mgutt Posted June 10, 2022 Share Posted June 10, 2022 Overview: rsync-server Docker: https://hub.docker.com/r/eeacms/rsync Github: https://github.com/eea/eea.docker.rsync This is a simple rsync server based on Alpine. To be able to connect to this rsync server you need to add the SSH key of your client to the variable SSH_AUTH_KEY_1. You can pass multiple keys through the additional variables SSH_AUTH_KEY_2, SSH_AUTH_KEY_3, etc. Example The benefits of this container are: you can define a non-default SSH port for rsync only (default of this container is 5533) you can define specific paths instead of allowing access to the complete server (default is /mnt/user) files access is read-only (protection against ransomware) Quote Link to comment
mgutt Posted June 10, 2022 Author Share Posted June 10, 2022 How to create an SSH key? Log into your client machine and create an SSH key as follows: ssh-keygen -t rsa -b 4096 Press 3x ENTER to use the default location and create the key without password. Now display your SSH Key with the following command: cat ~/.ssh/id_rsa.pub Copy the complete line like "ssh-rsa AAA.... username@client" and paste it in the field "SSH_AUTH_KEY_1" and start this container. You can test the connection from your client as follows (replace "tower" against your server name or domain): rsync --dry-run --itemize-changes --archive -e 'ssh -p 5533' root@tower:/mnt/user/system/ /tmp Quote Link to comment
Revan335 Posted June 15, 2022 Share Posted June 15, 2022 Thanks for your great Docker/rsync-server! Is your rsync-server working with Back in Time? Quote Link to comment
mgutt Posted June 15, 2022 Author Share Posted June 15, 2022 Your target is /mnt/backup while it should be /mnt/user/backup and regarding the "no such file or directory" you need to use this fix of Back in Time: https://github.com/bit-team/backintime/issues/1253#issuecomment-1126770876 Quote Link to comment
Revan335 Posted September 4, 2022 Share Posted September 4, 2022 Is it allowed to add more keys or is that not supported/not working? Quote Link to comment
mgutt Posted September 4, 2022 Author Share Posted September 4, 2022 1 hour ago, Revan335 said: Is it allowed to add more keys You can add an infinite amount of keys. There is a loop which reads all of them: https://github.com/eea/eea.docker.rsync/blob/master/docker-entrypoint.sh By that even SSH_AUTH_KEY_BANANA or SSH_AUTH_KEY_BABALALADINGDONG should work ^^ 1 Quote Link to comment
oerdem19 Posted October 14, 2022 Share Posted October 14, 2022 Hi, Thank you for rsync docker. When I do a dry run, I am getting the folllowing error. I have create the key on client and pasted on SSH_AUTH_KEY_1: I have added " to the beginning and to the end too. But still getting "Host key verification failed." error. rsync --dry-run --itemize-changes --archive -e 'ssh -p 5533' root@tower:/mnt/user/system/ /tmp The authenticity of host '[tower]:5533 ([192.168.1.175]:5533)' can't be established. ECDSA key fingerprint is SHA256:bWkkJ3pzyzT+c8zvbt9xxNL/l2uz2tVr0Yx7QwnCm2A. Are you sure you want to continue connecting (yes/no/[fingerprint])? Host key verification failed. rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: unexplained error (code 255) at io.c(235) [Receiver=3.1.3] Quote Link to comment
oerdem19 Posted October 14, 2022 Share Posted October 14, 2022 I checked the logs. When I start the docker, it seems it is creating a new set of keys. ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 ================================================================================ Running: /usr/sbin/sshd -D -e -p 22 ================================================================================ ================================================================================ Running: /usr/sbin/sshd -D -e -p 22 ================================================================================ ================================================================================ Running: /usr/sbin/sshd -D -e -p 22 ================================================================================ Connection closed by 192.168.1.180 port 51014 [preauth] Connection closed by 192.168.1.180 port 50974 [preauth] Quote Link to comment
Revan335 Posted October 14, 2022 Share Posted October 14, 2022 You must pasted the Public Key in the Docker Template. The Private Key is for the Client only. Show at the example on documentary from@mgutt Quote Link to comment
oerdem19 Posted October 14, 2022 Share Posted October 14, 2022 So, when I do the following command, I get ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/oerdem19/.ssh/id_rsa): /home/oerdem19/.ssh/id_rsa already exists. Overwrite (y/n)? cat /home/oerdem19/.ssh/id_rsa cat /home/oerdem19/.ssh/id_rsa -----BEGIN OPENSSH PRIVATE KEY----- ... -----END OPENSSH PRIVATE KEY----- Then I copy everything between begin and to Key 1. Does it look correct? When I dry run, I am still getting the following error: The authenticity of host '[192.168.1.175]:5533 ([192.168.1.175]:5533)' can't be established. ECDSA key fingerprint is SHA256:AnXlxkDI82ozd7TEIYiq9osc+9R080KgCVgsavKT8YY. Are you sure you want to continue connecting (yes/no/[fingerprint])? Host key verification failed. rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: unexplained error (code 255) at io.c(235) [Receiver=3.1.3] Quote Link to comment
Revan335 Posted October 14, 2022 Share Posted October 14, 2022 You copy the Private Key to rsync Docker Template. You must used the Public Key without 1 hour ago, oerdem19 said: -----BEGIN OPENSSH PRIVATE KEY----- ... -----END OPENSSH PRIVATE KEY----- This is most named by _pub in the filename or a equivalent of this. Quote Link to comment
oerdem19 Posted October 15, 2022 Share Posted October 15, 2022 Thank you for your answer. I was able to connect to the server. I am getting permission error now. What I would like to do is, copy files from remote client to home unraid server. rsync: chown "/mnt/user/Taq/2022/." failed: Read-only file system (30) rsync: mkstemp "/mnt/user/Taq/2022/.testdelete.txt.XXXXXX" failed: Read-only file system (30) Anything that I can do to give write permission to write to the server? Is the Privileged: option for that purpose? Thank you. Quote Link to comment
mgutt Posted October 15, 2022 Author Share Posted October 15, 2022 36 minutes ago, oerdem19 said: Anything that I can do to give write permission to write to the server? Edit the path in the container settings and change to read/write. But note: With great power comes great responsibility. If you use this container to write backups to unRAID, you should think about what an attacker could do if they control your source machine (like deleting all backups etc). Quote Link to comment
oerdem19 Posted October 16, 2022 Share Posted October 16, 2022 Thank you very much for your advice. I will turn it on and off when I need to write a file to the server only. Thank you again for Rsync server. Quote Link to comment
Jaytie Posted February 13, 2023 Share Posted February 13, 2023 (edited) Hi @mgutt! I'm thinking about using this container, to make my Unraid-Server a Hyper Backup target for my Synology NAS. Is this possible? Right now I'm using this solution: Works good, except the fact, that my Unraid-server occasionally runs out of memory, when connecting via rsync... Thanks! Edited February 14, 2023 by Jaytie Quote Link to comment
fluisterben Posted March 20, 2023 Share Posted March 20, 2023 I just installed rsync using some nerd-pack. Way easier.. Entire docker engines plus its dependencies for just rsync is way overkill. Plus you have to work around the fact that the actual server is not the actual server, but behind a bridge/vnode with translated ports etc. Quote Link to comment
mgutt Posted March 20, 2023 Author Share Posted March 20, 2023 6 hours ago, fluisterben said: Entire docker engines plus its dependencies for just rsync is way overkill The Docker Engine is already running or don't you have any dockers? And a container itself does not produce any relevant overhead as processes are executed natively on the host. Which means: It's absolutelly the same running an application inside a container or on the host. But there is a major impact in security. Using the Unraid root login on an external server is kinda risky, not to say dumb. Even if you use SSH public key exchange, you finally allow the external machine to act as root user on your Unraid server. One of the reasons why I'm using the rsync container is to mount any path read-only. By that I'm able to pull all files, without being able to delete/change them, which makes it safe against ransomware attacks. Conclusion: Security > Comfort. Quote Link to comment
xmploryg Posted October 25, 2023 Share Posted October 25, 2023 Permission denied (publickey,keyboard-interactive). rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: unexplained error (code 255) at io.c(231) [Receiver=3.2.7] Quote Link to comment
xmploryg Posted October 25, 2023 Share Posted October 25, 2023 not able to sign in after i add the pub key to the docker image Quote Link to comment
lrussell887 Posted January 28 Share Posted January 28 Is this still being updated? The last update looks to have been about a year and a half ago, making the Alpine version it's based on rather old now. It's using 3.12 when current is 3.19. I'd like to use this for my off-site backup but am a bit apprehensive due to this. There looks to be someone maintaining a fork with a bot that updates the Alpine version which the EEA doesn't appear to have done for 4 years. https://github.com/mtandersson/eea.docker.rsync Quote Link to comment
mgutt Posted January 28 Author Share Posted January 28 I don't really understand why they even limit the version so exactly. But yes, you are right, there is a more recent version available: https://hub.docker.com/r/mtand/rsync If course you can easily change the source in the docker template to use this version. Quote Link to comment
lrussell887 Posted January 28 Share Posted January 28 Yes, I can confirm switching to that repository works, not sure how I missed it on docker hub before. Thanks! Quote Link to comment
Revan335 Posted January 29 Share Posted January 29 15 hours ago, mgutt said: I don't really understand why they even limit the version so exactly. But yes, you are right, there is a more recent version available: https://hub.docker.com/r/mtand/rsync If course you can easily change the source in the docker template to use this version. Can you update the Template for all? Or is there something against it and is that why you chose the current source back then? Quote Link to comment
The_Holocron Posted April 12 Share Posted April 12 I am looking for a viable solution to do a local backup of data on my Synology NAS to my Unraid box. I'd like to test the rsync options, but the setup on the Synology requests a user/password. I've noticed that some of the other docker images for an rsync-server include username/password fields. thoughts? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.