The Synology ecosystem offers a great variety of different apps you can install on your NAS for all kinds of data operations and Synology’s default “Hyper Backup” tool allows you to setup all kinds of backup jobs. However, the UI falls a bit flat if you want to perform some simple file syncs from your Linux machines or tinker boards.
There are probably some additional apps that would allow you to assemble some kind of construct for this as well. However, you don’t need to dig that deep, since another great thing (or at least I personally really like this), is that you can also make use of some standard Linux commands to get the job done on the Synology.
In the case of our Sync, or backup job if you will. We can use “Rsync” to transfer our files from our devices onto the Synology which we can run via a secure SSH tunnel since both are already available on your NAS!
Introduction
There are two ways how we could handle this, you could either connect from our “Productive System “ to your Synology, or the other way around. Whatever method you choose you will need to copy the SSH key from one device to another.
What method works better for you depends on your use case, however if your purpose of this action is to serve as a backup. I would strongly recommend to keep access to your NAS as little as possible to lower the attack area to it. The point of the backup is to be safe, isn’t it?
So if you can, try to let the Synology pull the Data from your machines. Rather then pushing it.
Something that I deployed now already a couple of time on different locations is a single Onside NAS, which is pulling the data from multiple machines within the network via Rsync. The combined data of the location is than transferred via Synology’s build in services to a different offsite NAS, or the cloud. The 3-2-1 rule is always a good rule of thumb to keep in mind. This approach is quite handy as people who aren’t that familiar with the shell can keep an eye for the health of the backups via the DiskStation UI.
Preparation
As both cases require an SSH key, lets start by creating one. If you decide to “Push” your data to your Synology, you should execute these commands on your Synology. For a “Pull” configuration you will need to run these commands on your source machine. For simplicity lets call this device(s) from now on our “Target” (Since we will log into it!). I just assume you know how to use Rsync & SSH, anyhow lets have a quick recap, for this not being the case.
On the Target Device:
You can Generate an SSH keypair by running the following command:
ssh-keygen -t rsa -b 4096
It will prompt you for a storage location & optional passphrase. In our case we want to leave both empty (default). This should create the following files for you within your home folder (unless you changed the name, when prompted)
~/.ssh
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
Before you continue make sure to apply the correct file rights to those to prevent unauthorized access:
chmod 0700 ~/.ssh
chmod 0600 ~/.ssh/id_rsa*
Copy the content of your Public Keyfile to our list of authorized keys:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
Afterwards lets get our private key, which we will need later again. You can print its content to your console by running:
cat ~/.ssh/id_rsa
Make sure to copy the output without any newlines or spaces! Since we need this to authenticate our other device.
Finally open lets open up our SSH config and ensure we allow key based SSH connections.
sudo nano /etc/ssh/sshd_config
Look for the following lines and check that both values are set to yes:
RSAAuthentification yes
PubkeyAuthentification yes
Then you can restart your SSH service (but watch out this might disconnect you, if you are connected via SSH)
sudo /etc/init.d/ssh restart
Now lets continue on our other machine. Lets call this our “Actor”, since this machine will perform our actions. Its the one, which will initiate our backup process! Generally I recommend to setup dedicated user accounts for backup Jobs. This makes tracing back potential issues within your logs way easier.
When you use your Synology as “Actor” you might need to enable SSH first to be able to login. You can do this via the “DiskStation UI” under Control Panel >>> Terminal & SNMP there check “Enable SSH Service” and notes stated below within the DiskStation.
Lets ensure our user has our required authentication folder by running:
mkdir -p ~/.ssh
Then create a new file & open it in nano (our text editor of choice, since you don’t know how to escape vim, don’t you?) and paste the following configuration into it:
nano ~/.ssh/config
Host YOURTARGETIP
IdentitiesOnly yes
IdentityFile ~/.ssh/TARGET.rsa
(You can close nano with STRG + X)
Be aware to adjust the target ip and if desired identity filename. Which is what we create next in the given location by pasting our previously copied Keyfile content in it.
This will allow us to connect to our “Target” device without any additional authentication prompts.
When you are doing this on your Synology you can use the “File Station” to manually create this folder & upload the “config & .rsa” file into the respective home folder!
ssh root@IP-DES-PI -p 22
However before you do that it might be wise to confirm Rsync is actually present on our “Actor”. You can check that by running:
which rsync
which should show you a path like "/usr/bin/rsync". If that isn’t the case you can simply install it via
sudo apt-get install rsync
However this should already be present on most system, e.g. the Synology is also using it internally for Hyper backup :)
File Sync
The actual file sync via Rsync can then be executed via an simple scheduled job. When you opted to go for a “Push” configuration you can define this via an cronjob by running:
crontab -e
Which allows you to edit the “cronfile” which contains a list of commands that you want to run on a regular schedule. Simply add the following line to the end of the file to run initiate a new sync process every night:
0 0 * * * /usr/bin/rsync -avz -e ssh YOURTARGETUSER@YOURTARGETIP:YOURTARGETPATH /YOURSYNOLOGYDISK/YOURSYNOLOGYPATH/$(date +%Y%m%d)/ >> /YOURSYNOLOGYDISK/YOURSYNOLOGYPATH/$(date +%Y%m%d).log 2>&1
Tipp: When your aren’t that familiar with the first few letters of the command, which define the schedule at which your command should run. Use Crontab Guru 🧘♂️ https://crontab.guru
When you opted for the “Pull” configuration you have the benefit of the DiskStation UI to do so. This can be done via the “Process Manager” of the Synology. For that simply go to:
Control Panel >>> Task Scheduler and add a new “User Defined Script” via the create button at the top of the window.
You can define a schedule & email configuration to your linking and then add the following code within the “Run Command” textfield under the “Task Settings Tab”.
/usr/syno/bin/rsync -avz -e ssh YOURTARGETUSER@YOURTARGETIP:YOURTARGETPATH /YOURSYNOLOGYDISK/YOURSYNOLOGYPATH/$(date +%Y%m%d)/ >> /YOURSYNOLOGYDISK/YOURSYNOLOGYPATH/$(date +%Y%m%d).log 2>&1
That’s it you should now be able to use your trustworthy Synology NAS to backup your invaluable root server as well as your army of tinker boards.
Hope this more in depth explanation proofs useful for someone and if you out there have other approaches for this feel free to let me know.