plugout.net

[esousra]

Hello,

I need to setup encrypted rsync backup from a 2big NAS (running original Seagate NAS OS 4), towards a 2big network 2 running fvdw-sl 18.2.
It works fine unencrypted (port 873), but I get an authentication issue when trying over SSH.
Most probably I'm doing something wrong; if not, I cannot say on which OS the problem lies, but appreciate your opinion.

On the fvdw-sl 2big2 I setup rsync server like this:

2big2 rsync server conf.png

And on the 2big NAS:

2big nas 2.png

So on this screen we can already see that the authentication with rsyncd user credentials worked, since I see the remote shares listed in the drop down.

But then on the next screen:

2big nas 3.png

The 2big nas fails to read the contents of the remote shares, popping up error "folder authentication failed".

As I see it, that's because by logging in with rsyncd user, this doesn't have permission to read the shares. And I cannot find where to give it permission, since it's not an option on this screen:

2big2 rsync modules.png

There's only "user" user in there (which is my non-admin user I created to access the shares via SMB/FTP/etc), not rsyncd. Should there be?

Note that when I do the unencrypted backup, by entering the "user" credentials in that first 2big nas screen, instead of rsyncd's, then it works fine. The 2big nas has access to list the available shares, and has permission to list their contents.

Granted, maybe the problem is on Seagate NAS OS side, since it only lets to enter one set of credentials? - but sounds like an over-kill solution to require that from a client side.

This is what is seen on the fvdw-sl log:

2big2 rsync log.png

[Jocko]

Hi

You misunderstand one point about the user account 'rsyncd'. It is a technical linux account allowing only to initialize a shell access for the rsync client (on the remote side) and gives no permissions on the modules. It is the user account (listed in the user table of the account menu) which gives the permissions according the modules table. So in your case the account 'user'.

It is why when you did not enable the remote shell mode on your 2bignas.

So on this screen we can already see that the authentication with rsyncd user credentials worked, since I see the remote shares listed in the drop down.

No authentication is required to list the available module and you can see it in your log, authentication attempt is sent later.

To get a remote shell access to the rsync server with fvdw-sl
- rsyncd account is used to get the shell access
- user account to get access to a module over the shell access

Now it seems the seagate OS has reduced the options by using the same account for both authentications... For a nas it is a nightmare because that means all user accounts must have a shell access on the nas... This is not allowed

It is why we have set a special account 'rsyncd' with a shell access in the firmware (and we have restrained its permissions, for example can not be used to open a console)

Now if you have a shell access on your 2bignas you can run directly the rsync command as detailled in the rsync server help menu:

Code: Select all

rsync -av -e "dbclient -l rsyncd" user@192.168.0.4::Pictures /pathto..yourlocalfolder

two passwords will be asked first for rsyncd user and the 2d for the account 'user' (even if they are the same)

[Jocko]

Hi

I go to send you a pm which explains a workaround for using rsyncd account to connect to rsync server

[esousra]

Thanks Jocko for the patch on the PM, it sounds promising. I just don't want to mess with it now because I've rebuilt the volume on my original 2big NAS to RAID0, and so I'm copying my files back from the 2big2 into it. I estimate it won't finish before mid day tomorrow.

Anyways, I did try the "Remote shell mode" option on the 2big NAS (that help tip mislead me in the beginning):

1.png

And it basically gives me access to the full root of the 2big2:

2.png

So that can be an option as well, since I can navigate to the /share and point the backups where I want them to land.

But looking forward to test your patch. I'll provide feedback.

[esousra]

Hi Jocko,

So, I tried your tarball. But, after refreshing the web GUI, now I get this:

1.png

What happened to the rest of the GUI? :)

[Jocko]

So you have changed the default login "admin-nas"

Close the browser and open it again but use now as login "admin-nas" with your password.

You can restore you custom login in the main setup menu

[esousra]

Indeed, I had changed the user from "admin-nas" to "admin".

But doesn't see to work "admin-nas" with my password (which is saved on the browser, so that is correct), or the original "admin" password...

[Jocko]

You should use your custom password.

[esousra]

I am using it;

user = admin-nas
password = my custom password I had set

Doesn't let me in like that.

[Jocko]

I forgot this point you need to reboot the nas.