Using rsync over ssh

  • Hi ,


    I’m having some issues setting up a remote rsync job correctly. I’ve searched the forum (for example:http://forum.openmediavault.or…-public-keys-do-not-work/) and the web, but still I wasn’t able yet to configure my setup as I want it (because I would like rsync to run over a ssh-connection).



    What I’ve got working right now is:


    My first Openmediavault installation, let’s call it “omv1” runs version 2.2.13 . This is my main server with one share, let’s call it “omv1_share1”, which I want to have backed up remotely every night.


    My remote-Openmediavault installation, let’s call it “omv2”, runs version 3.0.59.


    At the moment, I’ve configured omv1 to have running a rsync server module which shares the omv1_share1 folder. I’ve configured a user+password access in this share.
    Every night, omv2 runs a rsync job and pulls the omv1_share1 (using the configured user+pw configured on the omv1 rsync-module) to his local disk. This works fine!
    But – if I’ve understood it correctly – I have to switch from the user+password authentication to public Key authentication (which is selectable inside the rsync windows of omv2) to have this rsync- Job using a ssh connection, is this right?


    Is this possible with this setup? Or is it necessary that my omv1-machine also runs Openmediavault 3.XX?
    It’s unfortunately not clear for me right now how I would have to setup the public key authentication :/… can this be done using the web gui or do I have to switch to terminal to configure the authorized_keys file?


    If someone could give me a tip or a useful link where everything is already explained I would be very grateful :/
    Thanks in advance!

    • Offizieller Beitrag

    I have to switch from the user+password authentication to public Key authentication (which is selectable inside the rsync windows of omv2) to have this rsync- Job using a ssh connection, is this right?

    Yes.


    Is this possible with this setup? Or is it necessary that my omv1-machine also runs Openmediavault 3.XX?

    It has to be OMV 3.x if you want to setup the keys from the web interface. Otherwise, you can manually create the keys and set it up.


    I might have some time tonight to give more info.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Hi,


    unfortunately I still haven't get my rsync-job working over a ssh connection.
    To understand what to do without messing up my production system I've installed two virtual machines, both running OMV 3.0.59.


    Like i said, I didn't find a guide which helped me to get this working, but one forum guide (see [GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV) for this)
    helped me a lot and i will referencing on this post in the next steps.


    I've named my virtual machines OMV1 and OMV2.
    OmvX (Ip: 10.20.20.10) is going to be my server with a running rsync module (share name is DATA).
    OmvY (Ip: 10.20.20.11) is going to be my remote system, which should pull all data from the DATA-share from omv1 over a ssh secured rsync connection.


    What I've tried until now:
    On OmvY:
    - I've created a ssh-certificate ("sshCertCreatedOnOmvY")
    - I've exported the public key to a local file ("sshremote.pub") and changed the the public key file format to RFC4716
    -> ssh-keygen -e -f ~/.ssh/sshremote.pub


    On OmvX:
    With the output of the ssh-keygen command i open the omvX webinterface and create a new user:
    -> name: "certTest"
    -> password: "123" (I had to put something in here...)
    -> Shell: "/bin/rbash/"
    -> Groups: "user" & "ssh"
    -> Paste of the generated Public-Key a step above.


    After this, i configure a rsync Server Module on OmvX to run as the user certTest (see pic1_rsyncModulOmvx.png & pic2_rsyncModulOmvx.png)
    Now, in the webinterface of OmvY i create a new rsync job as displayed in pic3_rsyncJobOmvy.png


    If i'm starting this job, every time this message is displayed to me:
    Please wait, syncing <rsync://10.20.20.10/DATA> to </media/e3f92e85-17b7-4afc-b544-85da677b9810> ...


    Identity added: /etc/ssh/openmediavault-a4b3dbf2-5a6a-4083-a9ab-6fcbd10b8eb9 (rsa w/o comment)
    Permission denied, please try again.
    Permission denied, please try again.
    Permission denied (publickey,password).
    rsync: did not see server greeting
    rsync error: error starting client-server protocol (code 5) at main.c(1653) [Receiver=3.1.1]


    pic4_sshOmvx.png shows my ssh-configuration.


    Unfortunately I don't know how to proceed from this point.. If i would have to guess I think I somehow have to authorize the created key to establish a connection... But I'm not sure how to do this :/...

    • Offizieller Beitrag

    Sorry, forgot about this. I will try to get you more info later.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • No matter @ryecoaaron, I think you help here in the forum more than enough, really awesome!
    Thanks for replieng @subzero79!


    I tried what you mentioned, and it is really a step forward.
    I changed the remote server field as you said to refer to the /media/UUID-Path of my disk of the omvx-system.
    And: the rsync script works, thanks!!


    But: In best case I would like to avoid referencing the share via the qualified UUID-Path of my harddisk.. Using a Share configured within the webinterface and a rsync module seems the more attractive way for me... Isn't there a chance to achieve this?

    • Offizieller Beitrag

    I was still planning to make a video of the setup. Just trying to do all of it from the web interface.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Isn't there a change to achieve this?


    I don't know, because you're using pub key authentication with a user the key is matched against that login. I would have to take a look, but seems like is doable but the pub key would have to be assigned to the root user, but not sure.


    Edit: So you can do it, the remote server change it to


    10.20.20.10::/DATA


    The pub key needs to be assigned to root user /root/.ssh/authorized_keys. The current implementation in omv doesn't configure the rsync daemon per user. When the rsh is used in this case for modules, ssh will read the rsyncd.conf from the user's home directory. OMV only keeps one rsyncd.conf and forces uid and gid which is not allowed in an unprivileged user.


    For this to happen omv will need to implement:

    • Extra options in the pub key to force command the rsync to read the "special" rsyncd.conf. I mention special because it has to be without gid, uid set and chroot
    • For even better support, omv will have to create one rsync.conf per user as i mention again without the uid and gid set
    • Offizieller Beitrag

    Did u made a video and if u did,may i have link?

    Nope. I haven't had time.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!