Diskless Linux boot using ZFS, iSCSI & PXE

https://aniket.foo/posts/20260505-netboot/

#Linux #zfs #iSCSI #PXE #netboot

its only been a month since i put my new home server together, and a disk is already failing

good thing i have zfs?

#selfhosting #homelab #zfs

Remember gang, if you are in Canada it's Zed F S eh?

#BSDCan #ZFS

Let's not throw away the entire disk eh?

#ZFS #BSDCan

I love this new feature of ZFS. Guess I can buy some larger disks now!

#FreeBSD #BSD #BSDCan #ZFS

Setting up send/receive users for Syncoid replication over ssh

Hi all. Would appreciate some help if you can set me straight on remote replication setup. Sorry if it’s kind of a convoluted question.

I’m trying to set up two machines to do replication over tailscale, a main NAS and then a smaller one offsite as a backup. I’m using Syncoid and systemd timers to schedule replications.

I’ve seen several posts and guides that recommend using dedicated non-root user accounts to handle the replication process. Make user sendbot on machine A and user receivebot on machine B, give them access to replication using ZFS delegation, and let them send and receive over ssh without exposing root. Sounds great, I like this plan.

I’ve been digging, but I can’t really find much on how to actually set up the sendbot/receivebot accounts. The suggestions and tutorials mostly just gloss over that part and move on to ZFS delegation. Been using linux as a desktop for years, but never really got deep into user config and ssh until recently, and I’m still trying to wrap my brain around some of it.

The thing I don’t get is shell access and ssh with this setup. If I make an account with loginShell=/sbin/nologin, then I can’t connect manually through ssh to login and run commands. (Right?) But I’m not sure whether a system with an ssh key can still connect to a nologin account (with the corresponding public key) and run the command. Most of the things I’ve read seem to say that nologin blocks ssh regardless of password or key, but there’s always someone with an “actually, you can get around that by…” so I’m kinda confused.

My understanding is that I should make both users system accounts. Both need home directories for the keys and authorized keys stored in ~/.ssh. (Unless there’s a way to store those someplace else where the users can access them without twisting the whole system into a pretzel?) Is this the way to go about this?

The account on the machine that initiates the replication (regardless of push or pull) probably doesn’t need a login shell, since it’s starting the ssh and won’t be ssh’d into. Is this correct?

What about the machine NOT initiating, the one that gets ssh’d into? Does it need shell access to work with an ssh key stored on the other machine?

2 posts - 2 participants

Read full topic

#zfs