0

I would like to send a ZFS dataset to a Mac running OpenZFS. I have been able to replicate a FreeNAS dataset to a Mac running OpenZFS using the terminal. I did this using SSH password authentication. I'd like to setup a FreeNAS (FreeBSD based NAS Server) replication task for this, but I'm getting permission denied errors since I don't have an SSH key setup.

I have tried setting up a Replication task in the FreeNAS GUI, pointing to the IP of my remote Mac, then pressing the SSH Key Scan button, and it did populate a key. I tried saving that key text to a file, and using the ssh-add command on the remote Mac to add it, but it keeps asking for a password, which I don't know. If I leave blank, it just ends the command (or maybe adds it but I still fails).

What steps I would need to take to use an SSH key between my FreeNAS server and my remote Mac running OpenZFS? I found information on the web on how to generate an SSH key on FreeNAS but I don't want to mess up my existing replication tasks. Perhaps it won't, but I don't want to risk bringing down all my existing replications while I attempt things I've never done.

Swisher Sweet
  • 617
  • 2
  • 9
  • 19

1 Answers1

3

If I get you right, essentially want to ssh from your Free NAS to a Mac without needing to type a password. A few steps will do that.

On the Free NAS as the user that's going to execute ssh:

ssh-keygen -t rsa

It will ask for a password twice, press ENTER twice.

This will generate two files: .ssh/id_rsa (your private key) and .ssh/id_rsa.pub (your bublic key in a easy to transfer ASCII encoding).

Nex on your MAC you have to create a file named authorized_keys, which is located in the user's .ssh directory. Put the content of your newly created id_rsa.pub (it's just one line) into authorized_keys; if authorized_keys was there before, append that line.

To be more clear, I'll make an example. If on your Free NAS you wuld type

ssh Mac -l replicate_user

you best log in as replicate_user on youer Mac and create that authorized_keys file. It should be located in replicate_users's .ssh directory, which in turn should be in it's home directory. It is critical to have correct access rights on .ssh directory; if it does not exist yet, easiest way to achieve correct asccess rights is to type "ssh-keygen -t rsa" as replicate_user on the Mac.

That's all you need to make ssh login work without password typing.

As long as there is no ssh key there already in .ssh directory, creating a new one won't break anything, and if it would, you couldjust remove it. Just don't overwrite an existing one. If there is one already, use the .pub content to populate authorized_keys on the Mac.

This login-without-password stuff works great; just be aware, that whoever has your id_rsa file - he can log in to the Mac without password, too.

And of course you may use other key types than RSA; xou just have to give a key type, so I used -t rsa in this example.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
TomTomTom
  • 611
  • 3
  • 6