Mounted, but not unlocked?
That’s impossible for an encrypted dataset.
Perhaps I’m using the wrong terms, I understand unlocked to mean decrypted. Possibly being swayed by the unlocked padlock on the truenas display. I have already seen that it is possible to send encrypted data to a remote system and have it still locked / encrypted. What does unlocked mean to you?
OK, so I had a break for a while and am back on this. The bit that I hadn’t started testing, is doing this via an unprivileged account. I have found that there are some specific zfs allow commands that are needed and I think I have that working, however to fully test I need ssh working first.
What is confusing me is the ssh keypair. This is because in the replication GUI, it wants admin accounts. Using the manual option appears to get around that, but the docs still say it needs to be an admin account.
I looked at generating it for the non-root user at the terminal, however this doesn’t seem to be associated with the user account when you go via the gui. The GUI also seems to be backwards of what you normally do, i.e I normally put the public key into the remote system that I’m connecting to, however here it wants a public key into the local system I’m connecting from. This makes no sense so I guess it isn’t for this use case.
The replication setup wants host key pairs. It says it wants them to be set up in the Credentials, Backup Credentials, Key Pairs area. So I’ve created one called key-local on the remote system and pasted into a local system as key-remote in the key pairs area But it doesn’t work and simply says [EFAULT] no lines in OPENSSH private key file when running the backup task.
What is also confusing me, is it seems that these key pairs do not associate with a user. So I assume that the SSH connection, is host to host only and doesn’t need anything extra special done other than that. There is an ssh group available which I’ve added to the non-root user but that didn’t make any difference.
There seem to be too many choices and the documentation is a bit conceptual and therefore a bit lacking on specifics.
I have tried generating key pairs in terminal also but this seems to be a waste of time given the replication agent only wants to use them from the key pairs area.
Anyone know what I’m meant to do? This is quite frustrating.
On Electric Eel latest BTW.
Thanks.
OK I figured it out. The Keygen generator does nothing but generate keys and you have to include its private key in the local system and include the host key of the remote system plus add the public key to the remote system. I wasn’t expecting three keys.