June 10, 20224 yr Overview: rsync-server Docker: https://hub.docker.com/r/eeacms/rsync Github: https://github.com/eea/eea.docker.rsync This is a simple rsync server based on Alpine. To be able to connect to this rsync server you need to add the SSH key of your client to the variable SSH_AUTH_KEY_1. You can pass multiple keys through the additional variables SSH_AUTH_KEY_2, SSH_AUTH_KEY_3, etc. Example The benefits of this container are: you can define a non-default SSH port for rsync only (default of this container is 5533) you can define specific paths instead of allowing access to the complete server (default is /mnt/user) files access is read-only (protection against ransomware)
June 10, 20224 yr Author How to create an SSH key? Log into your client machine and create an SSH key as follows: ssh-keygen -t rsa -b 4096 Press 3x ENTER to use the default location and create the key without password. Now display your SSH Key with the following command: cat ~/.ssh/id_rsa.pub Copy the complete line like "ssh-rsa AAA.... username@client" and paste it in the field "SSH_AUTH_KEY_1" and start this container. You can test the connection from your client as follows (replace "tower" against your server name or domain): rsync --dry-run --itemize-changes --archive -e 'ssh -p 5533' root@tower:/mnt/user/system/ /tmp
June 15, 20224 yr Thanks for your great Docker/rsync-server! Is your rsync-server working with Back in Time?
June 15, 20224 yr Author Your target is /mnt/backup while it should be /mnt/user/backup and regarding the "no such file or directory" you need to use this fix of Back in Time: https://github.com/bit-team/backintime/issues/1253#issuecomment-1126770876
September 4, 20223 yr Author 1 hour ago, Revan335 said: Is it allowed to add more keys You can add an infinite amount of keys. There is a loop which reads all of them: https://github.com/eea/eea.docker.rsync/blob/master/docker-entrypoint.sh By that even SSH_AUTH_KEY_BANANA or SSH_AUTH_KEY_BABALALADINGDONG should work ^^
October 14, 20223 yr Hi, Thank you for rsync docker. When I do a dry run, I am getting the folllowing error. I have create the key on client and pasted on SSH_AUTH_KEY_1: I have added " to the beginning and to the end too. But still getting "Host key verification failed." error. rsync --dry-run --itemize-changes --archive -e 'ssh -p 5533' root@tower:/mnt/user/system/ /tmp The authenticity of host '[tower]:5533 ([192.168.1.175]:5533)' can't be established. ECDSA key fingerprint is SHA256:bWkkJ3pzyzT+c8zvbt9xxNL/l2uz2tVr0Yx7QwnCm2A. Are you sure you want to continue connecting (yes/no/[fingerprint])? Host key verification failed. rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: unexplained error (code 255) at io.c(235) [Receiver=3.1.3]
October 14, 20223 yr I checked the logs. When I start the docker, it seems it is creating a new set of keys. ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 ================================================================================ Running: /usr/sbin/sshd -D -e -p 22 ================================================================================ ================================================================================ Running: /usr/sbin/sshd -D -e -p 22 ================================================================================ ================================================================================ Running: /usr/sbin/sshd -D -e -p 22 ================================================================================ Connection closed by 192.168.1.180 port 51014 [preauth] Connection closed by 192.168.1.180 port 50974 [preauth]
October 14, 20223 yr You must pasted the Public Key in the Docker Template. The Private Key is for the Client only. Show at the example on documentary from@mgutt
October 14, 20223 yr So, when I do the following command, I get ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/oerdem19/.ssh/id_rsa): /home/oerdem19/.ssh/id_rsa already exists. Overwrite (y/n)? cat /home/oerdem19/.ssh/id_rsa cat /home/oerdem19/.ssh/id_rsa -----BEGIN OPENSSH PRIVATE KEY----- ... -----END OPENSSH PRIVATE KEY----- Then I copy everything between begin and to Key 1. Does it look correct? When I dry run, I am still getting the following error: The authenticity of host '[192.168.1.175]:5533 ([192.168.1.175]:5533)' can't be established. ECDSA key fingerprint is SHA256:AnXlxkDI82ozd7TEIYiq9osc+9R080KgCVgsavKT8YY. Are you sure you want to continue connecting (yes/no/[fingerprint])? Host key verification failed. rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: unexplained error (code 255) at io.c(235) [Receiver=3.1.3]
October 14, 20223 yr You copy the Private Key to rsync Docker Template. You must used the Public Key without 1 hour ago, oerdem19 said: -----BEGIN OPENSSH PRIVATE KEY----- ... -----END OPENSSH PRIVATE KEY----- This is most named by _pub in the filename or a equivalent of this.
October 15, 20223 yr Thank you for your answer. I was able to connect to the server. I am getting permission error now. What I would like to do is, copy files from remote client to home unraid server. rsync: chown "/mnt/user/Taq/2022/." failed: Read-only file system (30) rsync: mkstemp "/mnt/user/Taq/2022/.testdelete.txt.XXXXXX" failed: Read-only file system (30) Anything that I can do to give write permission to write to the server? Is the Privileged: option for that purpose? Thank you.
October 15, 20223 yr Author 36 minutes ago, oerdem19 said: Anything that I can do to give write permission to write to the server? Edit the path in the container settings and change to read/write. But note: With great power comes great responsibility. If you use this container to write backups to unRAID, you should think about what an attacker could do if they control your source machine (like deleting all backups etc).
October 16, 20223 yr Thank you very much for your advice. I will turn it on and off when I need to write a file to the server only. Thank you again for Rsync server.
February 13, 20233 yr Hi @mgutt! I'm thinking about using this container, to make my Unraid-Server a Hyper Backup target for my Synology NAS. Is this possible? Right now I'm using this solution: Works good, except the fact, that my Unraid-server occasionally runs out of memory, when connecting via rsync... Thanks! Edited February 14, 20233 yr by Jaytie
March 20, 20233 yr I just installed rsync using some nerd-pack. Way easier.. Entire docker engines plus its dependencies for just rsync is way overkill. Plus you have to work around the fact that the actual server is not the actual server, but behind a bridge/vnode with translated ports etc.
March 20, 20233 yr Author 6 hours ago, fluisterben said: Entire docker engines plus its dependencies for just rsync is way overkill The Docker Engine is already running or don't you have any dockers? And a container itself does not produce any relevant overhead as processes are executed natively on the host. Which means: It's absolutelly the same running an application inside a container or on the host. But there is a major impact in security. Using the Unraid root login on an external server is kinda risky, not to say dumb. Even if you use SSH public key exchange, you finally allow the external machine to act as root user on your Unraid server. One of the reasons why I'm using the rsync container is to mount any path read-only. By that I'm able to pull all files, without being able to delete/change them, which makes it safe against ransomware attacks. Conclusion: Security > Comfort.
October 25, 20232 yr Permission denied (publickey,keyboard-interactive). rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: unexplained error (code 255) at io.c(231) [Receiver=3.2.7]
January 28, 20242 yr Is this still being updated? The last update looks to have been about a year and a half ago, making the Alpine version it's based on rather old now. It's using 3.12 when current is 3.19. I'd like to use this for my off-site backup but am a bit apprehensive due to this. There looks to be someone maintaining a fork with a bot that updates the Alpine version which the EEA doesn't appear to have done for 4 years. https://github.com/mtandersson/eea.docker.rsync
January 28, 20242 yr Author I don't really understand why they even limit the version so exactly. But yes, you are right, there is a more recent version available: https://hub.docker.com/r/mtand/rsync If course you can easily change the source in the docker template to use this version.
January 28, 20242 yr Yes, I can confirm switching to that repository works, not sure how I missed it on docker hub before. Thanks!
January 29, 20242 yr 15 hours ago, mgutt said: I don't really understand why they even limit the version so exactly. But yes, you are right, there is a more recent version available: https://hub.docker.com/r/mtand/rsync If course you can easily change the source in the docker template to use this version. Can you update the Template for all? Or is there something against it and is that why you chose the current source back then?
April 12, 20242 yr I am looking for a viable solution to do a local backup of data on my Synology NAS to my Unraid box. I'd like to test the rsync options, but the setup on the Synology requests a user/password. I've noticed that some of the other docker images for an rsync-server include username/password fields. thoughts?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.