Sync two Readynas over internet using rsync (and ssh)

I am trying to sync two ReadyNAS' over the internet using rsync backup jobs.  NAS1 in location 1.  NAS2 in location 2.

I am pushing a share from NAS1 to NAS2 (called share1 on each NAS).

When I arrive at location 2, I will then copy share1 to share2. Whilst at location 2, I work on files in share2.

Then I am pulling share2 back from NAS2 onto NAS1 and doing a PC based file sync and compare (using FreeFileSync and networked mapped drives), when I arrive back to location 1. 

I have both backup jobs configured on the NAS at location1 (push and pull).  The question I have is how do I set-up rsync over SSH in this situation?  I have read this knowledge base instruction a few times and managed to confuse myself as I am trying to configure a NAS at each end.  I am new to configuring public and private key encryption.  What I presumed was:

• I enable SSH on the NAS at both locations
• I create a specific rsync_over_ssh user on NAS2 to accept the inbound connections over SSH (with a strong password and without shell access)
• [Presume rsync_over_ssh user needs read & write access to share 1 and read access to share 2 (on NAS2)]
• I create a public key when enabling SSH on NAS1 ("Download SSH key file")
• I then use this file and "Import Public Key" on the rsync_over_ssh user on NAS2

In terms of routing the internet traffic and remaining secure, I presume I need to:

• NAT the rsync over SSH (presume just SSH port 22 and not the rsync port 873) at location 2 to enable the inbound push and pull jobs
• Create DDNS at location 2 to map the backup jobs to a static location
• Disable uPNP on routers at both locations to prevent automatic port 22 opening up after I enable SSH on both NAS'

Apologies for the length of the question but I just want to check this out as testing in live and getting it wrong may present a security issue

Many thanks,

Jon