Feenas replication issue - permission denied (publickey,password)

[jvanniek]

Hi there

Have been using freenas for about 5 months now and having mixed results with the replication jobs offsite to our remote offices.

I created a periodic snapshot task on our source site freenas server. I then created a new "helper" freenas virtual machine and setup a zfs replication job to this using a different user (not root) to an external USB device which replicated fine.

I then took the USB and exported the freenas helper virtual machine to our remote office and ran the following command to copy the snapshots to another freenas device which replicated all the snapshots fine

zfs send -R tank/dataset@auto-20150204.1045-1y | ssh "ip_of_pull_freenas" zfs receive -F tank/dataset

I now want to setup a freenas zfs replication job from the source to the remote site to continue the snapshot replication but Im getting - permission denied (publickey,password) error

I have copied the public key from the pull server to the user account of the push server and vice versa.

Been struggling on this for weeks now and running out of ideas. Any help please

Many Thanks

 

[cyberjock]

I would recommend you follow section 8.3 very closely. If you do everything including setting up the replication task and simply don't enable the replication task it should work. If it doesn't you are almost certainly doing some step wrong, somewhere.

 

[Roger Wilco]

Hi,

have a look at
https://forums.freenas.org/index.ph...he-rsync-task-and-users-ssh-public-key.26382/

Basically check your file permissions, the authorized_keys file and so on.
Doing a

Code:

ssh -v some_host

might give you information why ssh falls back to password authentication (more info with more 'v's: -vv -vvv).

Btw, in your zfs send line, shouldn't it be "ip_of_push_freenas" and not "ip_of_pull_freenas"?

If I were you i wouldn't make things overcomplicated. It sounds nice to have a dedicated user for replication, but it has IMO big drawbacks regarding mountpoints of the replicated datasets on the receiving side: they either must already exist, or the user must have the right permissions on the parent dataset.
Little things which will break your replication, if you don't take care of them.

Use root with the replication identity as probably described in the manual, and it's painless.
Oh, and I wouldn't use the recursion feature (have a look at the dataset attributes).

bye,
rw

 

[Apollo]

Hi there

zfs send -R tank/dataset@auto-20150204.1045-1y | ssh "ip_of_pull_freenas" zfs receive -F tank/dataset

I now want to setup a freenas zfs replication job from the source to the remote site to continue the snapshot replication but Im getting - permission denied (publickey,password) error

I have copied the public key from the pull server to the user account of the push server and vice versa.

Been struggling on this for weeks now and running out of ideas. Any help please

Many Thanks

Make sure the user account is not under dataset. The -F option will destroy its content I think, including your user account.
Otherwise the issue is with your permission.
The user on the pull side must have the public keyy link to the account.

For instance, you must include the user with the ssh command:

Code:

zfs send -R tank/dataset@auto-20150204.1045-1y | ssh -i /data/ssh/replication user@"ip_of_pull_freenas" zfs receive -F tank/dataset

 

[jvanniek]

Thanks Roger and Apollo! the ssh -v command highlighted some issues. When I run it from the push server ie: ssh -v ip_of_pull_server it gives the following

debug1: Host 'ip_of_pull_server' is known and matches the ECDSA host key.
debug1: Found key in /etc/ssh/ssh_known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /mnt/MGVCR1/MCRVCR1_NFS1/.ssh/id_rsa
debug1: Trying private key: /mnt/MGVCR1/MCRVCR1_NFS1/.ssh/id_dsa
debug1: Trying private key: /mnt/MGVCR1/MCRVCR1_NFS1/.ssh/id_ecdsa
debug1: Trying private key: /mnt/MGVCR1/MCRVCR1_NFS1/.ssh/id_ed25519
debug1: Next authentication method: password
user@ip_of_pull_server's password:


After I enter the password for the user at pull which is the same as push (public keys have been copied to user accounts aswell) it give the following


debug1: Authentication succeeded (password).
Authenticated to ip_of_pull_server' ([78.221.23.xx]:22).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling

debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
FreeBSD 9.2-RELEASE-p3 (FREENAS.amd64) #0 r262572+825d682: Sat Mar 1 10:02:19 PST 2014

FreeNAS (c) 2009-2014, The FreeNAS Development Team
All rights reserved.
FreeNAS is released under the modified BSD license.

For more information, documentation, help or support, go here:
http://freenas.org
Welcome to FreeNAS
Could not chdir to home directory /mnt/zpool/dataset/volume/user: Permission denied


This last line is interesting, Could this be the issue for the error im getting?

Also by including the user with ssh command as specified by apollo looks like where I went wrong in the first place...

Many Thanks

jac

 

[Apollo]

You should indeed try by replacing user with root and it should work. Of course updating the public key on the root account the same way you have done it for the user account.