Hardware
Synology DiskStation DS110j 1-Bay NAS - $149.99 at Amazon.com
Seagate Barracuda Green ST1500DL003 1.5TB 5900 RPM internal hd - $129.99 at Newegg.com
Power Profile
I measured the power usage in various modes with a KillAWatt.
| Mode | Power (Watts) |
|---|---|
| Standby (entered automatically after ~10 minutes of no activity) | 5.1 |
| Active w/o disk activity | 10.1 |
| During backup | 10.9 |
Initial Setup
Follow included instructions to install hd and DiskStation Manager software.
Enable SSH
Use the web interface to enable ssh. I like to change the ssh port from the default. I've found that in practice, this cuts down almost all automated ssh-based hack attempts. To change this setting, ssh to the box as root (same pw as admin in the web interface), then edit DS:/etc/ssh/sshd_config to add the setting:
Port ####(whatever port you want to use). Also add to SOURCE:/root/.ssh/config
Host DS # whatever the DS hostname is
Port ####
After any change to sshd settings, you'll need to restart the ssh server. You can do this through the web interface by disabling and then re-enabling ssh.
Enable Automated Login
My backup runs as a cron job in the middle of the night, so it needs to be able to ssh login to the DS without prompting for a password. Public key authentication is the way to do this.
In my setup, I am backing up one source to multiple destinations (one local rdiff-backup and the DS for off-site rdiff-backup). Therefore, I prefer to put the rdiff-backup config on the source and push rather than pull my backups. Follow these instructions, where A is the SOURCE side (initiating the rdiff-backup session), and B is the DS side. I used the root account on both sides.
Suppose there are multiple remote hosts for which you want automated logins. You can reuse the same key pair, or set up multiple pairs. Assuming the latter case, rename the private key to something like id_rsa_synology (should also rename public key similarly so you remember which keys are part of the same pair). Also add to SOURCE:/root/.ssh/config (under the DS host section):
IdentityFile /root/.ssh/id_rsa_synology
You may also need to explicitly enable public key authentication on the DS. Again in DS:/etc/ssh/sshd_config:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Install Package Manager
Synology uses a package manager called ipkg. Install it by following these instructions.
Install rdiff-backup
Following these instructions.
Setup Non-interactive Environment
When rdiff-backup connects to the DS over ssh, it is a non-interactive session. This mode omits a lot of the environment setup that normally happens when you log in interactively. In particular, the PATH is different:
Interactive:
Non-interactive:
DiskStation1> echo $PATH
/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/syno/bin:/usr/syno/sbin:/usr/local/bin:/usr/local/sbin
Non-interactive:
root@local:~# ssh nas1 'echo $PATH'
/usr/bin:/bin:/usr/sbin:/sbin:/usr/syno/bin
The critical difference in this case is that /opt/bin is missing in the non-interactive path. rdiff-backup requires the rdiff-backup executable to be in the path on the remote side. To set the path for non-interactive ssh sessions, add to DS:/etc/ssh/sshd_config
PermitUserEnvironment yesand create DS:~/.ssh/environment containing
PATH=/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/syno/binDiskStation Hostname
Assuming you don't have a static IP to assign to your DS, you can use dynamic dns to maintain a consistent hostname by which you can reach it. This is functionality is built in to the DS web interface.
Conclusion
Now just park the DS at a friend/family member's house, and viola, 1.5TB of online, offsite, secure storage, with no recurring costs for several years. You'll probably have to set up port forwarding on the router that the DS is connected to, so you can connect to it from the outside. Just use the same port you set up for sshd.
