I’ve got CrashPlan running on my FreeNAS-based home server, and it is going smoothly. It was kinda pain to get it working (java problems, CrashPlan upgrades, and stuff like that), but now it has been behaving itself for a few months.
Still, every now and then I want to check on it to keep track of the upload progress, change a few settings and what not.
Since I also run CrashPlan on my Mac, it has always been a pain to reconfigure everything each time I wanted to control the instance running in the FreeNAS jail and then back to the Mac’s.
Also, a while back CrashPlan changed their daemon-GUI authentication scheme: previously you just had to connect to the proper port on the right IP, now it also needs a token that seems to change randomly. It looks like it changes whenever the backup service restarts, but I’m not really sure, as my Mac’s doesn’t seem to change nearly as often, and my Macs power cycles way more than my server, but that’s an argument for another day. Also, the port seems to be randomly changing as well, so don’t even get me started about that.
Anyway, I had to find a way to get the current token, put it in the proper CrashPlan GUI’s config file (which is
/Library/Application Support/CrashPlan/.ui_info in OS X), launch the GUI, do my business, close it and the put everything back.
To accomplish that, the first thing you need to do is to enable SSHd in the jail: connect to your main FreeNAS, type
jls to get a list of all the running jails, and take note of CrashPlan’s JID.
[root@zeus] ~# jls
JID IP Address Hostname Path
1 - VBox /mnt/Archivio/jails/VBox
2 - couchpotato_1 /mnt/Archivio/jails/couchpotato_1
3 - crashplan_2 /mnt/Archivio/jails/crashplan_2
4 - plexmediaserver_1 /mnt/Archivio/jails/plexmediaserver_1
6 - sonarr_1 /mnt/Archivio/jails/sonarr_1
7 - transmission_1 /mnt/Archivio/jails/transmission_1
As you can see, mine is 3. So let’s connect to the jail:
jexec 3 csh (which means launch the csh shell on jail number 3).
Now you need to edit the jail’s
/etc/rc.conf, in order to have the SSH server start with the jail. You can do so by adding the following line:
(Or, if present and set to NO, just switch it to YES and save the file.)
Now just start the SSH server with
service ssh start.
The next step is to add a user to the jail: we’ll be using this instead of root to connect to it. Run
adduser and follow the instructions. In the rest of this post the user will be luca. Why? Well, because reasons.
Now switch to the newly created user and create a
.ssh directory in the home directory.
Now it’s a good time to copy the SSH public key of your Mac’s account, which you can find in
~/.ssh/id_rsa.pub. Copy it to the clipboard:
cat ~/.ssh/id_rsa.pub | bcopy
Back to the jail, paste it into the
echo "PASTE HERE YOUR PUBLIC KEY" >> ~/.ssh/authorized_keys
After all this hard work, we can finally test our setup. Open a new terminal window/tab and try to connect (you’ll find the jail’s IP address in the FreeNAS web UI).
Of course replace luca with your user and the IP with the correct one. If all worked as it should, you’ll be asked (for the first time only) to accept the server’s RSA fingerprint, and then you’ll be logged in without needing a password.
Now that we have a working SSH server, let’s get to the main part of all this madness. Here’s my script,
First, adjust line 8 and 9 replacing the placeholder user and IP with the one you set earlier.
Make the script executable (
chmod +x /path/to/crashplan_remote.sh) and put it somewhere in your PATH (may I suggest
Before launching the script, I feel I should explain what it does. First of all it makes a backup of your current local GUI settings (root privileges needed here), then it connects to the jail, retrives the current token and port to connect to the service, puts them in the .ui_info config file (again, root required), creates an SSH tunnel that is used to avoid having the CrashPlan service directly exposed to the network (by default it listens on 127.0.0.1 only). Once the tunnel is established, it launches the CrashPlan GUI, which will now communicate with the remote service. Once you close it, the tunnel will be closed as well and the local settings will be put back in place (root privileges required).
If you’ve read this far, you just have to launch crashplan_remote.sh and the script will take care of everything for you. It will even tell you what it is doing, here’s the output I get:
[luca @ MBP-Luca-eth in ~ ✅ ] $ crashplan_remote.sh
Password: (I entered my password here, required by sudo)
.ui_info updated, creating SSH tunnel...
SSH tunnel established, launching CrashPlan Desktop
CrashPlan Desktop closed, terminating SSH tunnel...
Exit request sent.
Restoring local CrashPlan settings...