Setup RSync for Windows (Server) #
PROMPT: You want to use RSync to backup files from TrueNAS to Windows (Server) or vice versa. How do you set that up?
Resources: #
Prerequisites: #
- Windows Server 2022 or Windows 10/11 (I have not tested on any other versions of Windows)
Notes: #
- This was written for Windows Server. Please adjust for Windows 11 UI (or download/review the script)
- This was written with TrueNAS Scale in mind, however this process is extremely replicable for any linux system, skip over steps 11-13 if you are not using TrueNAS scale.
- UPDATE: If you previously used this configuration and then updated to Windows Server 2025, then you will need to include the ssh user in the new “OpenSSH Users” groups in lusrmgr.msc. If you were making use of the default Windows Firewall rule, you will also need to modify that to include Public and Domain under the Advanced tab. I will rewrite this page for 2025 at some point.
Steps: #
- Open Settings -> Apps -> Optional Features -> Add a Feature. Search for OpenSSH Server, and then click install.
- Open the Services snap-in (services.msc) and look for ‘OpenSSH Authentication Agent’ and ‘OpenSSH Server’. Start these two services and confirm that they are both configured for an automatic start.
- Upon the start of the OpenSSH Server (sshd) service, C:\ProgramData\ssh will be created. Open PowerShell as Admin and run the following command:
notepad C:\ProgramData\ssh\sshd_config
This will open an elevated notepad, which will allow us to modify the sshd_config file. - Modify the following lines:
- Line 34: uncomment ‘Pubkey Authentication yes’
- Line 51: uncomment ‘Password Authentication yes’ and change to no
- Line 87: comment out this line
- Line 88: comment out this line
- Save and close sshd_config. Restart the OpenSSH Server service (right-click in services.msc)
- In the Admin PowerShell window, run the following command to create a user:
net user 'insert-username' 'insert-password' /add
- Give the new user permissions to the folder that it will use for RSync. Right click on the folder -> Properties -> Security -> Advanced -> Add -> Select a Principal. Search the new user and give them modify permissions.
- Log into the machine as this new user, open File Explorer and navigate to the home directory (C:\Users'insert-username’). Create a new folder titled
.ssh
and in the folder create a file calledauthorized_keys
. Note that authorized_keys does not have a file name extension.- You can create this file as a .txt and remove the file name extension by enabling the ‘File Name Extensions’ checkbox in File Explorer under the View tab in the ribbon. Then rename the file without the .txt at the end. If you get a warning, just click OK.
- Remove the administrators group from the permissions on the new authorized_keys file. Right click the file -> Properties -> Security -> Advanced -> Disable Inheritance. Then remove the Administrators group from the permissions on the file. Click OK.
- Confirm the configuration is operational:
- On another local computer, open PowerShell and run
ssh-keygen
It will ask where to put the file, you may leave this as default. It will ask for a passphrase. Do not enter a passphrase. Note that TrueNAS does not support passphrases. - This process will create two files. One without an extension and one with a .pub extension. Navigate to where the files where created, and open the .pub file with notepad. Copy the contents.
- On the OpenSSH server, open the authorized_keys file and paste the contents. Save and close.
- On the local computer, if you did not use the default location during the creation of the keys, then be sure to copy the private key (the file without an extension) to the .ssh directory.
- On the local computer, use the PowerShell window to run the following command:
ssh 'insert-username'@ip-of-openssh-server -i 'path-to-privatekey'
where the ‘insert-username’ is the user created on the OpenSSH server. - If successful, you should be connected via SSH to the OpenSSH server.
- On another local computer, open PowerShell and run
- Open the TrueNAS web GUI and go to Credentials -> Backup Credentials. Next to SSH Keypairs, click Add. Give it an appropriate name. Generate a new keypair and copy the public key into the authorized_keys file on the OpenSSH server.
- Next to SSH Connections, click Add. Give it an appropriate name. Select Manual for the setup method. The Host is the IP of the OpenSSH server and the port should be 22. Username is the user you created earlier on the server. Choose the correct Private Key from the dropdown. Click Discover Remote Host Key and then Save the connection.
- If you wish to configure the RSync task, navigate to the Data Protection tab and Add a new Rsync Task. Be sure to specify the RSync mode as SSH, to use a SSH connection from the keychain, and choose the correct SSH connection from the dropdown.
- On the OpenSSH server, log out of the SSH user and log back in as the administrator. Go to this link and download Git for Windows.
- Run the installer with the following options:
- Click next on license.
- Leave install location default.
- Leave components default.
- Leave start menu folder default.
- Change the default editor to notepad (or whatever you like).
- Leave Git to decide names of initial branches.
- Change PATH environment to “Use Git and optional Unix tools from the Command Prompt”.
- Change SSH to use ssh already installed on system (external SSH).
- Leave HTTPS transport default.
- Leave line ending conversions as default.
- Change the terminal emulator to Windows Default Console.
- Leave default behavior of Git Pull to default.
- Leave the credential manager as default.
- Leave extra options as default.
- Leave experimental options as default.
- Go to
this link and get the latest version of the following programs: (If unavailable
here is a link to download the latest version at the time of writing.)
- rsync
- libzstd
- libxxhash
- Once all programs are downloaded, unzip and combine all usr folders into one usr folder. (Copy and paste into the same directory and choose the ‘Replace’ option when prompted.) Navigate to ‘C:\Programs Files\Git\usr’ and combine the usr folders in the same fashion.
- Run the following command to switch the default ssh shell from command shell to PowerShell:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
- Restart the OpenSSH Server service (right-click in services.msc)
- Confirm the configuration is operational:
- Back on the local computer, ssh into the Windows OpenSSH Server.
- Run
rsync --version
to confirm that You are in PowerShell and that RSync is installed. If you see the current version of RSync printed, then the configuration should be operational.
- At this point in time you can now utilize RSync on Windows Server.