TrueNAS to Synology SSH Connection for Rsync

FloRolf

New Member
May 7, 2021
7
0
1
Hello everyone,

i am new here so excuse me if this isn't the correct subforum or something.


I have the following Idea and resulting Problem:
Recently i bought a Synology NAS (DS220J) to backup my main TrueNAS system to. Saw some reviews that made everything seem
very simple but in the real world the 220J unfortunately doesn't support all the cool features.
Luckily there's still the complicated way of setting up a SSH conneciton to run Rsync.

So after some tinkering i was able to follow this Backup Truenas to Synology via rsync – Spencer's Blog
or that Synology as a FreeNAS backup
guide and IMO did everything they asked for. I even did it again with a second account but no luck.
Unfortunately when i try to SSH from TrueNAS to Synology it still keeps asking me for a Password.
1620400248092.png
I have the feeling it's some permission that is set incorrectly but i can't figure out what it is.
I am also a big noob when it comes to stuff like that so be gentle lol.


If you need any more info please ask away, i really want to get this stuff done!

Thanks!
 

Blinky 42

Active Member
Aug 6, 2015
615
230
43
45
PA, USA
That looks like you don't have the ssh keys setup properly (I don't use either NAS but looks like normal SSH permission/key issues - super common no worries :) )
It looks like one of those links you found goes into decent detail about it Backup Truenas to Synology via rsync – Spencer's Blog about 2/3 down. Make sure the permissions are correct on the .ssh directory (700) and the authorized_keys file (600)
You can also test it out SSH'ing from another normal computer into each NAS and adding in the ssh keys into the authorized_keys file.
 
  • Like
Reactions: sboesch

FloRolf

New Member
May 7, 2021
7
0
1
That looks like you don't have the ssh keys setup properly (I don't use either NAS but looks like normal SSH permission/key issues - super common no worries :) )
It looks like one of those links you found goes into decent detail about it Backup Truenas to Synology via rsync – Spencer's Blog about 2/3 down. Make sure the permissions are correct on the .ssh directory (700) and the authorized_keys file (600)
You can also test it out SSH'ing from another normal computer into each NAS and adding in the ssh keys into the authorized_keys file.
Hey and thanks for the reply! Sorry i am a little late...

yes thats what i thought too but i have done exactly as requested in the guide/by you.

i am wondering though, did it actually work? i don't get any feedback from the terminal whether something changed or not.
1620666771713.png

Where is that authorized keys file in windows then i'll that. I guess this goes vice versa right? I could SSH passworldless from either device to the other if this was setup correctly right?


edit: i also found this. The guy changed the permissions a bit. I also tried this but without success. i guess higher number means more permissions?
 

Blinky 42

Active Member
Aug 6, 2015
615
230
43
45
PA, USA
most unix commands don't give you feedback unless there was an error.

Try ssh'ing into "Falcon" (Im guessing the target NAS box) and do

Bash:
pwd
ls -l
ls -la ~rsync/.ssh
To see what things look like. Unix permissions are a bitmask and usually represented in octal, with user / group / world as the 3 #s. Search for unix file permissions for lots of examples and tutorials.

For example this is what things look like

Code:
[blinky@rectangle ~]$ cd .ssh/
[blinky@rectangle .ssh]$ ls -la
total 296
drwx------.  2 blinky blinky    169 Apr 15 15:29 .
drwxr-xr-x. 96 blinky blinky   8192 May 10 13:14 ..
-rw-------   1 blinky blinky   7409 Mar  5 03:19 authorized_keys
-rw-------.  1 blinky blinky   3239 Feb 12  2017 id_rsa
-rw-r--r--.  1 blinky blinky    751 Feb 12  2017 id_rsa.pub
-rw-r--r--   1 blinky blinky 250176 Apr 15 15:29 known_hosts
The 700 = rwx------ (or in binary 111000000)

755 would be = rwxr-xr-x (binary 111101101)
644 is rw-r---- (binary 110100100)

For ssh to play along, you typically need to have ~/.ssh be 700, and only allow writes for the user for the other files in ~/.ssh.

If setup properly,. you should be able to ssh into the source NAS (Boss-NAS) and then ssh rsync@192.168.178.61 from there and it should not ask you for a password.
 

FloRolf

New Member
May 7, 2021
7
0
1
most unix commands don't give you feedback unless there was an error.

Try ssh'ing into "Falcon" (Im guessing the target NAS box) and do

Bash:
pwd
ls -l
ls -la ~rsync/.ssh
To see what things look like. Unix permissions are a bitmask and usually represented in octal, with user / group / world as the 3 #s. Search for unix file permissions for lots of examples and tutorials.

For example this is what things look like

Code:
[blinky@rectangle ~]$ cd .ssh/
[blinky@rectangle .ssh]$ ls -la
total 296
drwx------.  2 blinky blinky    169 Apr 15 15:29 .
drwxr-xr-x. 96 blinky blinky   8192 May 10 13:14 ..
-rw-------   1 blinky blinky   7409 Mar  5 03:19 authorized_keys
-rw-------.  1 blinky blinky   3239 Feb 12  2017 id_rsa
-rw-r--r--.  1 blinky blinky    751 Feb 12  2017 id_rsa.pub
-rw-r--r--   1 blinky blinky 250176 Apr 15 15:29 known_hosts
The 700 = rwx------ (or in binary 111000000)

755 would be = rwxr-xr-x (binary 111101101)
644 is rw-r---- (binary 110100100)

For ssh to play along, you typically need to have ~/.ssh be 700, and only allow writes for the user for the other files in ~/.ssh.

If setup properly,. you should be able to ssh into the source NAS (Boss-NAS) and then ssh rsync@192.168.178.61 from there and it should not ask you for a password.
Ok you gotta help me out here. I have no idea what i am looking at :D
It kinda looks like only my Admin account has access to the authorized_keys file, which makes sense since it's not working.
Not sure what the rest of all that means tbh.

1620675149665.png
 

Blinky 42

Active Member
Aug 6, 2015
615
230
43
45
PA, USA
You need to

Code:
chown rsync:users ~/.ssh/authorized_keys

chmod 600 ~/.ssh/authorized_keys

Then it should look like
Code:
-rw------- 1 rsync rsync 401 May x xx:xx authorized_keys
When you do a ls -la ~rsync/.ssh

You may need to sudo /bin/bash first or do this as a root user to be ale to change the ownership to the rsync user.
 

FloRolf

New Member
May 7, 2021
7
0
1
You need to

Code:
chown rsync:users ~/.ssh/authorized_keys

chmod 600 ~/.ssh/authorized_keys

Then it should look like
Code:
-rw------- 1 rsync rsync 401 May x xx:xx authorized_keys
When you do a ls -la ~rsync/.ssh

You may need to sudo /bin/bash first or do this as a root user to be ale to change the ownership to the rsync user.
ok i got that bit working:
1620760453651.png


however TrueNAS still wants a password :(
1620760477551.png


What else can i do? :( I am seriously depressed that this isn't working.
 

PBondurant

New Member
Apr 15, 2021
2
0
1
This is painful to diagnose on a forum, as there is no way to tell which steps of the original guide you've followed correctly, and which you've missed out / havent worked.

Additionally, the guide you're using is sloppily written - eg,


Code:
###Next will require vim or nano###
sudo nano /etc/ssh/sshd_config
###Edit the following lines###
PubkeyAuthentication yes
AuthorizedKeyfile .ssh/authorized_key
#### Write and Quit in Vim, Save and exit in Nano###

###Make AUTH Key file###
cd /var/services/homes/rsync
mkdir .ssh
chmod 700 .ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cd /var/services/homes
sudo chmod 700 rsync
line 5 should be AuthorizedKeyfile .ssh/authorized_keys with an 's' on the end if its to be consistent with the later lines. The guide also doesn't actually go through *disabling* password access after setting up pgp auth, which is kind of the whole point of setting this up in the 1st place (ie security).

I'd suggest finding a better guide on setting up public key ssh authentication. It's an extremely common procedure and there are loads of guides out there that will explain to you *why* you're doing what you're doing (so you can understand the process and troubleshoot if needed) rather than just typing in (badly written) boilerplate code blindly.

Once you understand the steps, you'll be able to integrate the synology specific bits of guides like this into the process for yourself & will
likely have more success.
hth
 
Last edited:

FloRolf

New Member
May 7, 2021
7
0
1
This is painful to diagnose on a forum, as there is no way to tell which steps of the original guide you've followed correctly, and which you've missed out / havent worked.

Additionally, the guide you're using is sloppily written - eg,


Code:
###Next will require vim or nano###
sudo nano /etc/ssh/sshd_config
###Edit the following lines###
PubkeyAuthentication yes
AuthorizedKeyfile .ssh/authorized_key
#### Write and Quit in Vim, Save and exit in Nano###

###Make AUTH Key file###
cd /var/services/homes/rsync
mkdir .ssh
chmod 700 .ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cd /var/services/homes
sudo chmod 700 rsync
line 5 should be AuthorizedKeyfile .ssh/authorized_keys with an 's' on the end if its to be consistent with the later lines. The guide also doesn't actually go through *disabling* password access after setting up pgp auth, which is kind of the whole point of setting this up in the 1st place (ie security).

I'd suggest finding a better guide on setting up public key ssh authentication. It's an extremely common procedure and there are loads of guides out there that will explain to you *why* you're doing what you're doing (so you can understand the process and troubleshoot if needed) rather than just typing in (badly written) boilerplate code blindly.

Once you understand the steps, you'll be able to integrate the synology specific bits of guides like this into the process for yourself & will
likely have more success.
hth
Well i did understand the steps and why i do it but it's still now working lol. I don't really want to disable password authentication rn because actually the reason i am doing this is not because it's more secure or anyhting but rather because it appears to be the only way to make it work (or not in my case).

Or do you think i have to disable password authentication in order for it to use the provided SSH key instead?

Also, how do i figure out which user exactly has access to my newly created /.ssh directory and key? Because the way i see it only the SSH user, in my case "rsync" is allowed to have access.
 

FloRolf

New Member
May 7, 2021
7
0
1
@PBondurant @Blinky 42
i also tried looking at the permissions of the /homes/rsync and just /homes directories
How does that look?


Here's the output of the rsync users homes directory
image.png.da9d41fefb03784e93e8a8573b3b7279.png



and here's just homes, which shows all my users.
Flo is myself
Dani is my GF
Backup and Rsync are the two users i made try this sh#t out
Flo_Admin is just for admin purposes
image.png.e6140ccb735ba1573a00d36058d55ef8.png




EDIT:
i got the Synology Permission to look like this:
image.png.bf99e89d17ff0f5f754ed55a1a7a4c60.png


So i am guessing it's actually TrueNAS' permissions.
rsync home directory looks like this:
image.png.4e5e1a710f6064187d51c00a5dede904.png
 
Last edited:

casperghst42

Member
Sep 14, 2015
41
10
8
53
Synology only allow ssh to an account which is ‘admin‘. Without that they block it. There are multiple ways to work around it, not of them really nice (which is why my Synology is on it’s way to ebay).
 
  • Like
Reactions: itronin