General questions: Rsync & SSH

[TremorAcePV]

I'm posting this here because I'm not sure if these fall into the same category.

Show : Rsync Question

Do I need to have a task set up for both PUSH & PULL for the rsync to work, or just one? If only one, which one?

The documentation says the following about this:

To configure rsync, you need to configure both ends of the connection:

• the rsync server: this system pulls (receives) the data. This system is referred to as PULL in the configuration examples.
• the rsync client: this system pushes (sends) the data. This system is referred to as PUSH in the configuration examples.

...
If you are synchronizing data between two FreeNAS® systems, create the rsync task on the rsync client.

This implies to me that I am supposed to make a single rsync task on the PUSH.

However, in the Rsync with SSH section, it says this at the end of the section:

You are now ready to create the rsync task on PULL.

Do they work differently? Why would it say, in general, to put the task on the PUSH, then with SSH, put one on the PULL? I take it that means you need two, one for each side, but from examples I've seen, people only make a single task.

Show : SSH Questions

The SSH service was set to On (sshd was running).

I used ssh-keygen multiple times in trying to get SSH to work. The id_rsa & *.pub version were created. Then I added the private key from id_rsa to the Host Private Key in the SSH Service settings. I realized after some reading that is not what you are supposed to do.

Has this changed the user or host private SSH keys?

After realizing I was doing everything wrong, I deleted known_hosts, authorized_keys, & id_rsa (pub & private) from the /root/.ssh directory, and removed the user private key from the Host Private Key section of the SSH Service's settings.

Am I back to what a fresh install of FreeNAS with SSH's service turned on would be like, or did this change things in other files, such as the ssh_host*_key files in /etc/ssh?

What I'm trying to accomplish that brought up the above questions:

Show

I'm basically trying to figure out how to get rsync over SSH working, then I want to figure out a way to get that working over WAN as securely as possible. Not sure if I should try VPN, port forwarding, or what, but I should do it one step at a time.

Unfortunately, I don't know enough about any of these things (rsync, SSH, & VPNs/Port forwarding) yet, so I'm not making much progress unfortunately.

 

[dlavigne]

You are now ready to create the rsync task on PULL.

That looks like a typo, I'll make a note to fix it.

Regarding the deleting SSH stuff, if you only deleted stuff from /root/.ssh/, that has no affect on the system host key stuff stored in /etc/ssh/.

 

[TremorAcePV]

That looks like a typo, I'll make a note to fix it.

Regarding the deleting SSH stuff, if you only deleted stuff from /root/.ssh/, that has no affect on the system host key stuff stored in /etc/ssh/.

Awesome. So making the task on PUSH is correct then.

I figured, but I wasn't sure if using ssh-keygen affected the stuff stored in /etc/ssh. Now that I actually think about it, after seeing you say that, I assume ssh-keygen only makes a public & private key for the user, and doesn't affect the host machine's SSH private key.

 

[dlavigne]

Now that I actually think about it, after seeing you say that, I assume ssh-keygen only makes a public & private key for the user, and doesn't affect the host machine's SSH private key.

Correct, a separate script is used to generate the host keys and doesn't need human intervention to run (it runs automatically after first boot of a new install).