Backup to your Synology NAS with rsync


If you, like me, have a Synology NAS at home, you might want to offload some files from your other servers as a backup.
This might come in handy, if your server hosting provider takes extra for backup, then why not just backup to your own home and save yourself a couple of bucks!

In this article I will be explaining step by step, how you can perform a backup task using rsync from your external Linux server (Debian Stretch in this case) to your Synology NAS automatically and on a schedule.
This will require you to fiddle with your Synology NAS via SSH. If that makes you uncomfortable, this guide is not going to be for you.
You will also need to know how to setup port forwarding to allow access to your NAS.

First step will be to enable rsync on your Synology NAS:

  • Go to the Web interface and continue to the Control Panel
  • Go to File Services and choose the rsync tab at the top
  • Put a check mark in Enable rsync service (I would highly recommend generating a random port number for rsync activity to increase security)
  • Press the Apply button
  • A new Share will be created automatically called NetBackup (This is where your backups will be stored)

Second step will be to create a new user on your Synology NAS to use specifically for rsync:

  • Once again go to the Web interface and continue to the Control Panel
  • Go to User and press the Create button to create a new user
  • Call the user rsync (or whatever you would prefer to call the user) and press Next
  • The user does not need to be part of any special group, so just put it in regular users group and press Next
  • Now find the newly created share (NetBackup) on the list and give the user Read/Write access to it and press Next
  • User quota settings only matters, if you would make sure that it can only take up a certain amount of space. If that doesn’t matter to you, press Next
  • When assigning application permissions, find rsync (Shared Folder Sync, LUN Backup on supported models), allow it and press Next
  • User Speed Limit Settings shouldn’t matter either and you can press Next and lastly Apply to create the user

If you have not set up home folders for your Synology users, we will have to enable it by going to The Control Panel -> User -> Advanced. Then Scroll to the bottom and put a check mark in Enable user home service. This is going to be important because of what we’re going to do next.
Now, enable SSH access to your Synology NAS. If it isn’t already active go to: Control Panel -> Terminal & SNMP -> Enable SSH service (As with rsync, I would recommend using another port than the default 22)
Connect to your Synology NAS using your favorite SSH client (I prefer PuTTY myself) and the administrator credentials.

Type the below command to start working as root. While using this account, please be careful with what you type:
sudo su

Go to the home directory of the rsync user that we created earlier:
cd /volume1/homes/rsync

Create a folder that will be used to store SSH key generated information:
mkdir .ssh

Give it the correct ownership:
chown rsync:users .ssh

And the correct permissions:
chmod 711 .ssh

Enter the .ssh folder:
cd .ssh

Create an empty file called authorized_keys:
vim authorized_keys

To exit and save the file enter: :wq and press Enter

Change the owner of the file:
chown rsync:users authorized_keys

Change the permissions:
chmod 711 authorized_keys

Let’s get started on the external server!
SSH to the external server with an appropriate user that has access to the content that you would like to back up and use the following command:
ssh-keygen

Follow the instructions to have what I like to call a key and keyhole generated. Do not set a passphrase, as the passphrase will then be needed in the rsync command.
The key is named id_rsa and the keyhole is named id_rsa.pub. They are put into your currently logged on users .ssh folder, which you can access by entering:
cd .ssh
The content of the id_rsa.pub file has to be copied to your authorized_keys file on the Synology NAS, to allow the external server to rsync its content.

When this has been done, we are ready to try and perform an rsync from the external server:
rsync -av --delete -e "ssh -i /home/[USER]/.ssh/id_rsa -p [RSYNC PORT ON YOUR SYNOLOGY NAS]" [/home/user/important/stuff] [email protected][DOMAIN.TLD]::NetBackup/
Replace [USER] with the user of your external server
Replace [RSYNC PORT ON YOUR SYNOLOGY NAS] with the port that you went with for rsync on your Synology NAS
Replace [/home/user/important/stuff] with the directory that you would like to back up
Replace [DOMAIN.TLD] with the address to your Synology NAS

If you do not wish for the rsync to delete backed up files on the Synology NAS, when they are deleted on the external server, just remove –delete from the command
If you would like to have it run automatically, you can setup a cronjob on your external server, for example:
0 0 * * * rsync -av –delete -e “ssh -i /home/[USER]/.ssh/id_rsa -p [RSYNC PORT ON YOUR SYNOLOGY NAS]” [/home/user/important/stuff] [email protected][DOMAIN.TLD]::NetBackup/

I’d love to get your feedback if this did or didn’t work for you!

Have any Question or Comment?

24 comments on “Backup to your Synology NAS with rsync

pyrho

I also had to modify some sshd configuration and change the permission on the home directory of the newly created user.

Reply
GnaXi

Hi Pyrho,
Thank you for your comment!

Could you elaborate on what changes you did to the sshd configuration and what level of permission change you did to the home directory of the user, to help out others that might experience issues following my guide?

Reply
PuffyThePirateBoy

Had some issues too. To be honest, I am not sure what exactly was the final factor. But I updated /etc/ssh/sshd_config and uncommented “#PubkeyAuthentication yes”. Then I restarted the SSH service by just turning it off then on again.

Additionally changed the permissions where the final row eventually got things going:
chmod 700 /volume1/homes/rsync/.ssh
chmod 600 /volume1/homes/rsync/.ssh/authorized_keys
chmod 755 /volume1/homes/rsync

Reply
GnaXi

Thanks for sharing! Might help others that are stuck too! 🙂

Reply
Dylan

I’d like to know this aswell tho..

Reply
Big Eric

Is it possible to backup a Linux device to Synology NAS where the Linux machine is passive? Linux server in a DMZ and Want to backup and restore without the need to provide Linux box with authority to punch through firewall or coding Synology credentials on Linux box.

Reply
GnaXi

You could schedule running a custom script from DSM on your Synology.
An example would be:
rsync -avz --rsh='ssh -i/volume1/SHARENAME/SSHKEYFILE -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' [email protected]:/ /volume1/SHARENAME/BACKUPFOLDERNAME

(Credit for this answer goes to: anders.io)

Reply
Myflag

I always get the following error when attempting to sync files from a remote server to my Synology. Can you offer any advice?

rsync: mkdir “/test-rsync” failed: Permission denied (13)
rsync error: error in file IO (code 11) at main.c(657) [Receiver=3.1.2]

I’ve tried both commands:
rsync -avzhe “ssh -p [port]” [email protected][server]:/volume1/NetBackup/ /test-rsync/
rsync -avzhe “ssh -p [port]” [email protected][server]::NetBackup/ /test-rsync/

I will appreciate your assistance!

Reply
GnaXi

Hi Myflag,

It seems like your rsync user doesn’t have the correct permissions.
Make sure that the user actually has read and write access to your NetBackup share.

Reply
little bear

Hi GnaXi , PuffyThePirateBoy
I followed your suggestions above, but get still prompted for the rsync password. What is wrong? I appreaciate your suggestions.

Reply
GnaXi

Hi,

If the external server asks for a password, when using the rsync command, it is usually a permission related issue.
Make sure that the correct permissions has been set for the “authorized_keys” file on the NAS.
Check the permissions by using the following command while in the .ssh folder of the rsync user:
ls -l

The result should be something similar to the following (date and size may differ):
-rwx–x–x 1 rsync users 1135 Jul 20 2018 authorized_keys

Reply
Bill Barrington

So this is working fine for me when I run rsync manually. I plan to set up up on cron, but don’t you have to supply the rsync account’s password? How is that done using cron?

Reply
GnaXi

No. That is what the authorized_keys is for.
It will automatically accept connections with other servers with the correct key.

Reply
Bill Barrington

Doesn’t work for me. It’s asking for the rsync user’s password.
Below is the command I’m using. Are you saying that you can run a similar command and it does NOT ask you for the password of the rsync user?

rsync -av –delete -e ‘ssh -i /home/rsync/.ssh/id_ecdsa -p 8022’ /home/bill/tmp [email protected]:NetBackup

Reply
GnaXi

Yes, but are you running the command from your Synology NAS or the other server?
With the setup I’ve presented, the command should be run from the other server, not the Synology NAS.
On the external servers that I’m using this on, I’ve setup a crontab to perform the rsync daily at midnight:
0 0 * * * rsync -av –delete -e “ssh -i /home/rsync/.ssh/id_rsa -p xxxx” “/home/user/data/” “[email protected]::NetBackup/server_backup/”

Reply
Bill Barrington

Yes I’m running the command from the server, NOT the NAS.
After many hours of debugging, turns out the the sticky bit was set on the home directory of the rsync user on the NAS. Clearing it allows me to connect without a password.

GnaXi

Happy to hear that you found a solution! 🙂
Could you specify exactly what you did, so that I can change the article accordingly, in case of other people experiencing the same issue?

Bill Barrington

Sure. On my NAS, the home directory of ‘rsync’ looked like below:
drwx–x–x+ 1 rsync users 26 Oct 25 15:27 rsync
Notice the plus (+) sign after the mode bits. If you issue the command: chmod -t ~/ (where ~/ is the rsync home dir), it will remove the sticky bit.

But this leads me to a second question. 🙂 With this change, the rsync command now executes properly, but I have to have added my key to ssh-agent prior to executing the command. Adding the key to the agent requires entering the passphrase, so I still am unable to automate this with a cronjob. How did you get around that? If I create keys without a passphrase, does that provide a way around that? Thanks.

Reply
Bill Barrington

I just created a key pair without a passphrase and I can now automate it with cronjob. Maybe you should add this to your instructions as well. Thanks very much for your post.

Reply
GnaXi

Thank you for your feedback! My key pairs was created without a passphrase from the start, so I never thought of adding that to the article!
I’ll add it right away 🙂

Reply
Matt Bridges

Hi, great guide thank you, I followed it but it still asked me for a password before it would start the sync. The only thing I changed slightly was I uploaded the rsa file to my synology and then changed the file name to authorized_keys. It then asked for password for the rsync user on my synology before it started syncing. I’d like to run a cronjob for this but worried it won’t sync as it will need a password?

Reply
GnaXi

Glad that you liked the article! 🙂
When generating the rsa file, did you put a password on it? If you did, it will ask for the password and it will have to be put into the crontab as well.
I would recommend just creating an rsa file without a password, as it doesn’t make it less secure, as long as you keep tabs on the file.

About a week ago I discovered that Synology’s Active Backup for Business supports rsync and is waaaay easier to setup than this!
I would suggest giving it a try! I will make an article about it soon.

Reply
Matt Bridges

Thanks for this. It is asking for the password for the rsync user on Synology as when I put this password in (Synology wont let me create the user without a password) I’m fairly certain I didn’t set up a password when creating the rsa file. Any ideas on why it is asking for the user password?

Reply
GnaXi

Hi Matt,

If you’re being asked for the password of the rsync user, the permissions has not been set up correctly for the authorized_keys file.
Please see some of the previous comments, as a couple of solutions has been suggested.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

− 1 = 4