©XSIBackup-Free: Free Backup Software for ©VMWare ©ESXi

Forum ©XSIBackup: ©VMWare ©ESXi Backup Software


You are not logged in.

#1 2021-05-16 13:46:01

herrep
Member
From: Munich
Registered: 2019-07-08
Posts: 79

XSIBackup-DC: Permission denied at Synology NAS after --add-key

Hi,

I followed the guide to access my Synology NAS as IP target in a XSIBackup-DC --replica job.  Therefore, I started with --add-key which appeared to work fine:

[root@esxi:/vmfs/volumes/hdd/XSIBackup-DC] ./xsibackup --add-key root@nas:22
|---------------------------------------------------------------------------------|
||-------------------------------------------------------------------------------||
|||   (c)XSIBackup-DC 1.5.0.3: Backup & Replication Software                    |||
|||   (c)33HOPS, Sistemas de Informacion y Redes, S.L. | All Rights Reserved    |||
||-------------------------------------------------------------------------------||
|---------------------------------------------------------------------------------|
                   (c)Daniel J. Garcia Fidalgo | info@33hops.com
|---------------------------------------------------------------------------------|
System Information: ESXi, Kernel 6 Major 7 Minor 0 Patch 0
-------------------------------------------------------------------------------------------------------------
PID: 34503796, Running job as: root
-------------------------------------------------------------------------------------------------------------
Key exchange routine
-------------------------------------------------------------------------------------------------------------
This is the routine to exchange keys with other servers
You will be prompted to enter the remote server's password
a number of times. Please do so, this is a one time operation
-------------------------------------------------------------------------------------------------------------
/!\ Remember to enable SSH out in the ESXi firewall
-------------------------------------------------------------------------------------------------------------
root@nas's password:
The remote server is of type: linux                                            OK
-------------------------------------------------------------------------------------------------------------
Let's look for the 'authorized_keys' file there...
-------------------------------------------------------------------------------------------------------------
root@nas's password:
The /root/.ssh/authorized_keys file does not exist
Do you want to create it? (y/n): y
root@nas's password:
The file /root/.ssh/authorized_keys was created
-------------------------------------------------------------------------------------------------------------
Checking if local public key exists at remote file...
-------------------------------------------------------------------------------------------------------------
root@nas's password:
Add local public key to root@nas:22:/root/.ssh/authorized_keys?
-------------------------------------------------------------------------------------------------------------
root@nas's password:
Local public key <xsibackup_id_rsa> has been
added to root@nas:22:/root/.ssh/authorized_keys                       OK
-------------------------------------------------------------------------------------------------------------
Remote server successfully linked for user root
-------------------------------------------------------------------------------------------------------------
Removed host <tmp> dir        OK
-------------------------------------------------------------------------------------------------------------
Removed prog <tmp> dir        OK
-------------------------------------------------------------------------------------------------------------
SSH session was closed        OK
-------------------------------------------------------------------------------------------------------------
Removed PID                   OK
-------------------------------------------------------------------------------------------------------------

Then I started my replica --action:

[root@esxi:/vmfs/volumes/nas/XSIBackup-DC] etc/jobs/099
Performing a cold backup as per the --backup-how argument.
-------------------------------------------------------------------------------------------------------------
|---------------------------------------------------------------------------------|
||-------------------------------------------------------------------------------||
|||   (c)XSIBackup-DC 1.5.0.3: Backup & Replication Software                    |||
|||   (c)33HOPS, Sistemas de Informacion y Redes, S.L. | All Rights Reserved    |||
||-------------------------------------------------------------------------------||
|---------------------------------------------------------------------------------|
                   (c)Daniel J. Garcia Fidalgo | info@33hops.com
|---------------------------------------------------------------------------------|
System Information: ESXi, Kernel 6 Major 7 Minor 0 Patch 0
-------------------------------------------------------------------------------------------------------------
License: | (c)XSIBackup-DC
-------------------------------------------------------------------------------------------------------------
Server root@nas:22 is not linked by public key, use --add-key command to exchange keys, returned: root@nas: Permission denied (publickey,password).
-------------------------------------------------------------------------------------------------------------
Removed host <tmp> dir        OK
-------------------------------------------------------------------------------------------------------------
Removed prog <tmp> dir        OK
-------------------------------------------------------------------------------------------------------------
Unlocked backup               OK
-------------------------------------------------------------------------------------------------------------
Removed PID                   OK
-------------------------------------------------------------------------------------------------------------
[root@esxi:/vmfs/volumes/nas/XSIBackup-DC]

When I manually log in at the Synology NAS from the ESXI server, I still need to enter my password, but ssh access to root@nas works.
xsibackup is in place at root@nas:/usr/bin.

When I re-run --add-key at the ESXI server, I cannot login any longer at root@nas. I see the key stored in /root/.ssh/authorized_keys at the Synology NAS, but I assume that something is wrong with this key, as I need to remove the key for the ESXI server therefrom to re-run --add-key successfully again.

However, I still fail to generate an authorized key that can be used for remote login from xsibackup.

Version: XSIBackup-DC 1.5.0.3

Best regards,
Peter

Offline

#2 2021-05-16 18:12:21

admin
Administrator
Registered: 2017-04-21
Posts: 1,825

Re: XSIBackup-DC: Permission denied at Synology NAS after --add-key

You will always need to enter your password, unless you tell the ssh client to use the exchanged key by using the -i option.

ssh -i xsibackup_id_rsa root@nas

Add the key and run the above code from the (c)XSIBackup-DC installation root. If you are not asked for a password, then your key exchange worked.

If the automatic login does not work either, run the command with the -vvv option to get the detail on the OpenSSH protocol conversation and the detail on why key authentication isn't working.

ssh -vvv -i xsibackup_id_rsa root@nas

When you run --add-key again after a successful key exchange, you should see a confirmation that the key is in the remote system and that key authentication is enabled.

You don't say what version of DSM you are using. Being able to use Synology as a backup device over IP depends on the DSM desing and SSH configuration options. Double check whether /root/.ssh/authorized_keys is the right place to store your public keys and check whether key authentication is enabled in the /etc/ssh/sshd_config file.

Offline

#3 2021-05-16 18:31:46

herrep
Member
From: Munich
Registered: 2019-07-08
Posts: 79

Re: XSIBackup-DC: Permission denied at Synology NAS after --add-key

Thanks to your explanations I could add the keys correctly and login. But when running a replica action, I see the following result in the log file:

Performing --replica action
-------------------------------------------------------------------------------------------------------------
ash: /usr/bin: Is a directory
Item number 1 in this job
-------------------------------------------------------------------------------------------------------------
vm Hardware Version is: 14
-------------------------------------------------------------------------------------------------------------
Virtual Machine: vm
-------------------------------------------------------------------------------------------------------------
Backup start date: 2021-05-16T18:26:22
-------------------------------------------------------------------------------------------------------------
2021-05-16 18:26:22 | Backing up 17 files, total size is 10.08 GB
-------------------------------------------------------------------------------------------------------------
    NUMBER                                                       FILE             SIZE          PROGRESS
-------------------------------------------------------------------------------------------------------------
    1/17                                                          vm.vmx          2.80 KB    | Done   0.00%
-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------
Removed current target dir: /volume1/backup/vm
-------------------------------------------------------------------------------------------------------------
SIGTERM (13) condition was trapped: check logs for more details
-------------------------------------------------------------------------------------------------------------
Cleaning up...
-------------------------------------------------------------------------------------------------------------
Removed host <tmp> dir        OK
-------------------------------------------------------------------------------------------------------------

The error log does not provide additional output.

Offline

#4 2021-05-16 18:36:29

herrep
Member
From: Munich
Registered: 2019-07-08
Posts: 79

Re: XSIBackup-DC: Permission denied at Synology NAS after --add-key

Ah, probably --remote-path does not only require the directory to xsibackup, but the full path?

--remote-path=/usr/bin/xsibackup did the trick, with xsibackup binary stored in /usr/bin.

Offline

#5 2021-05-16 19:47:44

admin
Administrator
Registered: 2017-04-21
Posts: 1,825

Re: XSIBackup-DC: Permission denied at Synology NAS after --add-key

You didn't say whether you were able to exchange keys correctly, nor what was causing your previous issue.
You aren't providing the jobs that produced the output you are posting, which makes almost impossible to offer some clue.
You don't need to pass the --remote-path argument, /bin and /usr/bin (which is usually just a hardlink to the former) are sought by default.

Offline

#6 2021-05-17 10:28:39

herrep
Member
From: Munich
Registered: 2019-07-08
Posts: 79

Re: XSIBackup-DC: Permission denied at Synology NAS after --add-key

The --remote-path=/usr/bin/xsibackup is just a reminder for me so that I do not forget to update xsibackup in the NAS upon performing an update of xsibackup on the ESXi host. Or is there a mechanism that prevents one from using different xsibackup versions between client and server?

Offline

#7 2021-05-18 06:06:27

admin
Administrator
Registered: 2017-04-21
Posts: 1,825

Re: XSIBackup-DC: Permission denied at Synology NAS after --add-key

The server component is updated automatically on every run.

Offline

Board footer