Configuring SFTP Storage

I’m trying to link a private SFTP server in odrive.

The configuration is as follows:

  • Synology NAS with SSH Enabled
  • NAS services (including SSH) are not exposed to the internet; accessible from the local network only
  • There is an odrive service account setup on the NAS
  • The service account has it’s own SSH Keypair (with a passphrase)
  • The service account has it’s own home directory (the default path when it logs in)
  • The service account read/write access to some locations outside of its home directory
  • I’ve created the SFTP link in the odrive web interface
  • The SFTP address uses the internal DNS FQDN for the NAS

I’ve tested that the service account can login with the SSH Key, can access the files, etc. Everything appears configured correctly. When I configure the SFTP link in the odrive web interface it adds. When I select the SFTP link in the web interface (browse), I get a yellow popup at the top of the screen:

“Cannot browse SFTP. Please check your network connection or manage your proxy settings.”

I can’t find the documentation on this now, but I believe I read that the SFTP link is initiated from the host client, not the web. Does this mean it’s not working at all, or that it just can’t be browsed from the web? Does this require the SFTP service to be exposed to the internet? Or will the client do it’s job locally and “proxy” between the cloud services and the local network? Is there a more in depth technical guide to configuring this somewhere? Not sure how to debug and if I need to expose the service, setup some kind of proxy, etc.

Hi @nathan.farrar,
When the SFTP target is not accessible from the internet you won’t be able to use the web client to access, but you should still be able to access from the odrive desktop client, as long as the SFTP server is accessible on the LAN.

What is performing the DNS resolution for the NAS FQDN? Does it work if you target the IP instead?

Can you send a diagnostic from the odrive menu so I can take a look?

Hello Tony,

  • The target is not currently accessible from the internet; are there some technical specifications to allow access to the service from odrive only (I don’t want to expose to the entire internet)?
  • My local DNS server (only accessible from inside my network) is providing the DNS resolution (this does resolve correctly from the host on which I’m running the odrive client).
  • On the local machine when I attempt to open ./odrive/SFTP.cloudf I get the message: “Unable to sync SFTP.cloudf. Your credentials are not valid.”
  • I have sent the diagnostic file.

As mentioned, I have tested that the credentials work:

  • On the server, the public key is present in /var/services/home/odrive/.ssh/authorized_keys.
  • From my local machine, I add the ssh key to the local agent with “ssh-add -i odrive_rsa”
  • From my local machine, I can then run “ssh odrive@nas.mylocaldomain.home -i odrive_rsa” with successful key authentication.

In the odrive web interface I created the SFTP Link:

  • Name: SFTP
  • Type: Private Network
  • Host: nas.mylocaldomain.home
  • Start Path: /var/services/homes/odrive
  • Max Concurrent Connections: 3
  • Login with keyfile:
  • User: odrive
  • Passphrase: The key passphrase
  • Keyfile Content: The private 4096 bit RSA key.

Hi @nathan.farrar,
The diagnostic indicates an exception being returned: “not a valid RSA private key file”

What does your rsa private key header look like in the odrive link config? For example:
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,5B9ED0141A6AB116489A2587A2D0BBAC

Does it begin with “-----BEGIN RSA PRIVATE KEY-----” and end with “-----END RSA PRIVATE KEY-----” ?

Yes it does. I pasted the entire content of the key into the web interface field.

Hi @nathan.farrar,
Can you copy and paste the header? I just want to make sure it is a configuration we have tested.