Closed Germar closed 8 years ago
(by germar)
As far as I can see there is not -i
But I don't think this is your problem. We use an own ssh-agent instance for BackInTime (due to bug #841672). And this ssh-agent should only contain those keys which where added by BIT it self. So (IMHO) there can't be to much keys.
There is a problem with password handling (bug #1431305) on which I'm currently working on. I'll push a new version which should hopefully fix this in a few minutes to our testing PPA. Would be great if you could test this (sudo add-apt-repository ppa:bit-team/testing && sudo apt-get update && sudo apt-get upgrade) and report back if problems still exist.
(by germar) Okay, for sshfs this could be done through sshfs -o ssh_command='ssh -i ~/.ssh/KEY'
(by plaxx) Thanks for the quick response!
I don't have a passphrase on my key. I tried at first but created a new one instead (since I was having issues). So I didn't tried your latest version.
I tried on a different server (at home) and I'm getting the same results but I was successful with a direct sshfs mount (using -o ssh_command to setup my key).
I realize now that I have a rather fancy .ssh/config file with strict default ciphers, host aliases and per-entry keys. If BIP is trying to ping the host first based on the name I've given in the config this will never work (its an alias to an .ssh/config entry).
Ping
failed. Host is down or wrong address.
If I give the full hostname or the IP of the machine it won't work either because of very strict default cipher list. I add exceptions overrides in my .ssh/config for old servers (which my backup servers happen to be).
With the latest version, I added in my .ssh/config an alias to an hardcoded IP address and used that address in the BIP config and I got further. It requested the passphrase specified by my .ssh/config entry for this host. Not being overridden by the one I specified in BIP.
I would have no problem with setuping a specific .ssh/config entry only with the right passwordless key and ssh cipher options for BIP but if it needs to be pingable
then it definitely limits my options.
Step by step instructions on how to reproduce the ssh-agent/sshfs environment that BIP is setuping would be awesome and I would be willing to spend some time crafting some ssh troubleshooting FAQ entry with your input. This would help users figure problems by themselves I think.
Ultimately shouldn't you specify the exact key provided by the user using the "-o ssh_command=..." or lookup if there is an entry in .ssh/config before trying to ping it and if so trust the user, ssh and sshfs to do the right thing.
(by plaxx) I found a workaround.
Create a new hostname in your /etc/hosts pointing to your server IP. Setting this hostname in BIP will satisfy the "server must be pingable requirement".
Connect to this host with ssh. This will make sure that an entry is created in your .ssh/known_hosts for this new hostname. (If you skip this test BIP will complain about a lack of entry of that server in ssh_known_host.)
Add a new entry in your .ssh/config under that hostname and set whatever cipher and/or key requirement you have.
Configure BIP to use this new hostname for ssh backups.
Profit!
I think I wouldn't have to do any of this if BIP would:
I'll check if this would be easily done.
(by germar) Good to hear that you was able to fix this. I wrote this before your last post and will post it anyways ;-)
I'll consider the '-i
Okay, with passphrase-less keys the other bug shouldn't matter.
Host must be a regular domain or IP Address. Aliases would only work if you define them in /etc/hosts.
A strict cipher list shouldn't matter as long as you leave cipher in BIT to default. This will let ssh negotiate the cipher. If you choose one in BIT this will add '-o Ciphers=
Here is what BIT does for SSH after pressing OK in Settings:
check_remote_folder: this will run a script on remote to check if snapshot folder exist and is rwx. If it doesn't exist it will create it.
script (all one line):
d=0; test -e
run with 'ssh -p
Private key specified in configuration will not override an existing key defined in ~/.ssh/config or /etc/ssh/ssh_config.
I don't think this behavior is expected since a key is explicitly defined in the profile's configuration.
Update: Removed original description since problem is better understood thanks to Germar's help.
Imported from Launchpad using lp2gh.