Here at BackupAssist, our developers are dedicated to always staying current with evolving technology. That’s how we ensure your peace of mind that the systems and data you depend on are properly protected. A great example of this will be apparent to customers using a NAS device with our Offsite Backups add-on (formerly Rsync for BackupAssist), who will benefit from the latest update to our software, which adapts to the recent release of OpenSSH 7.0 with greatly improved encryption standards.
BackupAssist now utilizes 4096 bit RSA encryption keys when communicating with devices using OpenSSH, increasing the entropy leveraged by our software in securing your data by almost four times.
If you’re using Offsite Backups with a NAS, go ahead and update to BackupAssist v9.0.1 right now to ensure your backups adhere to the gold-standard of encryption and device security and are fully compatible with OpenSSH 7.0.
What is OpenSSH?
OpenSSH is a group of utilities that can be used to secure network traffic with the use of SSH.
In a lot of cases, NAS hardware vendors use OpenSSH to provide support for SSH connections with their NAS devices. There are two ways which authentication for an SSH connection can occur:
– User input (username, password)
– Public key cryptography (use of public/private encrypted keys)
The Update to OpenSSH 7.0
Recently OpenSSH 7.0 was released. Included in this release was the choice to disable support for Digital Signature Algorithm (DSA) keys by default due to a concern over this algorithm no longer meeting the security standards expected.
For more information regarding this, please review the future deprecation notice listed in the OpenSSH 7.0 release notes: http://www.openssh.com/txt/release-7.0 .
This version of OpenSSH is now being rolled out in the latest firmware updates from various hardware vendors such as QNAP.
What does this mean for BackupAssist?
BackupAssist utilizes public key cryptography so that it can authenticate without any user interaction being required. If you update your NAS firmware to a version that includes OpenSSH 7.0, without also updating to BackupAssist v9.0.1 (or one of our other supported versions we have now patched – more info below) you may suddenly receive a connection based error. This is because the NAS device will block the encryption keys our software used previously from being able to connect via SSH.
Therefore, if you’re using Offsite Backups with a NAS device, we recommend that you update to BackupAssist v9.0.1 to accommodate these changes that have been made to the NAS firmware. You will then need to manually re-register your backup job following the steps below:
1. Open BackupAssist
2. Click on ‘Jobs’ at the top of the BackupAssist console and select your rsync backup from the list.
3. Click on ‘Destination’ down the left hand side.
4. Click ‘Register with server…’ and input the password in the command prompt box that appears:
The above steps will need to be completed individually for each rsync job you are running. Once you’ve done this, you you will no longer receive any conflict between BackupAssist and your NAS device, and your backups will benefit from the enhanced security of 4096 bit encryption.
What if I’m using an older version of BackupAssist?
As long as it’s supported, you’ll still benefit from the improved security too. We’ve also released a patch for BackupAssist v8 (upgrade to v8.4.5 here), and BackupAssist v7 (upgrade to v7.4.6 here).
If you’re using BackupAssist v6 or earlier, then unfortunately your software is no longer supported. You will need to renew your Upgrade Protection, and upgrade to BackupAssist v9 as soon as possible if you want to benefit from the improved security of 4096 bit encryption, and continue using our Offsite Backups add-on with a NAS device.
If you have any questions regarding the implementation of 4096 bit security keys, or you need some additional help with your upgrade process, don’t hesitate to reach out to our support teams for assistance.
