SSH Key & Diagnostics (/setup-ssh, /diag)
Deploy the SSH Key & Verify the Connection
/setup-ssh — the plugin key
Synology Manager Plus uses its own dedicated Ed25519 key: ~/.ssh/synology-manager-plus_ed25519. This keeps the plugin from mixing with your other keys (e.g. passphrase-protected GitHub keys). /setup-ssh creates the key when needed and is idempotent — re-running it on an already configured system is a no-op. An existing plugin key is never overwritten.
If the public key is not yet on the NAS, the command shows you a line to type verbatim — including the leading !:
! ssh-copy-id -p <port> -i ~/.ssh/synology-manager-plus_ed25519.pub <user>@<host>The ! is a Claude Code prefix and essential: it allocates an interactive terminal where you enter the NAS password. Without !, ssh-copy-id would hang deterministically — which is why the plugin deliberately never runs this step itself and only hands it to you to copy.
Host key on first connection (TOFU)
During the interactive ssh-copy-id step you connect to the NAS for the first time. OpenSSH shows the host key fingerprint — review it and then accept it. The key is added to your ~/.ssh/known_hosts (Trust on First Use). All subsequent connections then run with BatchMode=yes (no interactive prompts) and use the cached host key.
/diag — 7-point health check
After deploying the key, /diag checks seven points (read-only, none exits early):
- profile present (multi-NAS layout detected)
- profile complete (host, port, user filled)
- SSH reachable (TCP probe)
- key authentication works (cold attempt, then a warm retry for VPN wake-up)
- passwordless sudo (skipped if step 4 fails)
- disk usage queryable
- local mounts sane (finds stale NFS mounts)
Each check returns OK, WARN or FAIL, followed by a summary. If the connection fails, the command lists the three most common causes: SSH service not enabled in DSM, wrong port, or a user without shell access.