How to obscure password for sftp

jcwillox / hassio-rclone-backup

Home Assistant addon to automatically sync backups to remote locations using Rclone

MIT License

120 stars 20 forks source link

How to obscure password for sftp #1

Closed JohannCR closed 3 years ago

JohannCR commented 3 years ago

Hi, awesome addon ! Trying to make it work for sftp is a little bit hard though... I guessed by looking at the default config and the rclone.org doc that one needs to create a config file in this format

[remote] type = sftp host = IP user = username port = 22 pass = obscured password

Except, I don't know how to obscure the password... Can someone explain the process ? I've looked at the doc (https://rclone.org/commands/rclone_obscure/) it explains the "what" very well, but I don't understand the "how" ^^

Can't we use HA !secret ?

jcwillox commented 3 years ago

I'd recommend just installing rclone on your computer, and running the rclone config command then following the prompts it gives you. Rclone will then generate the rclone.conf file for you at ~/.config/rclone/rclone.conf which you can then copy over to HA. That's how I've been using.

Except, I don't know how to obscure the password... Can someone explain the process ? I've looked at the doc (https://rclone.org/commands/rclone_obscure/) it explains the "what" very well, but I don't understand the "how" ^^

you'll need to have access to the rclone command, i.e. by installing it on your computer, then you should just be able to run rclone obscure "mysecretpassword"

Can't we use HA !secret ?

While I could technically add support for !secret its would be kind of a hacky fix, the rclone.conf file is entirely controller by rclone itself, neither HA nor the addon actually interact with it directly.

JohannCR commented 3 years ago

Thanks ! I just tried but it gives me

Failed to create file system for "remote:/share/HA": NewFs: couldn't connect SSH: ssh: handshake failed: read tcp 172.30.33.6:47006->192.168.68.115:22: read: connection reset by peer

While the exact same parameters (IP, port, logins) work with Filezilla no problem... Maybe I should indicate that I'm running HA on a debian virtual machine on a synology NAS. Any pointer ? I feel so close to the goal ^^

Edit: Oh my it looks like a firewall block... Nope. All good from the firewall rules. I don't get why it doesn't work.

jcwillox commented 3 years ago

Seems to be failing to connect, can you get rclone to work on your local machine? Or did ssh maybe ban HA's IP for too many failed login attempts?

JohannCR commented 3 years ago

You're right, I unblocked the IP, but the error only slightly changed, looks like obscuring the password did not work, maybe I did it wrong

Failed to create file system for "remote:/share/HA": NewFs: couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain

edit : I tried rclone obscure password and I tried rclone config. Since the filesystem is a headache with the virtual machine I could only open the config file and copy the obscured password. Tomorrow I'll do that again in case it was a copy/paste error. Thanks for your help, will update later on