I’ve been meaning to use my DNS323 NAS as some Private Cloud Sync for files I wanted to share-and-sync across several computers on my LAN, while retaining a centralized backup with weekly snapshots.
This is the second part of the howto. The first discusses the process of building Unison (and OCAML) for the DNS-323.
If your DNS-323 doesn’t have FFP and SSH setup and enabled already, please review one of the many howto’s available on the internet.
This part has been covered in details in the First Part of this Howto. Please read the following article: « Building Unison for the D-Link DNS-323 NAS for 2-way Sync »
By default, the DNS-323’s root home is setup in a volatile portion of the filesystem. Everything gets reset when the DNS-323 reboots. We need a permanent storage on the DNS-323 for root in order to get SSH’s key login and Unison’s synchronization data.
The following is a self-made hack, it just works so I didn’t bother looking for other methods. We will simply copy the existing root’s home to the NAS’s hard drive, and link the new home.
Login to your DNS-323’s SSH shell:
# cd /
# mkdir /ffp/home
# mv /home/root /ffp/home/
# ln -s /ffp/home/root /home/root
Now, we will create a small startup script to relink the permanent storage at boot up. Create and edit the following file: /ffp/start/homesetup.sh. Its content should be:
#!/ffp/bin/sh
# Relink root's home on ffp
rmdir /home/root
ln -s /ffp/home/root /home/root
Let’s make the file executable and we’re all done:
# chmod +x /ffp/start/homesetup.sh
I had issues with the SSH client that is built-in with Unison (it kept crashing with out of memory errors, on a 8GB computer). I also read several articles that recommended using Cygwin’s SSH instead, so here it goes.
Download and install either setup-x86.exe or setup-x86_64.exe from Cygwin’s Installation page.
The installation process is pretty straightforward. For the purpose of this howto, here are some of the parameters of my installation:
Because we will want to setup Unison as an automated script, we will need to have a password-less login to SSH. We will achieve that with SSH keys.
First, login to your DNS-323 by SSH. We will create an identification key for SSH sessions. When the ssh-keygen executable asks for your passphrase, make sure to hit Enter without a password.
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/root/.ssh/id_rsa.
Your public key has been saved in /home/root/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@dns323.mynetwork.local
The steps above created two files in your .ssh/ directory. The one we will be most interested in is id_rsa.pub. It will allow root@dns323.mynetwork.local to login to SSH with the key file instead of a password:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArkwv9X8eTVK4F7pMlSt45pWoiakFkZMw
G9BjydOJPGH0RFNAy1QqIWBGWv7vS5K2tr+EEO+F8WL2Y/jK4ZkUoQgoi+n7DWQVOHsR
ijcS3LvtO+50Np4yjXYWJKh29JL6GHcp8o7+YKEyVUMB2CSDOP99eF9g5Q0d+1U2WVdB
WQM= root@dns323.mynetwork.local
Now, we need to enable key-logins in the SSH parameters, and reboot the NAS in order to restart the SSH service with the new parameters.
First, let’s enable the key parameters. Open the /ffp/etc/ssh/sshd_config file in your favorite editor and make sure the following lines are uncommented:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Second, let’s make sure that the key we created earlier is authorized and we will reboot:
# cd /ffp/home/root/.ssh
# cp id_rsa.pub authorized_keys
# reboot
Next, wait until the DNS-323 is finished rebooting (it takes about a minute) and open a Cygwin Terminal on your Windows 8 computer. We will transfer the .id_rsa.pub file that was just generated.
Daymz@Windows8 ~ $ mkdir /home/Daymz/.ssh
Daymz@Windows8 ~ $ cd /home/Daymz/.ssh
Daymz@Windows8 ~/.ssh $ sftp root@dns323.mynetwork.local
Connected to dns323.
sftp> get .ssh/id_rsa*
Fetching /mnt/HD_a2/ffp/home/root/.ssh/id_rsa to id_rsa
/mnt/HD_a2/ffp/home/root/.ssh/id_rsa 100% 1675 1.6KB/s 00:00
Fetching /mnt/HD_a2/ffp/home/root/.ssh/id_rsa.pub to id_rsa.pub
/mnt/HD_a2/ffp/home/root/.ssh/id_rsa.pub 100% 401 0.4KB/s 00:00
sftp> quit
Daymz@Windows8 ~/.ssh $ cp id_rsa.pub authorized_keys
Daymz@Windows8 ~/.ssh $ chmod 0600 *
Daymz@Windows8 ~/.ssh $ chgrp Users *
Now, we should be able to login as root on the DNS-323 without a password.
Daymz@Windows8 ~ $ ssh root@dns323.mynetwork.local
root@dns323:/mnt/HD_a2/ffp/home/root# Exit
Connection to dns323 closed.
Daymz@Windows8 ~ $
Disclaimer: be very careful to keep that id_rsa file private. Anyone who can access that file will be able to login to your DNS-323 as root.
Download Unison for Windows from its Official web site. It will send you to the official Windows binaries download site. At time of writing, Unison v2.40 is the latest version.
Unison’s installation process is very simple and straightforward:
Unison will store all synchronization rules in a file called a Profile. These files are stored in the User’s directory within a « .unison » folder and they carry the .prf extension.
For the purpose of this Howto, we will create a profile in C:\Users\Daymz\.unison\Dns323.prf and it will contain the following configuration details:
# Folders to synchronize
root = C:\Users\Daymz\Documents\SynchronizedFolderOnWindows8Computer\
root = ssh://root@dns323.mynetwork.local/mnt/HD_a2/SynchronizedFolderOnServer/
# SSH arguments: use cygwin's ssh and enable compression (-C)
sshcmd = c:\progra~1\cygwin\bin\ssh.exe
sshargs = -C
# Folders to exclude
ignore = Path {FolderThatWillNotBeSynchronized}
# Fastcheck
fastcheck = true
# Prevent chmod issues
perms = 0
dontchmod=true
# Work silent
batch=true
# Prevent deletion of all files if all files are localy deleted
confirmbigdeletes=true
# When running from the command line be silent, only show errors
silent = true
# Use file time not folder time for changes
times=true
The most notable portions of the Profile are:
Let’s test this out by launching the Unison GTK executables, opening the Dns323 profile we just created and synchronizing for the first time. If everything works fine, there should be no errors and synchornization should work flawlessly.
Once you’ve verified that your dns323 Profile works fine in Step 2, we will automate this by creating a Scheduled Task:
If there is enough interest, I will create a new article to explain the backup-snapshot-diff process on the DNS-323.
[…] Here is the follow-up to this article: Installing Unison for 2-way Sync between Windows 8 and a DNS-323 NAS […]