The SSH Connections and SSH Keypairs widgets on the Backup Credentials screen display a list of SSH connections and key pairs configured on the system. Using these widgets, users can establish Secure Socket Shell (SSH) connections.

You must also configure and activate the SSH Service to allow SSH access.

To begin setting up an SSH connection, go to Credentials > Backup Credentials.

The Backup Credentials screen displays the SSH Connections and SSH Keypairs widgets.

You must also configure and activate the SSH Service to allow SSH access.

The SSH Connections and SSH Keypairs widgets display a list of SSH connections and key pairs configured on the system.

Rsync provides fast incremental data transfer to synchronize files between a TrueNAS host and a remote system. The Push function copies data from TrueNAS to a remote system. The Pull function copies data from a remote system to the TrueNAS local host system and stores it in the dataset defined in the Path field.

There are two ways to connect to a remote system and run an rsync task:

The Rsync Task widget on the Data Protection screen shows configured rsync tasks configured on the TrueNAS system, and provides access to configuration screens to add single-time or scheduled recurring transfers between TrueNAS and an rsync backup server. Rsync tasks are an effective method to back up data to a remote location.

The Rsync Tasks widget shows a list of tasks configured on the system.

Follow these best practices to administer TrueNAS securely.

• Modifying the base TrueNAS firmware image is unsupported and can create security issues.
• Keep TrueNAS up-to-date with the most recent updates for your supported version.
• Upgrade to new major releases promptly consistent with the deployment use case.
• Disable any network services when not in use.
• Restrict the TrueNAS web UI, IPMI, and any other management interfaces to private subnets away from untrusted users, or keep them disconnected when not in active use.
• Configure Syslog settings to send logs to an external server (CORE | SCALE).
• In TrueNAS 24.04 (Dragonfish) or later, locally monitor and review audit logs using the Audit screen.
• In the System > Advanced Settings, always keep Show Text Console without Password Prompt set to Disabled.

TrueNAS falls into the category of an appliance with its own operating system as covered in General Purpose Operating System SRG findings. Through connection to Active Directory, TrueNAS also complies with the Active Directory Domain Security Technical Implementation Guide SRG findings related to authentication and access controls for user, group, and systems.

The SSH service lets users connect to TrueNAS with the Secure SHell Transport Layer Protocol. When using TrueNAS as an SSH server, the users in the network must use SSH client software to transfer files with SSH.

Allowing external connections to TrueNAS is a security vulnerability! Do not enable SSH unless you require external connections. See Security Recommendations for more security considerations when using SSH.

To configure SSH go to System > Services, find SSH, and click edit to open the basic settings General Options configuration screen.

The System > Services > SSH screen allows you to set up SSH service on TrueNAS.

Click edit to open the Services > SSH configuration screen.

Allowing external connections to TrueNAS is a security vulnerability! Do not enable SSH unless you require external connections. See Security Recommendations for more security considerations when using SSH.

You must also configure SSH backup credentials to allow SSH access. See SSH Screens for more information.

Global Two-factor authentication (2FA) is great for increasing security.

TrueNAS offers global 2FA to ensure that entities cannot use a compromised administrator or root password to access the administrator interface.