The network attached storage appliances from Synology, called DiskStation, are great backup devices. They come in various sizes and don’t need much maintenance. The only thing that is a bit annoying is the password prompt whenever I use rsync to backup my files. With public key authentication over SSH that problem can be solved without risking the security of my data.
Create new Keys
Without a public/private key pair for SSH you can’t use public key authentication. Therefore, the first step is to create a new key pair using the OpenSSH tools. Don’t use any old key. A newly one is quickly created and uses a supported algorithm:
|
1 |
ssh-keygen -b 4096 |
(The option -b creates a key with the length of 4096 bits)
Configure SSHD on your DiskStation
Login with your administration user to your DiskStation over SSH (the user interface don’t let you configure SSHD). As soon as this is done, use this command to change your user to root (the password of your administration user is required to use sudo):
|
1 |
sudo su – |
Open the SSHD configuration file /etc/ssh/sshd_config and uncomment these 3 lines by removing the # in front of them:
|
1 2 3 |
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys |
Save the changes and quit the editor. The changes will be applied with the next reboot, but postpone the restart until the other changes are done.
Correct Permissions of .ssh Folder
The DiskStation Manager and SSH have a different opinion on what the permissions of the .ssh folder should be. To solve this, we first need to figure out where the home folder is placed. If you are still logged in as root, change to your user and print the current path with these commands:
|
1 2 3 4 5 |
su – user mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys |
You now have a .ssh folder with the authorized_keys file present.
Copy your Public Key to authorized_keys
The DiskStation needs to know which public key you want to use for authentication. You can copy it over the user interface or with this ssh command (on your local machine where you created your keys):
|
1 |
ssh user@ds "/bin/cat >> ./.ssh/authorized_keys" < ~/.ssh/yourKey.pub |
Restart your DiskStation
Now it’s time to reboot your disk station. If you only stop SSHD it will just terminate your current connection and not be around to create a new one.
Passwordless Login
You now can specifiy your private key and log in to your DiskStation:
|
1 |
ssh user@ds -i ~/.ssh/yourKey |
Should this not work you can use the -v option to get the verbose output.
Passwordless Backup
With a passwordless login in place only one last step needs to be done to get rid of the password prompt with rsync. The same private key as used for the login must be specified and all works as expected:
|
1 2 3 |
#!/bin/bash rsync --recursive --copy-links --times --progress --exclude '.thumbnails' -e "ssh -i ~/.ssh/yourKey" /home/user user@ds:/vol1/_BACKUP/ |
2 thoughts on “Passwordless Backup with Synology DiskStation”