nick_
Cadet
- Joined
- Aug 28, 2018
- Messages
- 3
I'm setting up a replication task between two FreeNAS servers, which I'll call A and B. I've created a dedicated user on both machines, and configured the user's SSH settings on both to allow authentication using a private key from A -> B.
I've figured out all the ZFS permissions and can successfully zfs send and zfs receive from the command line.
Now my problem:
No matter what I specify in the replication task settings, the task tries to use an insecure private key at /data/ssh/replication, and completely ignores the key in the dedicated user's home directory. I say insecure because the key used is stored on the unencrypted boot volume, as opposed to the dedicated user's key which is on an encrypted volume.
Perhaps I'm paranoid, but I'd prefer that if server A is stolen, the thief not be able to remotely log into server B using the easily obtainable key on the boot volume.
Is this a bug? Am I just crazy? Could the key to be used be a task scoped option (this shouldn't break backwards compatibility)?
I've edited /usr/local/www/freenasUI/tools/autorepl.py to use the correct key, but expect this will break every upgrade.
I've figured out all the ZFS permissions and can successfully zfs send and zfs receive from the command line.
Now my problem:
No matter what I specify in the replication task settings, the task tries to use an insecure private key at /data/ssh/replication, and completely ignores the key in the dedicated user's home directory. I say insecure because the key used is stored on the unencrypted boot volume, as opposed to the dedicated user's key which is on an encrypted volume.
Perhaps I'm paranoid, but I'd prefer that if server A is stolen, the thief not be able to remotely log into server B using the easily obtainable key on the boot volume.
Is this a bug? Am I just crazy? Could the key to be used be a task scoped option (this shouldn't break backwards compatibility)?
I've edited /usr/local/www/freenasUI/tools/autorepl.py to use the correct key, but expect this will break every upgrade.