Rsync over SSH from Truenas Scale to ReadyNAS failing

Hi there,

I’ve been trying to get Rsync over SSH to a ReadyNAS working, but it keeps failing with the error: “permission denied publickey”

Using the admin account on the Truenas I have followed the documentation to setup an SSH Keypair and SSH Connection between my Truenas and the ReadyNAS. These complete successfully. I created an Rsync Push Task using the SSH connection to the ReadyNAS and it fails with the error “permission denied publickey”. I am using an account named Rsync on both NAS’s with matching UID’s and credentials for this purpose, that has be specified as the account to create the connection with on the SSH connections.

My troubleshooting has been to try and initiate an SSH connection via the Terminal from the Truenas to the ReadyNAS and it fails to find a private key on the Truenas according to the logs when attempting ssh -vvv rsync@readynas

Creating an SSH connection from the ReadyNAS to the Truenas is successful and I can run an Rsync pulling data from the Truenas.

Can I have some clarity regarding where the keypairs generated in the Backup Credentials section are kept so I can check the permissions on the private key or where to check it it exists?

Thanks

Lets start with which version of TrueNAS software?

They are stored in the configuration database, but you should be able to find them.

So, there’s a question about using them in terminal???

Apologies for not including the version of Truenas I’m using before, it is

Truenas Version
ElectricEel-24.10.0.2

My question is really trying to understand why the Rsync errors with the following message:

Rsync Error:
rsync@192.168.0.20: Permission denied (publickey).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(231) [sender=3.2.7]

It doesn’t seem to be able to use the private key stored on the Truenas in the backup credentials SSH keypair to successfully authenticate to the dedicated rsync user on the ReadyNAS. The associated public key has been imported to the ReadyNAS for the user.

I used the terminal to try and diagnose why the SSH connection is falling.

I’m greeted with the following output:

SSH Error
root@truenas[~]# ssh -v rsync@192.168.0.20
OpenSSH_9.2p1 Debian-2+deb12u3, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.20 [192.168.0.20] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1-hpn14v5 Debian-5+deb8u7.netgear1
debug1: compat_banner: match: OpenSSH_6.7p1-hpn14v5 Debian-5+deb8u7.netgear1 pat OpenSSH
compat 0x04000000
debug1: Authenticating to 192.168.0.20:22 as ‘rsync’
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KCv5MH1RRnAltupKDwyUTlmskVmPPjydOnija/Mneg8
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host ‘192.168.0.20’ is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Trying private key: /root/.ssh/id_dsa
debug1: No more authentication methods to try.
rsync@192.168.0.20: Permission denied (publickey).

I’m trying to understand why it can’t use the associated private key in the SSH keypair to successfully authenticate.

Do I need to generate a keypair for a specific user in the terminal on the Truenas for this to work?