Offering an RSync Module over the Internet with SSH

Hi,

First, sorry for the question on the last version OMV. I’m hoping this is an easy answer.

I want to be able to synch files with a partner far away. I’d like to expose an rsync connection from OMV to the outside world via SSH with SSH Key Authentication.

Of course, I need to forward the correct port from my router to my OMV. But, I don’t want to expose the ssh login to the outside world.

And here is where I get stuck. Is there a simple way to set this up so that my partner can sync with certain modules (shares) on the OMV on my network, using key authentication without exposing SSH login as well?

I hope this question makes sense. I searched this forum and I think I don't understand enough about rsync and ssh to understand the other similar questions.

For what it’s worth, I have configured SFTP from the omv-extras to do exactly what I want (router is forwarded to port xxxxx, the sftp service is listening/responding on that port, we can authenticate with the ssh public key, and use the shares that I’ve granted access, and ssh login from outside my lan is not permitted). Now I’d like to do the same type of thing with rsynch instead of sftp.

Is this possible and easy with OMV4?

Thanks,
Steve

Thanks for your thoughts on using rsynch over ssh (using a non-standard port and potentially fail2ban). That makes sense.

Why didn't I want to do this? I know enough about UNIX networking from days of old to be concerned about security, and I don’t know nearly enough about ssh tunnelling and modern linux/debian/omv configuration to feel confident configuring things so they are secure.

What i liked about the OMV sftp plug is how straightforward the gui menus are to set it up. It was easy to move an sftp listener to a non-standard port, and it was also simple to create users and assign the shares they access (especially after reading the key info in your old forum posts about the sftp-access privilege group).

I would like to see the same configuration options under the rsync service in the OMV gui for rsync over ssh. Rsync seems just slightly more complicated because you have to make changes to the ssh service while you’re configuring the rsynch servive and make sure it’s all secure. I will also have to remember the relation between the ssh configuration and the rsynch configuration years from now when I go to change something else so that i don’t open up a new security hole. (Although I should remember not to enable login :P)

Although it would be nice for me at least, It looks like rsync on OMV doesn’t offer those options exactly. I feel a bit more confident setting it up after your thoughts though.

One more question: Is is possible to listen for ssh connections on 2 ports ? (Probably be changing config files because I’m pretty sure it’s not an option from the omv menus.) If that’s possible can I disable password auth on one port but not the other?

My idea would be to leave port ssh on 22 with passwd auth on my LAN so I can keep administering things the way I’m used to. I would offer another ssh listener for rsync on an open non-standard port that rejected password auth. (This would be more or less what the sftp plugin seems to be doing for sftp.) I’ll google around for answers, but curious about your thoughts.

Thanks

— cool thanks . Yes, now that you mention it I could also forward my external port to internal port 22. That’s a good tip for me.

Thanks for the thoughts and tips on staring a new sshd. I will try this at some point. I think you gave me enough to go on.

And, I trust linux to be secure—I don’t trust myself to understand all the config issues so I get nervous with security. That’s why I prefer to stick with the easy menus on OMV when I can. (I’ve really come to appreciate the OMV set up and menus—so thanks to he OMV team). You point out all the places I need to be aware, and so that helps me relax.

Thanks again.