example git repository is called SynologyGitUsability.git

cd SynologyGitUsability.git
git update-server-info

**If you don't yet have a git repository **

The following command sequence is the easiest to create one for testing. You will need to complete step two to update-server-info after creating the first git repository.

You need root or admin access.

1. Sudo to gituser
   sudo -u gituser bash
2. Change directory to git directory
   cd /volume1/git
3. Create an empty git repository In this example I am calling it TestRepository. This would be the name it accessed as remotely

git --bare init TestRepository.git

Finally remember when adding the repository into windows, linux or OS X git tools you must use the full name TestRepository.git.

Tell if this helps or provide more details on what is going wrong. Good luck!

Thank you for the detailed answer.
I double checked all the mentioned permissions (they were usually a bit higher, but I adjusted them to 700/600 to be sure)

Still cant access SSH via gituser
(Hi gituser! You have successfully authenticated, but there is NO interactive shell access. )
I try this via an SSH client (mobaxterm)
Nor clone the bare repo. (GIT for windows)
When I connect it also doesn't accept the SSH key, I get asked for password every time.
"Permission denied, please try again. fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists."
$ git clone ssh://[email protected]/volume2/git/nasgit.git
tried different paths without volume2/git and so on... always the same...

I found a note saying that SSH is only enabled for administrators users, where I enable SSH in the synology options.
Could that be related?

The "NO interactive users" comes from the file ~gituser/git-shell-commands/no-interactive-login

This file is sourced by git-shell which is the assigned shell for gituser once it is associated with GIT.

You can remove this file

rm ~gituser/git-shell-commands/no-interactive-login

OR rename it

mv ~gituser/git-shell-commands/no-interactive-login ~gituser/git-shell-commands/no-interactive-login.HOLD

Remember to move it back or recreate once you are done.

I would login and check if you can initialise a repository using the commands

You need root or admin access.

Sudo to gituser
sudo -u gituser bash

Change directory to git directory
cd /volume1/git

Create an empty git repository In this example I am calling it TestRepository. This would be the name it accessed as remotely
git --bare init TestRepository.git

Finally remember when adding the repository into windows, linux or OS X git tools you must use the full name TestRepository.git.

Trouble shooting the requirement for password

First check what it is doing using the ssh client in verbose mode.

ssh -vvv [email protected]

You are looking for information on matching keys etc.

Be aware that it could be rejected because .ssh/authorized_keys does not exist or permissions are incorrect on the file or the .ssh directory on the Synology. You also need to be aware of name or IP address mismatches between files. If your id_rsa.pub file has an old hostname or IP address in it then this will not match.

The ssh client will require a password if you have created a password on your private key file on your local machine. It is difficult to remove this and not break other things, so i would recommend you creating another one.

ssh-keygen -t rsa -f gituser_rsa

Generating an ssh key on a mac os x

You will then need to append the gituser_rsa.pub file onto the .ssh/authorized_keys file.

Hope these things help.

Hi,

Thanks for the post!

• To make "password-less ssh" work, aside from @gazgeek's suggestion, I also find out that I need to change the permission of the user folder (that contains .ssh) to 755. Previously it was 711:

chmod 755 /home/gituser

Reference:
http://superuser.com/questions/736055/ssh-with-no-password-passwordless-on-synology-dsm-5-as-other-non-root-user

With your tip I could make it work for my buddy who is a non-root user and needs access to my git repository.
Thanks for sharing!

Hi, thanks for your above comments,
this is what I have done on my Synology.

On Diskstation interface.

1. Create gituser.
2. Create git shared folder.
3. Grand access for gituser to the shared folder.
4. Enable SSH access (Control Panel > Terminal & SNMP > Enable SSH Service)
5. Install Git Server package.
6. Open Git Server and allow gituser permissions.

On local computer. (Generate SSH key pair and copy public key to Diskstation)

ssh-keygen -t rsa -b 4096
scp ~/.ssh/id_rsa.pub [email protected]:/tmp

On Diskstation SSH. (Create Git repository, configure permissions and SSH Server )

ssh [email protected]
cd /volume1/git
git init --bare --shared myrepo.git
cd ./myrepo.git
git update-server-info
sudo ln -s /volume1/git/myrepo.git /myrepo.git

sudo su -
mkdir /volume1/homes/gituser/.ssh
cat /tmp/id_rsa.pub >> /volume1/homes/gituser/.ssh/authorized_keys
chown -R gituser:users /volume1/homes/gituser/.ssh
chmod 755 /volume1/homes/gituser
chmod 711 /volume1/homes/gituser/.ssh/
chmod 600 /volume1/homes/gituser/.ssh/authorized_keys

vim /etc/ssh/sshd_config
    RSAAuthentification yes
    PubkeyAuthentification yes
synoservicectl --reload sshd

On local computer.
git clone ssh://[email protected]/myrepo.git

@walkerjeffd @denrzh Hi all could someone please advise. I followed all the steps but when I open the application Git Server my list of users is empty! Why are no users showing up at all on the GitServer app? I'm logged in as a user who has admin access.

@walkerjeffd @denrzh Hi all could someone please advise. I followed all the steps but when I open the application Git Server my list of users is empty! Why are no users showing up at all on the GitServer app? I'm logged in as a user who has admin access.

Hi mate! It's blank for me too, as I don't need to restrict the use of the git shell to specific users.
Since all my users can use git repositories, i manage their permission through the configured gituser - as discussed above.

Please make sure to check the hint in the documentation when you click the "?" in that GIT server dialog:

(Sorry, my NAS is setup in German, but I guess the English documentation will provide the same information.)

The issue can be resolved by editing "appPriv" in SYNO.Git.lib file.
cat /var/packages/Git/target/webapi/SYNO.Git.lib

Before appPriv edit.
{"SYNO.Git.lib": {"allowUser": ["admin.local", "admin.domain", "admin.ldap"], "appPriv": "SYNO.SDS.GIT.Instance", "authLevel": 1, "lib": "/var/packages/Git/target/webapi/SYNO.Git.so", "maxVersion": 1, "methods": {"1": [{"enum_user": {"grantable": true}}, {"apply": {"grantable": true}}]}, "minVersion": 1, "priority": 0}}

After appPriv edit.
{"SYNO.Git.lib": {"allowUser": ["admin.local", "admin.domain", "admin.ldap"], "appPriv": "", "authLevel": 1, "lib": "/var/packages/Git/target/webapi/SYNO.Git.so", "maxVersion": 1, "methods": {"1": [{"enum_user": {"grantable": true}}, {"apply": {"grantable": true}}]}, "minVersion": 1, "priority": 0}}

@walkerjeffd @denrzh Hi all could someone please advise. I followed all the steps but when I open the application Git Server my list of users is empty! Why are no users showing up at all on the GitServer app? I'm logged in as a user who has admin access.

Hi mate! It's blank for me too, as I don't need to restrict the use of the git shell to specific users.
Since all my users can use git repositories, i manage their permission through the configured gituser - as discussed above.

Please make sure to check the hint in the documentation when you click the "?" in that GIT server dialog:

(Sorry, my NAS is setup in German, but I guess the English documentation will provide the same information.)

@denrzh It works!!! , thanks, but i do not know why

Hi, thanks for your above comments,
this is what I have done on my Synology.

On Diskstation interface.

1. Create gituser.
2. Create git shared folder.
3. Grand access for gituser to the shared folder.
4. Enable SSH access (Control Panel > Terminal & SNMP > Enable SSH Service)
5. Install Git Server package.
6. Open Git Server and allow gituser permissions.

On local computer. (Generate SSH key pair and copy public key to Diskstation)

ssh-keygen -t rsa -b 4096
scp ~/.ssh/id_rsa.pub [email protected]:/tmp

On Diskstation SSH. (Create Git repository, configure permissions and SSH Server )

ssh [email protected]
cd /volume1/git
git init --bare --shared myrepo.git
cd ./myrepo.git
git update-server-info
sudo ls -s /volume1/git/myrepo.git /myrepo.git

sudo su -
mkdir /volume1/homes/gituser/.ssh
cat /tmp/id_rsa.pub >> /volume1/homes/gituser/.ssh/authorized_keys
chown -R gituser:users /volume1/homes/gituser/.ssh
chmod 755 /volume1/homes/gituser
chmod 711 /volume1/homes/gituser/.ssh/
chmod 600 /volume1/homes/gituser/.ssh/authorized_keys

vim /etc/ssh/sshd_config
    RSAAuthentification yes
    PubkeyAuthentification yes
synoservicectl --reload sshd

On local computer.
git clone ssh://[email protected]/myrepo.git

Thank you very much for your great instructions!

I think there's a typo "sudo ls -s". It should be "ln" instead of "ls".

It seems Synology removed interactive command support in their packaged version of git:

https://community.synology.com/enu/forum/8/post/147518

If you get the 'fatal: git package does not support interactive shell' messages, then that's why.

A workaround (discussed in the linked forum) to remove the Syno package, install community, get the git-shell executable, remove community and reinstall Syno git package, and overwrite their version of git-shell. You have to do it as root so be careful what you type.

Multiple units, DSM7.0, Synology GIT server package: 2.26.2-1015

@dmurphyoz I have been trying to follow your scripts but the problem I ran into is that the remote execution could not find these scripts.
running a remote env command gives PATH=/usr/bin:/bin:/usr/sbin:/sbin. The login shell of gituser is /bin/sh, I tried to add a ~/.profile, ~/.shinit file, did not load, I also tried to change the login shell to /bin/bash but then access was denied. Could you provide more insight? I'm using DSM7 btw.

Create repositories remotely using supported mechanism

Thank you for this guide! It is extremely useful. Thank you @walkerjeffd

Six years on and this still seems the best documentation available for this process - thank you. Unfortunately I did not find it until near the end of the process.
In my case I was using DSM 7.1.? and then then found I could manually upgrade to 7.2.1.
Each version upgrade seems to tie the system down even tighter in terms of "security", but the measures taken seem to me somewhat arbitrary. There are at least three layers of actively blocking me trying to get a login shell for the git user (just so I can get things set up).

Here are some other observations people might find useful

Openssh requirements for public key use.

From the manual for opensshd, on Linux systems it requires only that group and other permissions are set to be not writable. Whether you apply mode 0600, 700, 711 or 755 should not make any difference. As mentioned, this requirement applies to:

1. the git user's login dir,
2. ~/.ssh and
3. authorized_keys under that.

What I don't know the answer to is how much DSM's default to inherited ACL permissions breaks this.
The presence of a "+" in the permission list of ls -l indicates ACLs are in operation and the unix-mode flags are fabrications. In some cases, different users will see different flags shown for the same directory.
Using chmod on a file or directory will disable the ACLs and assign the unix-mode values you have specified, but if your home directory is not set suitably then you may think it is safe, but to root it reports as world- or group-writable.
In the end, I used the undocumented synoacltool to remove inheritance and delete write-access to 'admin'. So, the lesson is, if you see a "+" on the permission flags with ls then apply a chmod, even if the values already look ok.

Did Synology modify opensshd to take ACLs into account? I doubt it.

sftp chroot

Another thing that threw me for a bit was that ssh in a default config will log you in with access to the full file system. However, sftp and scp do something like a chroot and they only expose shared folders you have permission to access.
So, what looks like /volume1/gitfiles/ when you log in, becomes /gitfiles under sftp and scp. And the default starting folder with scp is not your home dir - I've not found a way that does not need a full path specified.

2024 - this all still seems to be a problem.
I rarely fiddle with SSH keys, so I wonder - my client only prompts me to give it a private key… this instruction does also… I'd assume, since this is the host, that it also (should) issue certificates. How'd I go about that?

Thanks for this precious piece of information.

Just a couple of comments, maybe other people may found these helpful:

1. in my case, on a DS214+, home directories are under /var/services/homes
2. for SCP to work, I had to add the legacy compatibility flag -O otherwise i was getting the error subsystem request failed on channel 0

Even if your guide does not mention SSHing with gituser, I want to point out that after installing the git service, every user - except root - won't connect anymore on SSH giving the error fatal: git package does not support interactive shell.
To fix this, you will need to edit /etc/passwd and restore /bin/sh as the login shell for all affected users.

In addition to this, if you create bare repository directly SSHing with gituser, you won't need to change permissions or ownership of the repo directories.

I just found another approach which worked for me:

1. login with your Synology admin account (should not me "admin" anymore ;-)) from your client machine using ssh (ssh must be enabled as the diskstation, of course)
2. go to the location where your git repo will live, e.g. /volume1/git-repos
3. create a repo sub directory, e.g. my-repo,
4. enter the repo sub directory and initialize a bare git repo: git init --bare
5. enter the diskstation GUI as admin, go to the created sub directory and change the user recursively (check box below) for the whole repo directory; let's assume, the user is git-user (changing the user at the ssh prompt will not work!)
6. go to your client machine and clone the repo with: git clone ssh://git-user@diskstation:22/volume1/git-repos/my-repo
   Note: The ssh port may be different on your machine;  diskstation is the DNS name of your diskstation; /volume1/git-repos/my-repo is the full path to the created repo sub directory. 
7. a password prompt for git-user gets displayed where the according password needs to be entered

I guess, for multi user scenarios this will also work if the a special git-users group is created with all git users in it and the created repo directory is assigned to this group with read/write permissions (not tested).

For single user scenarios I observed that if a git repo is created under /var/services/homes/<user>/git/<repo> it is accessible through ssh://<user>@diskstation:22/var/services/homes/<user>/git/<repo>. Maybe, with the git user group approach from above it will also work in multi user scenarios.

DS213j:DSM 6.2.4-25556 Update 8

thanks

Hi there! As far as I understood this thread, there is no way to use Synilogy Git server when your NAS not in local network. Is there any way to use QuickConnect Id or something else?

Hi there! As far as I understood this thread, there is no way to use Synilogy Git server when your NAS not in local network. Is there any way to use QuickConnect Id or something else?

I don't think there is anything in this thread that means it only ever works on local networks - but that would be how most people use it.

I don't know anything about quick-connnect, except that I don't use it.

I don't think there is anything totally blocking access via port forwarding, but you would need to be really careful exposing it to the internet, especially port 22 which will get flooded with brute force attacks.
The only way I would do it would be to create a vpn between the two sites - that way the client appears to be local. It does require at least one side to have static, or at least stable IP address.
There are possibly firewall rules that you might have to relax.

Hi @AllNickNamesAreBusySoITakenThis and @CameronD73

It's been a while since I have been on this thread and currently I am in another country to my Synology.

There are several ways to achieve this:

• Use a Mesh VPN to connect to your Synology and create a secure Tunnel for your git traffic
• Site-to-site VPN and effectively make your Synology appear on your local network
• Port forwarding off your router (not a great idea)

Mesh VPN (e.g. TailScale)
Using a Mesh VPN like TailScale (merely an example but a version is available for Synology) you can install a client on your Synology which will create an outbound tunnel from your Synology machine. This can either expose services in this case SSH via Port 22 or one or more systems on the local network with the Synology.

A client machine running the Mesh VPN client and logged into your network can then see this as though it is on the local network.

This is probably the easiest answer and depending on the security of the individual VPNs and your VPN credentials the most secure.

Site-to-site VPN
Either using your router or running the VPN software on the Synology system you can join different networks together.

You will need to manage IP address lookup either with /etc/hosts or DNS but all your Synology services become visible and unfortunately are also open to remote compromise if the remote site is hacked or malware/viruses etc attack there.

Port forwarding at the router
Either using the the Dynamic address of the QuickConnect or simply using a Dynamic Address from the local internet router where the Synology is located you can achieve a remote connection.

I would not open Port 22 and forward this to your Synology unless you really desire a miserable existence. Instead I would port forward another higher port on your router to the appropriate port on your Synology. You will also need something like the following

echo "Host diskstation.local
    Hostname easytofindgitserver.dyndns.com
    Port 8721
    User git" >> ~/.ssh/config

If you use "diskstation.local" as your git address then this would use a Dyndns entry called "easytofindgitserver.dyndns.com" to access it via port 8721. Remember that easytofindgitserver is public information so calling it "myhiddensshtunnel" would be another really bad name.

However using this method would give you a quick and dirty method if you only want to do this for a very short time. Tuning off port forwarding at the router stops this.

On the router Internet Port 8721 would be mapped to the port 22 (e.g. 192.168.0.12 port 22).

I hope this gives you some ideas.