I have a VPS Server on the Cloud and I want to regularly backup the data to a Local NAS on my Office. (Monthly File System Backup and Daily Database Backup).
I have a Synology NAS on my office (which by the way is a piece of crap, but now that I have I might as well use it for something) and I'm planning to execute the Backup Scripts on the Remote Server, and then execute another script on my Local Synology NAS to download via FTP does backup files.
I could have decided to run only one script on the remote server to do the Backup and then SEND the data to my Synology, but that would be a security risk, because the Remote Server would have access to my local infrastructure, and what if got hacked? They could probably access my NAS and my office infrastructure and it would bring all kind of problems.
On the method I'm implementing, my NAS can access the Remote Server, but not the other way around.
To begin with, I cannot emphasize what a terrible product is the Synology NAS (I have model DS212j). Its slow, bulky, for some reason I gives me pretty awful network speeds (I'm able to transfer via LAN only 8 MB/s, when I'm on a Gigabyte network and I transfer between the same server and mi PC at 70 MB/s).
So here comes the Magic...
The NAS has a built-in Download Station with an "FTP Integration" which is also a piece of crap. I tried multiple connections and parameters and never got the darn thing to connected, further more it did not give an explanation of what the errors were.
So I had to apply basic Linux commands to get the ball rolling.
- Connect to the NAS via SSH
- Check if your able to connect to the Remote Server via SSH and/or FTP (sftp user@remoteip) (its going to request for your password)
- This password stuff is going to be a problem if, like me, you want to run it as a CRON (scheduled task), because the CRON Job is going to fail because its going to request for a password and its obviously not going to receive it.
- To get through this, you need to create a secure method on which the NAS can log in to the Remote Server without a password. An accepted and secure way to do this is through a SHH Key. You will need to create a SSH Key on your local server, and then copy the .pub key to your remote server. (http://www.ricardomalla.com/?p=892).
- BTW on the tutorial you'll see that once you create the SSH Key on your local sever you need to copy it using ssh-copy-id -i ~/.ssh/id_rsa.pub admin@destinationip. Well, this does not work in Synology so I have to copy it manually. Download it to my computer via FTP and Upload it. The origin and destination folders are: ~/.ssh/id_rsa.pub and /root/.ssh/authorized_keys. Another tricky part is you'll not be able to download this directly from FTP because you cannot access this folder, so what I did was copy this file to a "readable folder" For Example: cp /root/.ssh/id_rsa.pub /home/YOURUSERNAME and the you can download it. And on the remote server, you can Upload it to any folder and the in the same way copy it to the destination folder. You can to cat ~/id_rsa.pub >> ~/.ssh/authorized_keys.
- Once you do this, once again try to connect via SSH from you NAS and it should not ask for the password. If the connection is established your good to go to create your script.
IMPORTANT NOTE: The permission on the .ssh folder has to be 700 (or otherwise it will fail) and on the id_psa.pub 644.
Will post the script in a couple of days... Good Luck