Minimum Permissions for Replication Account?

0

0nighthawk0

Dabbler
Joined
Jan 6, 2021
Messages
21
Hi all,

Got two servers with the same data on (roughly) and need to enable replication.

Some jobs will go one way and some the other, so for now happy to set same user accountname and auth on both machines.

Ideally I want this account doing the replication to use the most minimal permissions it requires to do its job.

Yes its easy to set root and forget, but that isn't really what I want - so if anyone can let me know the groups and/or minimal permissions an account will need that would be most helpful.

if anyone else has a similar setup and is willing to share details i'd be most interested - eventually this second server is going offsite (but i have a plan for that).

I will be using SSH obviously, but want to know the minimum required permissions for an account that can replicate data over it and restore the snapshots.

Thanks.
 
Last edited:
0

0nighthawk0

Dabbler
Joined
Jan 6, 2021
Messages
21
Also when i try to get a hostkey,when setting up ssh - 1 server has an ed25519 key, the other an RSA key . both on 12.0-U1.1.

I'd prefer ed25519 for both, is there a way I can change this? Either through the GUI or otherwise?

- Ok solved this bit. Hardened my ssh config to only allow certain host keys and restarted the servers.
Removed the
-ecdsa-sha2-nistp256
Alogrithm and allowed only 3 hostkey algorithms in the aux parameters that i'd wish to use.

FYI by default two weak ciphers are enabled, why this is by default I have no idea. So i turned these off.

I advise possibly improving the ssh security parts of the documentation as standards are moving on all the time, although appreciate backwards compatibility is important.

-Still would like help with the minimum required access for replication account. Currently its running as root and I don't want that.

Don't really care who knows my aux parameters for ssh, so i will put it here. Current Feb21 - and could be further improved but i need some of the other access and this will do for a basic start.

Code:
NoneEnabled no
Protocol 2
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
 
Last edited:
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Minimum Permissions for Replication Account?"

Similar threads

0
Minimum Permissions for a Replication Account
Replies
0
Views
559
0nighthawk0
0
NugentS
Snapshot Replication between TN Core and TN Core, Permissions
Replies
0
Views
512
NugentS
NugentS
H
Samba ACL share permissions as viewed from a Mac
Replies
0
Views
868
honkfink
H
J
When are SMB permissions going to be fixed?
Replies
12
Views
5K
jayecin
J
HarambeLives
Replicated Snapshots confusion and possible permissions bug
Replies
12
Views
1K
winnielinnie
winnielinnie
Top