[Support] rsync-server


Recommended Posts

Overview: rsync-server

Docker: https://hub.docker.com/r/eeacms/rsync

Github: https://github.com/eea/eea.docker.rsync

 

This is a simple rsync server based on Alpine.

 

To be able to connect to this rsync server you need to add the SSH key of your client to the variable SSH_AUTH_KEY_1. You can pass multiple keys through the additional variables SSH_AUTH_KEY_2, SSH_AUTH_KEY_3, etc.

 

Example

image.png.73e7aaadf417f479dba3d044fe4b6989.png

 

The benefits of this container are:

  • you can define a non-default SSH port for rsync only (default of this container is 5533)
  • you can define specific paths instead of allowing access to the complete server (default is /mnt/user)
  • files access is read-only (protection against ransomware)
    539765983_2022-06-1012_42_57.png.356e32628f54b251f86f3ba7bf9d10d9.png
     
Link to comment

How to create an SSH key?


Log into your client machine and create an SSH key as follows:

ssh-keygen -t rsa -b 4096

 

Press 3x ENTER to use the default location and create the key without password. Now display your SSH Key with the following command:

cat ~/.ssh/id_rsa.pub

 

Copy the complete line like "ssh-rsa AAA.... username@client" and paste it in the field "SSH_AUTH_KEY_1" and start this container.

 

You can test the connection from your client as follows (replace "tower" against your server name or domain):

rsync --dry-run --itemize-changes --archive -e 'ssh -p 5533' root@tower:/mnt/user/system/ /tmp

 

Link to comment
  • 2 months later...
  • 1 month later...

Hi,

Thank you for rsync docker.

When I do a dry run, I am getting the folllowing error.

I have create the key on client and pasted on SSH_AUTH_KEY_1:

 

I have added " to the beginning and to the end too. But still getting "Host key verification failed." error.

 

 

rsync --dry-run --itemize-changes --archive -e 'ssh -p 5533' root@tower:/mnt/user/system/ /tmp
The authenticity of host '[tower]:5533 ([192.168.1.175]:5533)' can't be established.
ECDSA key fingerprint is SHA256:bWkkJ3pzyzT+c8zvbt9xxNL/l2uz2tVr0Yx7QwnCm2A.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: unexplained error (code 255) at io.c(235) [Receiver=3.1.3]

 

Link to comment

I checked the logs.

When I start the docker, it seems it is creating a new set of keys.

 

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
================================================================================
Running: /usr/sbin/sshd -D -e -p 22                                              
================================================================================
================================================================================
Running: /usr/sbin/sshd -D -e -p 22                                              
================================================================================
================================================================================
Running: /usr/sbin/sshd -D -e -p 22                                              
================================================================================
Connection closed by 192.168.1.180 port 51014 [preauth]
Connection closed by 192.168.1.180 port 50974 [preauth]

Link to comment

So, when I do the following command, I get

 

ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oerdem19/.ssh/id_rsa):
/home/oerdem19/.ssh/id_rsa already exists.
Overwrite (y/n)?
 

cat /home/oerdem19/.ssh/id_rsa

 

cat /home/oerdem19/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----

...

-----END OPENSSH PRIVATE KEY-----

 

Then I copy everything  between begin and to Key 1.

 

Does it look correct?

 

When I dry run, I am still getting the following error:

 

The authenticity of host '[192.168.1.175]:5533 ([192.168.1.175]:5533)' can't be established.
ECDSA key fingerprint is SHA256:AnXlxkDI82ozd7TEIYiq9osc+9R080KgCVgsavKT8YY.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: unexplained error (code 255) at io.c(235) [Receiver=3.1.3]

 

 

Link to comment

Thank you for your answer. I was able to connect to the server.

I am getting permission error now. What I would like to do is, copy files from remote client to home unraid server.

 

 


rsync: chown "/mnt/user/Taq/2022/." failed: Read-only file system (30)
rsync: mkstemp "/mnt/user/Taq/2022/.testdelete.txt.XXXXXX" failed: Read-only file system (30)

 

Anything that I can do to give write permission to write to the server?

Is the Privileged: option for that purpose?

 

Thank you.

 

 

Link to comment
36 minutes ago, oerdem19 said:

Anything that I can do to give write permission to write to the server?

Edit the path in the container settings and change to read/write. But note: With great power comes great responsibility. If you use this container to write backups to unRAID, you should think about what an attacker could do if they control your source machine (like deleting all backups etc).

Link to comment
  • 3 months later...

Hi @mgutt!
I'm thinking about using this container, to make my Unraid-Server a Hyper Backup target for my Synology NAS.

Is this possible?

 

Right now I'm using this solution:

Works good, except the fact, that my Unraid-server occasionally runs out of memory, when connecting via rsync...

 

Thanks!

Edited by Jaytie
Link to comment
  • 1 month later...
6 hours ago, fluisterben said:

Entire docker engines plus its dependencies for just rsync is way overkill

The Docker Engine is already running or don't you have any dockers? And a container itself does not produce any relevant overhead as processes are executed natively on the host. Which means: It's absolutelly the same running an application inside a container or on the host. But there is a major impact in security. Using the Unraid root login on an external server is kinda risky, not to say dumb. Even if you use SSH public key exchange, you finally allow the external machine to act as root user on your Unraid server. One of the reasons why I'm using the rsync container is to mount any path read-only. By that I'm able to pull all files, without being able to delete/change them, which makes it safe against ransomware attacks. Conclusion: Security > Comfort.

Link to comment
  • 7 months later...
  • 3 months later...

Is this still being updated? The last update looks to have been about a year and a half ago, making the Alpine version it's based on rather old now. It's using 3.12 when current is 3.19. I'd like to use this for my off-site backup but am a bit apprehensive due to this.

 

There looks to be someone maintaining a fork with a bot that updates the Alpine version which the EEA doesn't appear to have done for 4 years. https://github.com/mtandersson/eea.docker.rsync

Link to comment
15 hours ago, mgutt said:

I don't really understand why they even limit the version so exactly. But yes, you are right, there is a more recent version available:

https://hub.docker.com/r/mtand/rsync

 

If course you can easily change the source in the docker template to use this version.

Can you update the Template for all? Or is there something against it and is that why you chose the current source back then?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.