Backup to your Synology NAS with rsync


If you, like me, have a Synology NAS at home, you might want to offload some files from your other servers as a backup.
This might come in handy, if your server hosting provider takes extra for backup, then why not just backup to your own home and save yourself a couple of bucks!

In this article I will be explaining step by step, how you can perform a backup task using rsync from your external Linux server (Debian Stretch in this case) to your Synology NAS automatically and on a schedule.
This will require you to fiddle with your Synology NAS via SSH. If that makes you uncomfortable, this guide is not going to be for you.
You will also need to know how to setup port forwarding to allow access to your NAS.

First step will be to enable rsync on your Synology NAS:

  • Go to the Web interface and continue to the Control Panel
  • Go to File Services and choose the rsync tab at the top
  • Put a check mark in Enable rsync service (I would highly recommend generating a random port number for rsync activity to increase security)
  • Press the Apply button
  • A new Share will be created automatically called NetBackup (This is where your backups will be stored)

Second step will be to create a new user on your Synology NAS to use specifically for rsync:

  • Once again go to the Web interface and continue to the Control Panel
  • Go to User and press the Create button to create a new user
  • Call the user rsync (or whatever you would prefer to call the user) and press Next
  • The user does not need to be part of any special group, so just put it in regular users group and press Next
  • Now find the newly created share (NetBackup) on the list and give the user Read/Write access to it and press Next
  • User quota settings only matters, if you would make sure that it can only take up a certain amount of space. If that doesn’t matter to you, press Next
  • When assigning application permissions, find rsync (Shared Folder Sync, LUN Backup on supported models), allow it and press Next
  • User Speed Limit Settings shouldn’t matter either and you can press Next and lastly Apply to create the user

If you have not set up home folders for your Synology users, we will have to enable it by going to The Control Panel -> User -> Advanced. Then Scroll to the bottom and put a check mark in Enable user home service. This is going to be important because of what we’re going to do next.
Now, enable SSH access to your Synology NAS. If it isn’t already active go to: Control Panel -> Terminal & SNMP -> Enable SSH service (As with rsync, I would recommend using another port than the default 22)
Connect to your Synology NAS using your favorite SSH client (I prefer PuTTY myself) and the administrator credentials.

Type the below command to start working as root. While using this account, please be careful with what you type:
sudo su

Go to the home directory of the rsync user that we created earlier:
cd /volume1/homes/rsync

Create a folder that will be used to store SSH key generated information:
mkdir .ssh

Give it the correct ownership:
chown rsync:users .ssh

And the correct permissions:
chmod 711 .ssh

Enter the .ssh folder:
cd .ssh

Create an empty file called authorized_keys:
vim authorized_keys

To exit and save the file enter: :wq and press Enter

Change the owner of the file:
chown rsync:users authorized_keys

Change the permissions:
chmod 711 authorized_keys

Let’s get started on the external server!
SSH to the external server with an appropriate user that has access to the content that you would like to back up and use the following command:
ssh-keygen

Follow the instructions to have what I like to call a key and keyhole generated. Do not set a passphrase, as the passphrase will then be needed in the rsync command.
The key is named id_rsa and the keyhole is named id_rsa.pub. They are put into your currently logged on users .ssh folder, which you can access by entering:
cd .ssh
The content of the id_rsa.pub file has to be copied to your authorized_keys file on the Synology NAS, to allow the external server to rsync its content.

When this has been done, we are ready to try and perform an rsync from the external server:
rsync -av --delete -e "ssh -i /home/[USER]/.ssh/id_rsa -p [RSYNC PORT ON YOUR SYNOLOGY NAS]" [/home/user/important/stuff] rsync@[DOMAIN.TLD]::NetBackup/
Replace [USER] with the user of your external server
Replace [RSYNC PORT ON YOUR SYNOLOGY NAS] with the port that you went with for rsync on your Synology NAS
Replace [/home/user/important/stuff] with the directory that you would like to back up
Replace [DOMAIN.TLD] with the address to your Synology NAS

If you do not wish for the rsync to delete backed up files on the Synology NAS, when they are deleted on the external server, just remove –delete from the command
If you would like to have it run automatically, you can setup a cronjob on your external server, for example:
0 0 * * * rsync -av –delete -e “ssh -i /home/[USER]/.ssh/id_rsa -p [RSYNC PORT ON YOUR SYNOLOGY NAS]” [/home/user/important/stuff] rsync@[DOMAIN.TLD]::NetBackup/

I’d love to get your feedback if this did or didn’t work for you!

Have any Question or Comment?

36 comments on “Backup to your Synology NAS with rsync

pyrho

I also had to modify some sshd configuration and change the permission on the home directory of the newly created user.

Reply
GnaXi

Hi Pyrho,
Thank you for your comment!

Could you elaborate on what changes you did to the sshd configuration and what level of permission change you did to the home directory of the user, to help out others that might experience issues following my guide?

Reply
PuffyThePirateBoy

Had some issues too. To be honest, I am not sure what exactly was the final factor. But I updated /etc/ssh/sshd_config and uncommented “#PubkeyAuthentication yes”. Then I restarted the SSH service by just turning it off then on again.

Additionally changed the permissions where the final row eventually got things going:
chmod 700 /volume1/homes/rsync/.ssh
chmod 600 /volume1/homes/rsync/.ssh/authorized_keys
chmod 755 /volume1/homes/rsync

Reply
GnaXi

Thanks for sharing! Might help others that are stuck too! 🙂

Reply
Dylan

I’d like to know this aswell tho..

Reply
Big Eric

Is it possible to backup a Linux device to Synology NAS where the Linux machine is passive? Linux server in a DMZ and Want to backup and restore without the need to provide Linux box with authority to punch through firewall or coding Synology credentials on Linux box.

Reply
GnaXi

You could schedule running a custom script from DSM on your Synology.
An example would be:
rsync -avz --rsh='ssh -i/volume1/SHARENAME/SSHKEYFILE -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' SERVERUSERNAME@SERVERHOST:/ /volume1/SHARENAME/BACKUPFOLDERNAME

(Credit for this answer goes to: anders.io)

Reply
Myflag

I always get the following error when attempting to sync files from a remote server to my Synology. Can you offer any advice?

rsync: mkdir “/test-rsync” failed: Permission denied (13)
rsync error: error in file IO (code 11) at main.c(657) [Receiver=3.1.2]

I’ve tried both commands:
rsync -avzhe “ssh -p [port]” rsync@[server]:/volume1/NetBackup/ /test-rsync/
rsync -avzhe “ssh -p [port]” rsync@[server]::NetBackup/ /test-rsync/

I will appreciate your assistance!

Reply
GnaXi

Hi Myflag,

It seems like your rsync user doesn’t have the correct permissions.
Make sure that the user actually has read and write access to your NetBackup share.

Reply
little bear

Hi GnaXi , PuffyThePirateBoy
I followed your suggestions above, but get still prompted for the rsync password. What is wrong? I appreaciate your suggestions.

Reply
GnaXi

Hi,

If the external server asks for a password, when using the rsync command, it is usually a permission related issue.
Make sure that the correct permissions has been set for the “authorized_keys” file on the NAS.
Check the permissions by using the following command while in the .ssh folder of the rsync user:
ls -l

The result should be something similar to the following (date and size may differ):
-rwx–x–x 1 rsync users 1135 Jul 20 2018 authorized_keys

Reply
Pranav

Hi GnaXi,

Thanks a lot for your post. I could just now run the rysnc command too w/o providing rsync user’s password. Hence I will now be able to automate it using the cron utility. In my initial tries I did have to give its password quite a few times until I noticed that my authorised_keys file was under rsync’s home directory & not under the rsync/.ssh directory! Silly me!! 🙂

I had copied the id_rsa.pub from my MacBook to the rsync folder initially in order to get it from my Mac where I had generated it. Thanks to Bill Barrington too as I had that (+) sticky bit too both on the rysnc directory and the authorized_keys file in the .ssh directory which I removed using the chmod -t command first on [rysnc’s home directory] and then the same command for the authorised_keys file too in my .ssh directory.

As for the permissions, you are very right as initially the owner was my own Mac’s user initially and then I moved it to the right directory using the root of my NAS drive so the owner was set to root too. So checking the file with the ls -l command is critical till we have what it should be finally in the .ssh directory.

Phew!! Sorted, this is a fabulous task which I wanted to automate from some time. Thanks once again for your lovely post. Keep it up!!

Regards,
Pranav

Reply
GnaXi

Hi Pranav!

Thank you for your feedback. Happy to hear that my article was useful for you! 😀

Reply
Bill Barrington

So this is working fine for me when I run rsync manually. I plan to set up up on cron, but don’t you have to supply the rsync account’s password? How is that done using cron?

Reply
GnaXi

No. That is what the authorized_keys is for.
It will automatically accept connections with other servers with the correct key.

Reply
Bill Barrington

Doesn’t work for me. It’s asking for the rsync user’s password.
Below is the command I’m using. Are you saying that you can run a similar command and it does NOT ask you for the password of the rsync user?

rsync -av –delete -e ‘ssh -i /home/rsync/.ssh/id_ecdsa -p 8022’ /home/bill/tmp [email protected]:NetBackup

Reply
GnaXi

Yes, but are you running the command from your Synology NAS or the other server?
With the setup I’ve presented, the command should be run from the other server, not the Synology NAS.
On the external servers that I’m using this on, I’ve setup a crontab to perform the rsync daily at midnight:
0 0 * * * rsync -av –delete -e “ssh -i /home/rsync/.ssh/id_rsa -p xxxx” “/home/user/data/” “[email protected]::NetBackup/server_backup/”

Reply
Bill Barrington

Yes I’m running the command from the server, NOT the NAS.
After many hours of debugging, turns out the the sticky bit was set on the home directory of the rsync user on the NAS. Clearing it allows me to connect without a password.

GnaXi

Happy to hear that you found a solution! 🙂
Could you specify exactly what you did, so that I can change the article accordingly, in case of other people experiencing the same issue?

Bill Barrington

Sure. On my NAS, the home directory of ‘rsync’ looked like below:
drwx–x–x+ 1 rsync users 26 Oct 25 15:27 rsync
Notice the plus (+) sign after the mode bits. If you issue the command: chmod -t ~/ (where ~/ is the rsync home dir), it will remove the sticky bit.

But this leads me to a second question. 🙂 With this change, the rsync command now executes properly, but I have to have added my key to ssh-agent prior to executing the command. Adding the key to the agent requires entering the passphrase, so I still am unable to automate this with a cronjob. How did you get around that? If I create keys without a passphrase, does that provide a way around that? Thanks.

Reply
Bill Barrington

I just created a key pair without a passphrase and I can now automate it with cronjob. Maybe you should add this to your instructions as well. Thanks very much for your post.

Reply
GnaXi

Thank you for your feedback! My key pairs was created without a passphrase from the start, so I never thought of adding that to the article!
I’ll add it right away 🙂

Reply
Matt Bridges

Hi, great guide thank you, I followed it but it still asked me for a password before it would start the sync. The only thing I changed slightly was I uploaded the rsa file to my synology and then changed the file name to authorized_keys. It then asked for password for the rsync user on my synology before it started syncing. I’d like to run a cronjob for this but worried it won’t sync as it will need a password?

Reply
GnaXi

Glad that you liked the article! 🙂
When generating the rsa file, did you put a password on it? If you did, it will ask for the password and it will have to be put into the crontab as well.
I would recommend just creating an rsa file without a password, as it doesn’t make it less secure, as long as you keep tabs on the file.

About a week ago I discovered that Synology’s Active Backup for Business supports rsync and is waaaay easier to setup than this!
I would suggest giving it a try! I will make an article about it soon.

Reply
Matt Bridges

Thanks for this. It is asking for the password for the rsync user on Synology as when I put this password in (Synology wont let me create the user without a password) I’m fairly certain I didn’t set up a password when creating the rsa file. Any ideas on why it is asking for the user password?

Reply
GnaXi

Hi Matt,

If you’re being asked for the password of the rsync user, the permissions has not been set up correctly for the authorized_keys file.
Please see some of the previous comments, as a couple of solutions has been suggested.

Reply
GnaXi

Hi Matt,

I mentioned previously that I was going to create a post explaining how to use Active Backup for Business instead of the method mentioned in this post.
The post has been created and can be found here: https://gnax.io/backup-to-synology-nas-with-rsync-using-active-backup-for-business/

Please let me know how it goes! 🙂

Reply

I want to backup a folder of my server to my NAS. The problem is while using the rsync command on the server, i have to enter the rsync user’s password of the NAS. As am using ssh key it should not ask for login password. What might be wrong? Please help me.
PS : After entering the password the syncing is happening.

Reply
GnaXi

Yes, there seems to be a lot of people having this issue and it is related to the permission system on the Synology NAS, which is a pain in the butt!
Luckily I have come to a much easier and better solution, using an application on the Synology NAS called Active Backup for Business.
I have moved to this solution myself and it is working flawlessly!
I’ve created a new post with step-by-step instructions: https://gnax.io/backup-to-synology-nas-with-rsync-using-active-backup-for-business/

Please let me know how it goes! 🙂

Reply
tiraq

Hi GnaXi !
First of all thank you for this such easy tutorial, was pretty easy to setup for me and I appreciate it 😀

As many comments said, rsync asks me a password when I use the last command.
Unlucky for me, my Synology doesn’t support Active Backup for Business. So I had to find an other solution 😀

The thing is, as Bill Barrington suggested, the sticky bit was set on the home directory of rsync on the NAS.
To solve that, I’ve just removed the stickybit on this directory with the following commands :

chmod -t /volume1/home/rsync
chmod -t /volume1/home/rsync/authorized_keys

Now it just works fine 😀
Thaaaaaaaanks again for the tutorial, I have been searching for a solution and none of them worked until today !

PS: Sorry for potential mistakes in my comment, french guy here xD

Reply
GnaXi

Glad you liked it and thank you very much for your feedback! 😀
Hope that your comment can help other people that might stumble into the same issue! 🙂

Reply
Ender Wiggins

an additional problem:

on the host, gnome-keyring can be a problem. You can generate a private-pub key pair with:

ssh-keygen -t rsa -f ~/.ssh/your-key-name -b 4096 -v -C rsync

(upload it with ssh-copy-id or manually)

and use the new key to login onto the Synology NAS.

also, this line is incorrect:

“The user does not need to be part of any special group, so just put it in regular users group and press Next”

on the DSM218+ ssh / telnet config section:

“SSH/Telnet only supports logging into the system with accounts belonging to the administrators group”

Reply
Bala

What would be the rsync command if i want Photo share from synology to be copied to Photo share on my QNAP, will sync two-way meaning if i delete file a photo from synology it gets removed form qnap and vice-versa?

Reply
GnaXi

Hi Bala,
rsync is not a two-way synchronization tool. It takes the data from one location and copies it to another.
You could however run the rsync command from both locations at different times, but I do believe that it could cause some unintended issues.

Reply
BigDong

Hi Mr Gnaxi and thank you for your article.

I want to rsync to two different volumes, after activating the rsync service, I have the NetBackup drive.

How can I have two volumes for the rsync service ?

Usually, rsync does not need to have a running service, you can rsync to any server with rsync and ssh. What is the service for ?

Reply
limera

Hi all,

I have a problem with setting up these SSH keys. I have everything prepared based on this instruction, result of ls -l command:

for .ssh:
-rwx–x–x 1 rsync users 1 Apr 4 19:44 authorized_keys

and for authorized_keys:
-rwx–x–x 1 rsync users 1 Apr 4 19:44 authorized_keys

First I tried to add the key manually, I copied the content of id_rsa.pub from the remote server and pasted it into authorized_keys on Synology. Without luck.

Then – I also tried to run this command from a remote server:
~$ ssh-copy-id “-p *custom_port_number* rsync@*nas_hostname*”

it asked me for the password, and ended with: “Permission denied, please try again.”

I also tried to run rsync command:
rsync -av -e “ssh -i /home/*user*/.ssh/id_rsa -p *custom_port_ui*” /home/*user*/public_html/*folder* rsync@*nas_hostname*::NetBackup/Backup-test

it asked for password and worked fine.

Can you help me? What can I do to import this key manually? Or – what else should I verify to check why ssh-copy-id does not work?

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

+ twenty one = twenty five