Open ghost opened 7 years ago
Cronjobs can't access your users keyring. That's why I added the Cache Password for Cron
. Please activate it.
OK, I can try this. But I have a nearly identical set-up on another computer (BiT 1.1.12 on Xubuntu 16.04 LTS, only in this case 64 bit), where I use ssh without encryption for backup. On this machine I also did not select Cache Password for Cron
, yet it works with anacron without being asked to enter manually the ssh key. Something seems to be inconsistent.
Just in case it is important, on both machines I can do ssh to the target machine from a terminal without entering the password.
Just in case it is important, on both machines I can do ssh to the target machine from a terminal without entering the password.
So there is no password on the machine without encryption :wink:
Both machines are set-up with password-protected private ssh keys. The file id_rsa
contains Proc-Type: 4,ENCRYPTED
, also ssh-keygen -y
request the password on both.
The difference I find is that the Gnome Keyring contains an entry "Password for 'profile_id_1' on 'backintime/ssh" on the machine where it works, whereas there is no such entry on the machine where it does not work.
Oh, sorry. I misunderstood that.
Please run env -i backintime --debug --backup-job
in Terminal and post the output.
For running this test, I disabled Cache Password for Cron
again (with that option the anacron backup worked as expected without asking the password). I get the following output (but I wonder if I should make it actually run the backup by reducing the time for anacron, because at the end it now says 'not scheduled to run now'?).
$ env -i backintime --debug --backup-job
$ DEBUG: [common/backintime.py:509 arg_parse] Arguments: {'func': <function aliasParser at 0xb63a3adc>, 'debug': True, 'replace': '--backup-job', 'alias': 'backup-job'} | unknownArgs: []
INFO: [common/backintime.py:563 aliasParser] Run command 'backup-job' instead of argument '--backup-job' due to backwards compatibility.
DEBUG: [common/backintime.py:509 arg_parse] Arguments: {'func': <function backupJob at 0xb63a3d1c>, 'debug': True, 'command': 'backup-job'} | unknownArgs: []
Back In Time
Version: 1.1.12
Back In Time comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions; type `backintime --license' for details.
DEBUG: [common/backintime.py:576 getConfig] config file: /home/oliver/.config/backintime/config
DEBUG: [common/backintime.py:577 getConfig] profiles: ['1']
DEBUG: [common/pluginmanager.py:88 PluginManager.load_plugins] Register plugin path /usr/share/backintime/plugins
DEBUG: [common/pluginmanager.py:104 PluginManager.load_plugins] Add plugin qt4plugin.py
DEBUG: [common/pluginmanager.py:104 PluginManager.load_plugins] Add plugin notifyplugin.py
DEBUG: [common/pluginmanager.py:104 PluginManager.load_plugins] Add plugin userscriptsplugin.py
DEBUG: [common/snapshots.py:774 Snapshots.get_snapshots_list] Failed to get snapshots list: [Errno 2] No such file or directory: '/home/oliver/.local/share/backintime/mnt/1_4128/backintime'
DEBUG: [common/snapshots.py:947 Snapshots.has_old_snapshots] Found old snapshots: False
INFO: [common/snapshots.py:970 Snapshots.take_snapshot] Profile "Main profile" is not scheduled to run now.
Oh, sorry. Sure, I forgot to mention this. You can alternative run env -i backintime --debug backup
which will force to take a new snapshot.
With this command I was asked again the two passwords and got the following output. The line starting DEBUG: [common/sshtools.py:192 SSH.unlock_ssh_agent]
was printed after the first ssh password was entered, the line DEBUG: [common/encfstools.py:265 EncFS_SSH.mount]
after the second encryption password.
$ env -i backintime --debug backup
DEBUG: [common/backintime.py:509 arg_parse] Arguments: {'func': <function backup at 0xb634ac44>, 'command': 'backup', 'debug': True} | unknownArgs: []
Back In Time
Version: 1.1.12
Back In Time comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions; type `backintime --license' for details.
DEBUG: [common/backintime.py:576 getConfig] config file: /home/oliver/.config/backintime/config
DEBUG: [common/backintime.py:577 getConfig] profiles: ['1']
DEBUG: [common/pluginmanager.py:88 PluginManager.load_plugins] Register plugin path /usr/share/backintime/plugins
DEBUG: [common/pluginmanager.py:104 PluginManager.load_plugins] Add plugin qt4plugin.py
DEBUG: [common/pluginmanager.py:104 PluginManager.load_plugins] Add plugin notifyplugin.py
DEBUG: [common/pluginmanager.py:104 PluginManager.load_plugins] Add plugin userscriptsplugin.py
DEBUG: [common/snapshots.py:774 Snapshots.get_snapshots_list] Failed to get snapshots list: [Errno 2] No such file or directory: '/home/oliver/.local/share/backintime/mnt/1_5298/backintime'
DEBUG: [common/snapshots.py:947 Snapshots.has_old_snapshots] Found old snapshots: False
DEBUG: [common/snapshots.py:1984 Snapshots.flockExclusive] Set flock /tmp/backintime.lock
INFO: [common/snapshots.py:985 Snapshots.take_snapshot] Lock
INFO: [common/tools.py:803 inhibitSuspend] Inhibit Suspend started. Reason: take snapshot
DEBUG: [common/tools.py:611 keyring_supported] Found appropriate keyring 'keyring.backends.file'
DEBUG: [common/tools.py:611 keyring_supported] Found appropriate keyring 'keyring.backends.file'
DEBUG: [common/sshtools.py:192 SSH.unlock_ssh_agent] Add private key /home/oliver/.ssh/id_rsa to ssh agent
DEBUG: [common/sshtools.py:197 SSH.unlock_ssh_agent] Password available: True
DEBUG: [common/sshtools.py:213 SSH.unlock_ssh_agent] Provide password through temp FIFO
DEBUG: [common/encfstools.py:265 EncFS_SSH.mount] Mount sshfs
DEBUG: [common/mount.py:300 SSH.mountprocess_lock_acquire] Acquire mountprocess lock /home/oliver/.local/share/backintime/mnt/5298.lock
DEBUG: [common/sshtools.py:374 SSH.check_ping_host] Check ping host
DEBUG: [common/sshtools.py:383 SSH.check_ping_host] Host ihp-pc49.ethz.ch is available
DEBUG: [common/sshtools.py:248 SSH.check_fuse] Check fuse
DEBUG: [common/sshtools.py:250 SSH.check_fuse] sshfs is missing
DEBUG: [common/mount.py:309 SSH.mountprocess_lock_release] Release mountprocess lock /home/oliver/.local/share/backintime/mnt/5298.lock
ERROR: [common/snapshots.py:996 Snapshots.take_snapshot] sshfs not found. Please install e.g. 'apt-get install sshfs'
INFO: [common/snapshots.py:998 Snapshots.take_snapshot] Unlock
Hu! sshfs is missing
how comes this?
But the main issue is Found appropriate keyring 'keyring.backends.file'
. BiT has a whitelist of backends that are allowed. keyring.backends.file
is not one of them.
Is python3-secretstorage
installed? Please post the output of dpkg -l | grep 'python3-keyring\|python3-secretstorage'
Output is as follows
$ dpkg -l | grep 'python3-keyring\|python3-secretstorage'
ii python3-keyring 7.3-1ubuntu1 all store and access your passwords safely - Python 3 version of the package
ii python3-secretstorage 2.1.3-1 all Python module for storing secrets - Python 3.x version
Oh, sorry. I forgot the false positive Found appropriate keyring 'keyring.backends.file'
message was just a logic error in the debug message.
And sshfs is missing
is because missing PATH
. So the correct test command would be env -i PATH=/usr/sbin:/usr/bin:/sbin:/bin backintime --debug backup
I was able to reproduce this and understand now what you mean when you said it's inconsistent. Will have a look soon.
Keyrings & Co are not "my topic". This is a maybe related Debian issue https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998105
I have fixed some issues in the keyring logic of BiT. Would it be possible to use the most-recent dev version to re-test your issue and report if it still exists?
I was able to reproduce this and understand now what you mean when you said it's inconsistent. Will have a look soon.
@Germar Your comment is six years old so I don't expect you to remember that detail (but if it would be helpful and be honored with a "master mind" badge ;-)
Sorry I can't remember without diving deep into it again. But I do remember having the same Bug every now and then on my own machine until I replaced BiT
I set up a non-root, encrypted ssh backup, with 'Safe Passwords to Keyring' selected. This works flawlessly if manually started in the BiT GUI with 'Take snapshot'. If running automatically (I tried repeatedly by anacron and 'at boot') I am still asked each time to enter both ssh and encryption passwords manually when I am logged in. The 'Cache Password for Cron' option is not selected.
I do find two credentials with the correct passwords stored in the Keyring: "Password for 'profile_id_1' on ''backintime/ssh_encfs" "Password for 'profile_id_1' on ''backintime/ssh_encfs_2"
Version information: BiT 1.1.12 on Xubuntu 16.04 LTS (32 bit).
On some different computers I have set-up unencrypted ssh backups, which works all as expected.