Rsync over SSH Freenas to Freenas

Status
Not open for further replies.

eok

Cadet
Joined
Mar 12, 2014
Messages
8
I've tried to set up Rsync over SSH between two Freenas systems according to the chapter "Configuring Rsync over SSH Mode Between Two FreeNAS® Systems" in the Freenas documentation (found on doc.freenas.org). I get the following error messages in /var/log/messages on the push system (nothing in the log files on the pull system):
freenas rsync: No ECDSA host key is known for [192.xxx.x.xxx]:xx and you have requested strict checking. ^M
freenas rsync: Host key verification failed.^M
freenas rsync: rsync: connection unexpectedly closed (0 bytes recieved so far) [sender]
freenas rsync: rsync error: unexplained error (code 255) at io.c(605) [sender=3.0.9]

I've tried to follow the guide closely and I have created rsa-keys and I've managed to copy the host key of the pull system into the file known_hosts on the push system.
SSH is running (and working) on both systems.
When creating the rsa-keys I was logged in as Root and I set the user for the rsync task to Root. However I have not allowed Root to log in via SSH, is this the problem?
Any suggestions are appreciated!
/Eok
 

leenux_tux

Patron
Joined
Sep 3, 2011
Messages
238
Have you tested running rsync manually (both push and pull) from the console (or from something like PUTTY) ?
 

eok

Cadet
Joined
Mar 12, 2014
Messages
8
No I have not tried that, but I will try it to see if it works.

Apperently I've requested "strict checking". Any suggestions on how I can change this?
 

SmallGuy

Guru
Joined
Jun 7, 2013
Messages
560
I think you have edit your key file under Windows.
Edit your key file under the shell (vi) and look at the end of each line. Your key has to be in one and unique line. Remove all '^M' characters. This is a classical mistake generating authentication keys.
 

eok

Cadet
Joined
Mar 12, 2014
Messages
8
Thank you smallguy for leding me in the correct direction! I finally got it to work, but I sort of stumbled on the solution.

I assumed that I by accident added ^M to my host key when editing it on a windows system and tried to find a way add a valid host key. During my efforts I discovered that if I added something in th "Public host key" for the root user using the web GUI the system automatically created the file authorized_keys and vice versa. I figured that if I copied the file id_rsa.pub from pull and put it in /root/.ssh, renamed it to authorized_keys everthing would work fine. I used the following command to copy the file
cat ~/.ssh/id_rsa.pub | ssh user@192.168.2.6 'cat >> .ssh/authorized_keys'

After hitting enter I got a question if I trusted the host, I answered yes and got the error message "read-only file system". I got this messages even if I issued "mount -o rw /" first. I however discovered that my known_hosts file had been changed and now contained the following:

[192.xxx.x.xxx]:ppppp ecdsa-sha2-nistp256 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxx

and after that everthing worked. After som further testing I realized that it is possible to add the ecdsa key to the known_hosts file using :
ssh-keyscan -p xxxxx -t ecdsa 192.xxx.x.xxx >> /root/.ssh/known_hosts
but there is a small difference and it looks like this in the file
192.xxx.x.xxx ecdsa-sha2-nistp256 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxx

I don't know if this works, but I suspect that it does.

One final question. I assume that the public key changes if my "external" IP Changes, but does the key change if I us a dynamic dns-service and my IP Changes (but the host name stays the same).

/Eok
 

SmallGuy

Guru
Joined
Jun 7, 2013
Messages
560
Just use the same ssh-keyscan command but with your dyndns adress following by '-p port_number' you use to reach the remote server and '-t type_of_key' to define the type of key to use. The known_host key will be save with the right synthax.
http://www.freebsd.org/cgi/man.cgi?query=ssh-keyscan&sektion=1
Several host key can be save in the same file.
For example a host key file can be filed with:
Your.dyndns.address ssh-rsa AAAABBBBBCCCCDDDD.....
Your.dyndns.address ssh-ecdsa-sha2-nistp256 WWWWXXXXYYYYZZZZ....
192.your.local.address ssh-rsa AAAABBBBBCCCCDDDD.....

For the record, the key is specific to the remote server, and is independent of the ip address.
In the example, as the 1st and 3rd keys are both ssh-rsa type and are from the same remote server, both of them are the same, just the headers are different.
 
Status
Not open for further replies.
Top