Rsync over SSH - Pull from Cygwin on Windows Server

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
I would like to set up an automated task using rsync on my FreeNAS (freenas.corp.nxxxxxxx.com). The data that needs to be synced is located on a Windows server (dc.corp.nxxxxxxx.com) on which I have already installed Cygwin and Open SSH. The data needs to go from the Windows server to the FreeNAS, so if I've interpreted the documentation correctly, the FreeNAS will be on the PULL side and the windows server will be on the PUSH side. However, the documentation then states that the rsync task should be created on the PUSH end. For my scenario I would like to create the rsync task on the PULL (FreeNAS) side. I've already tested and confirmed that it works by using the following command from shell on FreeNAS:

rsync -arv --no-perms administrator@dc.corp.nxxxxxxx.com:/cygdrive/d/UsersTemp/ /mnt/OneTBPool/UsersTemp/

When I try to set up the Rsync Task based on my test command I get the following error:
In order to user rsync over SSH you need a user with a private key (DSA/ECDSA/RSA) set up in home dir.
Disconnect Error [ error code 14 ] was generated when trying to communicate with remote host dc.corp.nxxxxxxx.com and remote user administrator.

Rsync.JPG


I've followed the documentation describing how to set up the Rsync Task as far as setting up the users but I was not able to complete the step where is says to run the command: "ssh-keyscan -t rsa 192.168.2.6 >> /root/.ssh/known_hosts" - which I attempted to perform in Cygwin on the windows server (I did change the IP to the correct one for FreeNAS and substituted "administrator" for "root"). That gave me an error but everything else it said to do I was able to complete successfully.

I did check the windows server and the "id_rsa.pub" file is located in "C:\Users\Administrator.CORP\.ssh", is that not where it should be? When I generated it, I just accepted the default location. I've also checked that Port 22 is open.

I've done a ton of research to try and figure this out but I haven't found any sources of information with enough detail that covers this particular scenario. Can someone tell me if what I am trying to do is even possible or if there is a better way?
 

Meyers

Patron
Joined
Nov 16, 2016
Messages
211
The User field is asking for the local FreeNAS user. Do you have an "administrator" user created on the FreeNAS system?
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
Yes I did create a new user in FreeNAS for Administrator following the documentation but whenever I wasn't sure on any of the options I just accepted the defaults:

Administrator.jpg
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
I'm wondering now what permissions the destination directory needs for administrator user to be able to write to it, this is what it's showing in shell:

[root@freenas /mnt/OneTBPool]# ls -l
total 57
drwxr-xr-x 3 administrator wheel 11 Apr 8 14:39 administrator
drwxr-xr-x 24 544 1049089 24 Apr 3 12:32 UsersTemp
[root@freenas /mnt/OneTBPool]#
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
From the "Tasks" section in the documentation, I need a little clarification on this section:

Next, copy the host key of PULL using Shell on PUSH. The command copies the RSA host key of the PULL server used in our previous example. Be sure to include the double bracket >> to prevent overwriting any existing entries in the known_hosts file:

ssh-keyscan -t rsa 192.168.2.6 >> /root/.ssh/known_hosts


My PULL is the FreeNAS on ip 192.168.0.206 and PUSH is my windows server on ip 192.168.0.223. So for the "/root/.ssh/known_hosts" that is the assumed location of the .ssh folder in root's home directory? I don't have a home directory for root on the windows server so I should substitute the home directory for administrator? It's at C:\Users\Administrator.CORP\.ssh but there is no known_hosts file in it. Am I interpreting this correctly?
 

Meyers

Patron
Joined
Nov 16, 2016
Messages
211
OK - so as administrator on your FreeNAS box, you need to generate a key by running ssh-keygen. Then run ssh-copy-id [your windows box]. Then try setting up the rsync task again.
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
I ran the ssh-keygen from shell on FreeNAS (first I ran su administrator to switch users) and that worked without any errors. I'm having trouble with the ssh-copy-id command though. I've run it as ssh-copy-id dc.corp.nxxxxxxx.com and more specifically as ssh-copy-id -i /mnt/OneTBPool/administrator/.ssh/id_rsa.pub administrator@dc.corp.nxxxxxxx.com which is the path that ssh-keygen said it saved the key to when I ran it initially. It gives this error:

[administrator@freenas ~/.ssh]$ ssh-copy-id -i /mnt/OneTBPool/administrator/.ssh/id_rsa.pub administrator@dc.corp.nxxxxxxx.com
administrator@dc.corp.nxxxxxxx.com's password:
The system cannot find the path specified.

I checked that id_ras.pub does exist in that path on the FreeNAS. So my guess is there is something amiss on the windows server, though the error isn't really specific about where I should be looking.
 

Meyers

Patron
Joined
Nov 16, 2016
Messages
211
Maybe try opening the Cygwin shell on the Windows box and copying the key from ~/.ssh/id_rsa.pub on FreeNAS to ~/.ssh/authorized_keys on Windows. Then try ssh'ing from administrator@freenas to administrator@windows. It shouldn't prompt you for a password.
 

Meyers

Patron
Joined
Nov 16, 2016
Messages
211
BTW I mean opening /mnt/OneTBPool/administrator/.ssh/id_rsa.pub on FreeNAS, copying the contents, and then manually pasting it into /home/administrator/.ssh/authorized_keys on windows.
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
Upon looking at the Cygwin configuration on the windows server, it seems I had some issues there so I've reinstalled it and confirmed the the Open SSH packages were installed from within the Cygwin installer and the services are configured and running (it was running before but something was not right with it).

I also manually copied and pasted the contents of the id_rsa.pub from the FreeNAS to the authorized_keys file on the windows server.

Anyhow, I seemed to have solved one of my errors in the Rsync Task setup windows but I'm still getting this one:
Disconnect Error[ error code 14 ] was generated when trying to communicate with remote host dc.corp.nxxxxxxx.com and remote user administrator.

So for some reason they are not communicating. If I attempt a basic command from shell on FreeNAS:
ssh -l administrator dc.corp.nxxxxxxx.com 'date'

This is what it tells me:
[root@freenas ~]# su administrator
[administrator@freenas /root]$ ssh -l administrator dc.corp.nxxxxxxx.com 'date'
administrator@dc.corp.nxxxxxxx.com's password:
Permission denied, please try again.


So it's still prompting for a password and even when I give it the correct one (afaik) then I'm still getting a permission problem. I suspect the problem is with SSH on the windows server and I'm not entirely certain my configuration is correct so I will continue to investigate.
 

Meyers

Patron
Joined
Nov 16, 2016
Messages
211
Sometimes that is due to ~/.ssh/authorized_keys permissions. On Windows, try running chmod 600 ~/.ssh/authorized_keys.

If that doesn't work, find out where sshd on windows logs to. It should tell you why it's not accepting public key auth.
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
Here is the output from the same command with -v: ssh -v -l administrator dc.corp.nxxxxxxx.com 'date'

[root@freenas ~]# su administrator
[administrator@freenas /root]$ ssh -v -l administrator dc.corp.nxxxxxxx.com 'date'
OpenSSH_7.5p1, OpenSSL 1.0.2q-freebsd 20 Nov 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 3: Deprecated option "useroaming"
debug1: Connecting to dc.corp.nxxxxxxx.com [192.168.0.223] port 22.
debug1: Connection established.
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_rsa type 1
debug1: Fssh_key_load_public: No such file or directory
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_rsa-cert type -1
debug1: Fssh_key_load_public: No such file or directory
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_dsa type -1
debug1: Fssh_key_load_public: No such file or directory
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_dsa-cert type -1
debug1: Fssh_key_load_public: No such file or directory
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_ecdsa type -1
debug1: Fssh_key_load_public: No such file or directory
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_ecdsa-cert type -1
debug1: Fssh_key_load_public: No such file or directory
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_ed25519 type -1
debug1: Fssh_key_load_public: No such file or directory
debug1: identity file /mnt/OneTBPool/administrator/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5 FreeBSD-20170903
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to dc.corp.nxxxxxxx.com:22 as 'administrator'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:gOF1RDXZj6SBi0l2clPcdZl564ddIjSynd6WXpbatqA
DNS lookup error: general failure
debug1: Host 'dc.corp.nxxxxxxx.com' is known and matches the ECDSA host key.
debug1: Found key in /mnt/OneTBPool/administrator/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: Fssh_kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /mnt/OneTBPool/administrator/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /mnt/OneTBPool/administrator/.ssh/id_dsa
debug1: Trying private key: /mnt/OneTBPool/administrator/.ssh/id_ecdsa
debug1: Trying private key: /mnt/OneTBPool/administrator/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
administrator@dc.corp.nxxxxxxx.com's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
administrator@dc.corp.nxxxxxxx.com's password:
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
I haven't found the log yet (my next task) but just for the heck of it I decided to run the same command ssh -v -l administrator freenas.corp.nxxxxxxx.com 'date' from the windows server instead. This is what I got in the Cygwin terminal:

$ ssh -v -l administrator freenas.corp.nxxxxxxx.com 'date'
OpenSSH_7.9p1, OpenSSL 1.0.2r 26 Feb 2019
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to freenas.corp.nxxxxxxx.com [192.168.0.206] port 22.
debug1: Connection established.
debug1: identity file /home/Administrator/.ssh/id_rsa type 0
debug1: identity file /home/Administrator/.ssh/id_rsa-cert type -1
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
debug1: identity file /home/Administrator/.ssh/id_dsa-cert type -1
debug1: identity file /home/Administrator/.ssh/id_ecdsa type -1
debug1: identity file /home/Administrator/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/Administrator/.ssh/id_ed25519 type -1
debug1: identity file /home/Administrator/.ssh/id_ed25519-cert type -1
debug1: identity file /home/Administrator/.ssh/id_xmss type -1
debug1: identity file /home/Administrator/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9-hpn14v15
debug1: match: OpenSSH_7.9-hpn14v15 pat OpenSSH* compat 0x04000000
debug1: Authenticating to freenas.corp.nxxxxxxx.com:22 as 'administrator'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:JgKJPXBCaFgcUwUm3E6Zawqn6eHDahGv7LRWnd/3n4o
The authenticity of host 'freenas.corp.nxxxxxxx.com (192.168.0.206)' can't be established.
ECDSA key fingerprint is SHA256:JgKJPXBCaFgcUwUm3E6Zawqn6eHDahGv7LRWnd/3n4o.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'freenas.corp.nxxxxxxx.com,192.168.0.206' (ECDSA) to the list of known hosts.
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /home/Administrator/.ssh/id_rsa RSA SHA256:qm3F3gniespCnelUdntBASBcGbXG9Ynnl6nNUfQ6nFg
debug1: Will attempt key: /home/Administrator/.ssh/id_dsa
debug1: Will attempt key: /home/Administrator/.ssh/id_ecdsa
debug1: Will attempt key: /home/Administrator/.ssh/id_ed25519
debug1: Will attempt key: /home/Administrator/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/Administrator/.ssh/id_rsa RSA SHA256:qm3F3gniespCnelUdntBASBcGbXG9Ynnl6nNUfQ6nFg
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/Administrator/.ssh/id_dsa
debug1: Trying private key: /home/Administrator/.ssh/id_ecdsa
debug1: Trying private key: /home/Administrator/.ssh/id_ed25519
debug1: Trying private key: /home/Administrator/.ssh/id_xmss
debug1: Next authentication method: password
administrator@freenas.corp.nxxxxxxx.com's password:
debug1: Authentication succeeded (password).
Authenticated to freenas.corp.nxxxxxxx.com ([192.168.0.206]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Ignored authorized keys: bad ownership or modes for directory /mnt/OneTBPool/administrator
debug1: Sending command: date
Wed Apr 10 11:43:55 EDT 2019
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2220, received 2460 bytes, in 0.0 seconds
Bytes per second: sent 103241.9, received 114403.2
debug1: Exit status 0

What I find interesting here is this: "Remote: Ignored authorized keys: bad ownership or modes for directory /mnt/OneTBPool/administrator". It did come back with the date as requested though.
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
I created a new user on the FreeNAS side (rsync) just to rule out that I mis-configured anything when I created the administrator user - which is likely since I'm still learning (all I know so far I've learned from Google).

I found some other examples with regards to the SSH setup and did some further testing, from the windows server I can ssh rsync@freenas.corp.nxxxxxxx.com in the Cygwin terminal and it comes back with:

FreeBSD 11.2-STABLE (FreeNAS.amd64) #0 r325575+9a3c7d8b53f(HEAD): Wed Mar 27 12:41:58 EDT 2019

FreeNAS (c) 2009-2019, The FreeNAS Development Team
All rights reserved.
FreeNAS is released under the modified BSD license.

For more information, documentation, help or support, go here:
http://freenas.org
Welcome to FreeNAS
[rsync@freenas ~]$


So now it works going in that direction and there's no password prompt. When I do the same command from FreeNAS shell ssh administrator@dc.corp.nxxxxxxx.com I get this:

[rsync@freenas /root]$ ssh Administrator@dc.corp.nxxxxxxx.com
Administrator@dc.corp.nxxxxxxx.com's password:
Permission denied, please try again.
Administrator@dc.corp.nxxxxxxx.com's password:
Permission denied, please try again.
Administrator@dc.corp.nxxxxxxx.com's password:
Permission denied (publickey,password,keyboard-interactive).
[rsync@freenas /root]$

It looks to me like FreeNAS looking for a domain user and the keys I generated in Cygwin are associated with the local user account. I'm not sure if I should be telling the FreeNAS to connect with the local user account or if I should be running Cygwin with the domain user account and regenerate the keys? Or maybe this has nothing to do with my problem?
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
OK, so after more experimenting, I was finally able to add the Rsync task without errors. In FreeNAS, on the Rsync Task setup page where it asks for the remote host I did have to add the user exactly as it shows in the Cygwin terminal - which is the local user. After that I did still get the same error until I remembered to update the authorized_keys file for that user on the windows server with the new user I made on FreeNAS (which I called rsync). I've scheduled the Rsync Task to execute in a few minutes so waiting to see what the result is.
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
Well I guess I will have to keep trying:

[root@freenas /var/log]# tail messages
Apr 10 15:15:00 freenas rsync: rsync: extended attributes are not supported on this server
Apr 10 15:15:00 freenas rsync: rsync error: syntax or usage error (code 1) at main.c(1585) [server=3.1.2]
Apr 10 15:15:00 freenas rsync: rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
Apr 10 15:15:00 freenas rsync: rsync error: error in rsync protocol data stream(code 12) at io.c(226) [Receiver=3.1.3]
Apr 10 15:35:00 freenas rsync: rsync: extended attributes are not supported on this server
Apr 10 15:35:00 freenas rsync: rsync error: syntax or usage error (code 1) at main.c(1585) [server=3.1.2]
Apr 10 15:35:00 freenas rsync: rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
Apr 10 15:35:00 freenas rsync: rsync error: error in rsync protocol data stream(code 12) at io.c(226) [Receiver=3.1.3]
[root@freenas /var/log]#


At least I'm making progress!
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
Ok so fixing the error in the prior post was an easy one, I just had to uncheck the "Preserve extended attributes" in the Rsync Task. Now I just have to figure this out:

Apr 10 15:55:24 freenas rsync: rsync: recv_generator: mkdir "/mnt/OneTBPool/DataArchive/team" failed: Permission denied (13)
Apr 10 15:55:24 freenas rsync: *** Skipping any contents from this failed directory ***
Apr 10 15:55:25 freenas rsync: rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1673) [generator=3.1.3]
[root@freenas /var/log]#
 

RockW

Dabbler
Joined
Apr 4, 2019
Messages
14
Permission denied error was fixed by changing the owner of the pool to user that I created to run the task (rsync). So no errors in the log and I see the files on the FreeNAS where they should be. I wish it would e-mail me a report when it's done running though! Thanks Meyers for pointing me in the right direction :)
 

t08

Cadet
Joined
Sep 10, 2020
Messages
3
i had similar problem even though ssh key was right and so on
got this in logs:
Permission denied, please try again.
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [Receiver=3.1.3]

after running rsync manually and search for that problem that pooped up, i realized it was rsync, not the ssh part that was the issue (SHH shell worked fine) I tried to pull data from my old synology, and they don't use standard path.
on the other system i run:
which rsync
got back
/bin/rsync

after adding --rsync-path=/bin/rsync
it works! puh
 
Top