Table of Contents
Want to do rsync to/from a Synology (perhaps to do backups with rsnapshot) and you want to use SSH keys?
Synology GUI
Make an rsync user with read and possibly write permissions to the desired share(s). Can use an existing user at your discretion.
Synology SSH
SSH to the box with a sudo-capable account.
Enable SSH keys in general:
sudo vim /etc/ssh/sshd_config
Uncomment each of:
PubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keysChallengeResponseAuthentication no
If enabling rsync on a dedicated account, become that account: sudo -u rsync /bin/bash
Put the key into .ssh/authorized_keys.
Constrain permissions appropriately. From homedir:
chmod 700 . .ssh chmod 600 .ssh/authorized_keys
Credit here for the above.
Rsync as root?
Generally, rsync'ing as root is bad. However, if you're pulling backups, it's the only way to read all files and preserve their permissions (necessary if you're using the NAS in a UNIX-like way). To do this, the above directions work, but with one issue. On rsync, you'll get the error "ERROR: user has disabled/expired". This is coming from the rsync layer, not ssh, and it's because the root account is "disabled".
Surprisingly, this is fixed from the GUI of Synology – find the account called "admin" and enable it, and that will fix rsync-as-root.
: Secure your SSH key fastidiously, as it now is an admin credential to the whole NAS box.