Frequently Asked Question

File Sharing: How to access files on Synology NAS via FTP?
Last Updated 8 years ago

Overview

The Synology NAS can act as an FTP (file transfer protocol) server, allowing users to access shared folders and files over the Internet. FTP settings allow you to share specific folders on your Synology NAS with certain users or allow anonymous access. In addition, you can control advanced settings, such as encryption service, transfer log, and transfer speed limits.

This article guides you through the basics of sharing files stored on your Synology NAS via FTP and its encrypted variants.

1. Before You Start

This article assumes that you have already done the following:
  • Set up your Synology NAS.
  • Installed DiskStation Manager (DSM) on your Synology NAS.
  • Configured your Synology NAS to be accessible over the Internet (see this tutorial).
For information about basic hardware and software setup, please refer to the Quick Installation Guide for your Synology product. You can also see Synology NAS User's Guide for additional information related to this article. Both documents are available at the Synology Download Center.

2. Setting up FTP Services

First, before transferring any data with FTP, you will need to enable FTP services on your Synology NAS. The section below explains how to configure basic FTP services, as well as allow registered or anonymous users to access specific shared folders via FTP.


2.1 Enabling FTP Services

This section explains how to enable FTP services on your Synology NAS. Before starting, please ensure the following TCP ports of your router are being forwarded to the Synology NAS: 21 (default control connection), 20 (data connection for active mode) and 1025-65535 (data connection for passive mode). Port forwarding settings can be found at Control Panel > External Access.

  1. Log in to DSM using an account belonging to the administrators group.
  2. Go to Control Panel > File Services > FTP.
  3. Select one of the following options and specify relevant settings:
    1. Enable FTP service (No encryption): FTP is the standard network protocol used to transfer files, without encryption mechanisms to protect information (e.g. usernames, passwords, and files) during transfer sessions. However, FTP provides faster transfer speeds and requires less system resource.
    2. Enable FTP SSL/TLS encryption service (FTPS): FTPS is an extension to FTP, with additional support for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocols that protect information (e.g. usernames, passwords, and files) during transfer sessions. However, FTPS provides slower transfer speeds and consumes more CPU resource due to encryption.
    3. Enable SFTP service: SFTP is a file transfer protocol extension to the Secure Shell (SSH) protocol. SFTP only requires one TCP port number, and can authenticate users without passwords via private and public keys. However, SFTP provides slower transfer speeds and consumes more CPU resource due to encryption.
  4. Click Apply to save the settings.
Note:
  • The default port number for FTP service is 21. The port range for Passive (PASV) FTP can be set from 1025 to 65535 and contain up to 128 ports; however, the default range varies with Synology NAS models.
  • The port number for FTP can be set from 1 to 65535, excluding reserved port numbers for other services or packages, for example 20, 22, 23, 25, 80, 110, 137, 138, 139, 143, 199, 443, 445, 515, 543, 548, 587, 873, 993, 995, 3306, 3689, 5000, 5001, 5005, 5006, 5335, 5432, 8080, 8081, 9997, 9998, 9999, 50001, 50002, and eMule default ports: 4662 (TCP), 4672 (UDP).
  • The "guest" account cannot log in to the server via FTP. To allow anonymous users to access shared folders via FTP, please see Section 2.4 Allow Anonymous Users to Access Shared Folders via FTP.
  • We recommend using UTF-8 encoding for FTP services. The codepage settings on the FTP client must be the same as that of the Synology NAS in order to access the data correctly.

2.2 Advanced Settings

On the Advanced Settings page, you can manage file transfer logs, enable anonymous users to access shared folders, or change users' root home for FTP transfer. To access these settings, go to Control Panel > File Services > FTP and click Advanced Settings.

2.3 Allow Users to Access Shared Folders via FTP

If one of the users on your Synology NAS cannot access a certain shared folder via FTP, make sure the user has the proper read/write permissions for that shared folder. To edit a user's read/write permissions, please follow the instructions below.
  1. Log in to DSM using an account belonging to the administrators group.
  2. Go to Control Panel > User.
  3. Select the user whose permissions you wish to change and click Edit.
  4. Go to the Permissions tab.
  5. Assign the user's read/write permissions for shared folders by checking the appropriate boxes.
  6. Go to the Applications tab.
  7. Make sure the user has been granted FTP service privileges.
  8. Click OK to save settings.
  9. Now users will be able to access the specified shared folder via FTP with his Synology NAS user name and password.

2.4 Allow Anonymous Users to Access Shared Folders via FTP

You may change the settings of a shared folder to allow anonymous FTP access, allowing users to access specified shared folders without the need to enter a user name and password. To do so, please follow the instructions below:
  1. Log in to DSM using an account belonging to the administrators group.
  2. Go to Control Panel > Shared Folder.
  3. Select the shared folder you wish to make available to anonymous users and click Edit.
  4. Go to the Permissions tab.
  5. Select System internal user from the drop-down menu.
  6. Assign read/write permissions for the Anonymous FTP/WebDAV user by checking the appropriate boxes.
  7. Click OK to save settings.
  8. Now go to Control Panel > File Services > FTP.
  9. Click Advanced Settings.
  10. Tick the box Enable Anonymous FTP.
  11. Now users will be able to access the specified shared folder via FTP without entering a user name and password.

2.5 Allow Users to Access Shared Folders via SFTP

SFTP offers secure file transfer to DSM users without the need of passwords, and reduces the leakage risk of user credentials. For steps 3 to 7, you need to select Enable SSH service (at Control Panel > Terminal & SNMP > Terminal) first to connect to DSM via SSH for command execution.

  1. Go to Control Panel > File Services > FTP, and select Enable SFTP service.
  2. Go to Control Panel > User > Advanced > User Home, and select Enable user home service
  3. Generate the private and public keys via PuTTYgen or command lines:
    • PuTTYgen: Copy and save the text displayed in the enclosed window as a .txt file, and name it as id_rsa.pub.
    • Command lines: Use software (e.g. PuTTY) to connect to DSM via SSH. On the console execute the command ssh-keygen -f /var/services/homes/[username]/id_rsa. The public key id_rsa.pub and the private key id_rsa will be generated in the specified user's home folder. When migrating the private key to another device, make sure to use encrypted transfer via HTTPS, FTPS, or SFTP to prevent key leakage.
  4. Create a ".ssh" folder in File Station, and upload the public key id_rsa.pub to the created folder (Path: home/.ssh/id_rsa.pub).
  5. Append the public key content to the existing authorized_keys file by executing the enclosed commands below.
  6. Add the private key (i.e. id_rsa) to the FTP client. If you use FileZilla FTP Client, refer to this article or other documentation for the import method.
  7. Execute the enclosed commands below to ensure the permissions of the user home folder, ".ssh", and "authorized_keys" are 711.
  8. The specified DSM user can now connect to the Synology NAS via SFTP without entering the password.

3. Accessing Files via FTP

After enabling FTP service on your Synology NAS, you may access files via FTP using your web browser or an FTP client.


3.1 Using Web Browsers

This section walks you through the steps of accessing files via FTP with a web browser.
  1. Open your web browser.
  2. In the address bar, enter “ftp://” followed by your Synology NAS device's IP address or DDNS hostname. For example, “ftp://66.94.234.215” or “ftp://yourhostname.synology.me.”
  3. Depending on your settings, you will be asked to log in. Enter your Synology NAS user name and password. The user account you enter must have access privileges for the shared folder that you wish to access.
  4. If login is successful, you should see an index of shared folders on your Synology NAS.

3.2 Using FTP Clients

This section walks you through the steps of accessing files via FTP with a FTP client.
  1. Open your favorite FTP client (such as FileZilla).
  2. Enter your Synology NAS device's IP address or DDNS hostname in the Host field.
  3. Enter your Synology NAS user name and password in the appropriate fields. The user account you enter must have access privileges for the folder you wish to access.
  4. Enter the port number your Synology NAS uses for FTP services (the default port number is 21).
  5. Click Connect (Quickconnect if you're using FileZilla).
  6. If login is successful, you should see the shared folders on your Synology NAS.



ZGTLv160616
Help Topics
ACE Support

Please Wait!

Please wait... it will take a second!