SFTP and QuFTP and Backups, Oh my!

Wow, is my mind spinning…

I have an Unraid server. I want to do offsite backups. So I’ve been using Duplicacy to backup to OneDrive, but I want to use a separate NAS…specifically QNAP. I see both of them support SFTP (Although QNAP rebrands theirs QuFTP). But getting them to talk to each other seems next to impossible. Key Files? PuttyGen? RSA, ECDSA, EdDSA? How the hell would I rebuild after I loose my data? Everyone talks about backups and keeping things offsite…but how in practice is this supposed to work securely? I’m a facilities guy…not IT. This is a hobby. Where do you all go to get knowledge on how this is supposed to work? I’m running into the weeds where you can’t find a YouTube tutorial and I want to make sure my backups are robust enough to actually be used to reconstruct data after a catastrophic failure. Does anyone have experience with SFTP?

QuFTP seems to be an implementation of FTPS (FTP with tis support). So, you will want to configure Duplicity to use an FTP backend. This should be straightforward through the QNAP UI, provided you have a VPN connection between the servers. Configuring Duplicity should be as simple as selecting the ftp backend.

If you loose data on the Unraid server, you will restore data by running duplicity backwards: pulling the data from the QNAP server to the Unraid server. If you lose data on the QNAP server, you will have to create a new backup on the server.

One of the options in Duplicacy to configure storage is SFTP. It seems like I’m having problems with certificates, as I can access the Qnap NAS just fine using FileZilla.

I’m trying to configure everything on my home network before I try deploying it remotely (I have a feeling that is going to be a new PITA). I’m thinking that doing a simple offsite backup shouldn’t be this involved or complicated. If someone designed a docker that could be installed on both client and host to simplify all the VPN, tunneling, encryption, etc, I would gladly pay and would probably get rid of a lot of issues with people not backing things up.

For a little background, I had my CISCO networking certs and A+ certification 20 years ago when I was in high school, but got a job as a truck driver for my family’s business when I graduated. I have quite literally been doing everything in a vacuum with no friends or peers to lean on when it comes to technical things.
Hell, I don’t even know someone who works at a company who focuses on IT to give me a referral for an entry level job so I can learn more. You guys are really the only friends I got :heart:

Is Rsync the solution that everyone seems to be using for backups? I’ve used it in the past for transferring files between virtual machines, but never offsite over distances. Is there a way to backup like with snapshots, so you can pull different revisions to roll back lets say a file was incorrectly changed and not just lost?

I see now that I was thinking of different software, you’ll just want to use the restore tab in duplicacy then. Manual installation of authorized keys can be achieved with the CLI tool ‘ssh-copy-id’ or completely manually as in this QNAP guide.

Tailscale VPN (somewhat popular) does exactly what you’ve listed, provided your NAS supports it.

I’ll follow that step-by-step example and see what I can come up with and let you know.

should the tool ‘ssh-copy-id’ be deployed in the QNAP NAS, Unraid terminal, or in the Duplicacy docker terminal? I don’t see a way to access the terminal in Qnap.

‘ssh-copy-id’ will copy the ssh public keys from the machine that you run it on into the machine you connect to. If you want to add the keys from your Duplicacy user to the QNAP machine, you will run it as your Duplicacy user.

‘ssh-copy-id’ isn’t a valid command from the Duplicacy Docker command line.

I SSH’d into my Qnap server and was successfully able to run the command, but even though it says it was successful in creating the file and folders…I cannot find them anywhere from the terminal.

I think I’m going to go back to just using a tape drive and manually backing up files every could of days like in the before times. :unamused:

You might find SSH mastery to be useful if you want to learn more about what you can do with SSH.

A lot of times NAS software vendors will include tools for replicating between systems running the same OS, you might have a more streamlined backup experiance with an unraid backup target, possible budget issues not withstanding.

Use what’s comfortable for you :slight_smile:

You might find Jay over at LearnLinux.TV really helpfull as well. Lots of content and great presentations/walkthroughs.

https://www.learnlinux.tv/

Specifically on SSH:

Book has been ordered!

Gives me an opportunity to take a break from all this. I’ve been working this problem for the last 3 days and have gotten nowhere, so a break to collect my thoughts may be what I need.

21 Minutes into the video. I really like how he explains what he’s doing and the commands he is using.

Glad it’s useful. After that video I found this to be a great resource:

From my notes:

ssh-keygen - creates a key pair for public key authentication

ssh-copy-id - configures a public key as authorized on a server

ssh-agent - agent to hold private key for single sign-on

ssh-add - tool to add a key to the agent

scp - file transfer client with RCP-like command interface

sftp - file transfer client with FTP-like command interface

sshd - OpenSSH server

ssh-keygen -t ed25519 -f ~/.ssh/xxx_id_ed25519 -C xxx -N xxx

 ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile] [-m format] [-N new_passphrase] [-O option]
			[-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa] [-w provider] [-Z cipher]

Then copy to server
ssh-copy-id -i ~/.ssh/tatu-key-ecdsa user@host

Thanks again! I’m going to get this figured out. The last time I had these kinds of issues it was learning to mount a NFS share into a couple of virtual machines for passing files back and forth without being limited by my network’s bandwidth. It was actually during a time my employer had tuition reimbursement so I actually enrolled in a couple of college courses in hopes I could find a professor to explain it to me. I couldn’t.
I ended up paying a YouTuber and all he did was point me in a direction to a solution that made it so I didn’t need those NFS mounts. I still have no idea how to solve that problem. :joy::joy::joy:

not being an NFS guru, I can only say that sounds like either a permissions issue or an “export” issue.

UPDATE:
So, apparently Qnap’s QuFTP service doesn’t use SFTP like I was led to believe. I switched to the default SFTP port and I was able to access the NAS with my password, but wasn’t able to see my shares in the drop-down menu. However, when I copy and pasted the path I wanted from the FileZilla interface everything started working and I was able to create a backup in the share I wanted.

Now, I still haven’t configured everything to be accessed remotely or with a certificate, but at least now I can access everything and create a backup. It’s a big first step!

QuFTP is FTPS not SFTP which may explain some of your troubles - explanation of the difference

FTPS vs SFTP…that’s some branding that isn’t very friendly to anyone suffering from dyslexia :unamused:

1 Like