Sftp password confusion

truthsword · 16 November 2022 23:02

Running Duplicacy in Debian via CLI.

I have a working backup, but need to get the sftp password to be automatically passed.

I ran this command and it seemed OK

duplicacy set -storage destination2 -key ssh_password -value qwerty

Which yielded…
New options for storage sftp://me@192.168.1.10//Duplicacy/deb_test have been saved

So far, so good… maybe.

So I ran the backup…
duplicacy backup -storage destination2

Which yielded.
Storage set to sftp://me@192.168.1.10//Duplicacy/deb_test
Enter the path of the private key file:

At this point I’m clueless. I thought the set command took care of that.

What am I doing wrong? Thanks!

EDIT1: The preferences file shows my password truncated, with only the first 2 characters and last 3 characters in quotes. I wasn’t sure whether this was intentional, so I edit “preferences” with the full password. But that did not help. I’m still asked for a key file location. I’ve tried both …/.duplicacy and …/.duplicacy/preferences, but those do nothing but throw errors.

EDIT2: To clarify… the SFTP target is a Synology NAS running DSM 6.2.

gchen · 17 November 2022 03:37

If it asks for a private key file then it means that password-based authentication failed. You can add a -d option to show more detailed log messages:

duplicacy -d backup -storage destination2

Also, does ssh work with the same username and password?

truthsword · 17 November 2022 04:02

Yes, SSH works with username and password.

Started over with fresh attempt
Init worked fine
First backup ran fine when manually entering password
Ran duplicacy set -key ssh_password -value qwerty for “default”. No errors.
Ran second backup… asked for keyfile

duplicacy -d backup (for default)

Result:

Storage set to sftp://user@192.168.1.10//Duplicacy/deb_test
Reading the environment variable DUPLICACY_SSH_KEY_FILE
Attempting password login
Reading the environment variable DUPLICACY_SSH_PASSWORD
Reading ssh_password from preferences
Attempting public key authentication
Reading the environment variable DUPLICACY_SSH_KEY_FILE
Failed to get the value from the keyring: Unable to open dbus session &{%!s(*dbus.Conn=&{0xc0003da4f0 0xc000422480 true 3d05a9b9e04cd8284b3f02406375afca [:1.5] {{0 0} 0 0 0 0} {0 0} 3 map[0:true] map[] {{0 0} 0 0 0 0} 0xc0004223c0 0xc00007ee40 false {{0 0} 0 0 0 0} 0xc000041780 <nil> {0 0}}) org.freedesktop.secrets /org/freedesktop/secrets}: The name org.freedesktop.secrets was not provided by any .service files

Enter the path of the private key file:

Thanks for your help.

gchen · 17 November 2022 04:27

Try setting the password in the environment variable DUPLICACY_SSH_PASSWORD:

export DUPLICACY_SSH_PASSWORD=password

truthsword · 17 November 2022 14:51

No change

duplicacy -d  backup
Storage set to sftp://me@192.168.96.1//Duplicacy/deb_test
Reading the environment variable DUPLICACY_SSH_KEY_FILE
Attempting password login
Reading the environment variable DUPLICACY_SSH_PASSWORD
Attempting public key authentication
Reading the environment variable DUPLICACY_SSH_KEY_FILE
Failed to get the value from the keyring: Unable to open dbus session &{%!s(*dbus.Conn=&{0xc0003ea4f0 0xc000432480 true 89ae846171a6e54426414eb8637648dd [:1.1] {{0 0} 0 0 0 0} {0 0} 3 map[0:true] map[] {{0 0} 0 0 0 0} 0xc0004323c0 0xc00007ce40 false {{0 0} 0 0 0 0} 0xc00003f780 <nil> {0 0}}) org.freedesktop.secrets /org/freedesktop/secrets}: The name org.freedesktop.secrets was not provided by any .service files

Enter the path of the private key file:

When I look in directory .duplicacy, all I see is cache, known_hosts, preferences. But there is no “keyring” file that would contain “ssh_password”:

Why is that? Am I missing a dependency? This is a headless Debian installation.

sevimo · 17 November 2022 15:40

You can put a list of keys/values under “keys” field in the preferences file. But passwords on Linux would normally be stored in a keyring, and this is something that your is failing to open as it is unable to open dbus session. You can try to see what’s in your keyring (if anything) with lssecret or secret-tool. You may need to run dbus-run-session and unlock the keyring first.

truthsword · 17 November 2022 15:50

Thanks for replying.

lssecret and secret-tool are not available commands. I’m not sure what to do with dbus-run-session. When I ran that I got:
dbus-run-session: a non-option argument is required

Something fundamental is wrong. Again I started with fresh init, but added encryption (-e) options as such:
duplicacy init -e bkup sftp://me@192.168.96.10//Duplicacy/deb_test

This stalled for a few seconds and then asked for the key location
Enter the path of the private key file:

So the init failed. Why? Am I missing a dependency package to do this?

Do I need to install debian-keyring? Or other?

upssnowman · 17 November 2022 16:29

I’ve been through this issue myself. I use Debian based Linux as well.

Does your ssh key use a passphrase?

I don’t use a passphrase for my keys and I was able to get this to work without messing around with the keyring.

I’ll go through my notes and let you know what worked for me

truthsword · 17 November 2022 18:15

No passphrase, just the password for SSH access.

Thank you.

upssnowman · 17 November 2022 18:27

I’m glad it’s not yet me. I’m not trying to be disrespectful because I like Duplicacy and I even paid and have a current 2 year license but the documentation can be lacking and confusing.

Here is how I configured mine.

I have an sftp that I can connect to outside of duplicacy by just using my ssh key. I do not have a passphrase for my key. Just a straight up ssh or sftp connects with the key and not messing with any keyrings.

Here is how I initialized my backup.

duplicacy init -e -storage-name nachostorage -repository /home/poochie/Photos photosbackup sftp://poochie@nacho/photobackup

I like to specify a storage name but I know it’s optional. Specifying a name makes it easy to add multiple backups, etc.

Here is where duplicacy becomes confusing.

Here is the output from the init command:

$ duplicacy init -e -storage-name nachostorage -repository /home/poochie/Photos photosbackup sftp://poochie@nacho/photobackup
Enter SSH password:
Enter the path of the private key file:
No private key file is provided
Enter storage password for sftp://poochie@nacho/photobackup:***********
Re-enter storage password:***********
/home/poochie/Photos will be backed up to sftp://poochie@nacho/photobackup with id photosbackup

If you have an ssh key that works connecting to your sftp without a passphrase like I do, you have to just leave “Enter SSH password:” and “Enter the path of the private key file:” blank and just hit “enter” on your keyboard until you get to the storage password prompt. Pick a password for that.

So now you’ll want to configure duplicacy to accept your key automatically.

You have to set 3 things:

The storage password that you chose.
The ssh password which in my example is blank
The location of your private ssh key. This should be your home directory’s .ssh subdirectory.

Here’s how you configure these

For the ssh password (which is blank for me)

duplicacy set -storage nachostorage -key “nachostorage_ssh_password” -value ’ ’

For the private key

duplicacy set -storage nachostorage -key “nachostorage_ssh_key_file” -value ‘/home/poochie/.ssh/id_rsa’

For the storage password

duplicacy set -storage nachostorage -key “nachostorage_password” -value ‘mysecretstoragepassword’

Obviously you need to change “nachostorage” to whatever storage name you use.

And here is the backup with NO password or key prompts.

$ duplicacy backup
Repository set to /home/poochie/Photos
Storage set to sftp://poochie@nacho/photobackup
No previous backup found
Listing all chunks
Indexing /home/poochie/Photos
Parsing filter file /home/poochie/.duplicacy/filters
Loaded 0 include/exclude pattern(s)
Packed profile.png (133686)
Packed hat.png (50282)
Backup for /home/poochie/Photos at revision 1 completed

Also as you can see not fussing around with keyrings or any crap like that!

truthsword · 17 November 2022 19:21

Thanks for that. I’m reviewing now how to set up a key. It’s odd that I can SSH in from Debian to Synology, but sftp can’t get past init (subsyten request failed). I had been using a unique ssh port, but I dropped back to 22 until I figure this out.

Currently I’m running Duplicacy web on the Synologu (docker) and Duplicacy CLI on Windows (which is backing up to this same Synology NAS). Who knew that plain vanilla Debian would be so confusing.

upssnowman · 17 November 2022 19:27

I can recreate my setup flawlessly after lots of trial and error. But I’m 100% Linux so I can’t vouch for anything Windows related.

truthsword · 17 November 2022 20:07

I’m a little confused with your SFTP path naming convention.
In my case, my ssh is me@192.168.1.10, and my back up is intended to be at /Duplicacy/deb_test (technically, /volume1/Duplicacy/deb_test), and I am issuing the init command from the repo directory. So this should work…

duplicacy init mywork sftp://user@192.168.1.10//Duplicacy/deb_test

But that fails after copying in the SSH password for the backup destination.

Enter SSH password:**********
Failed to load the SFTP storage at sftp://mr.bob@192.168.96.10//Duplicacy/deb_test: ssh: subsystem request failed

What makes this odd… is that a few minutes earlier, I added an authorized key to the NAS, which enables me to SSH in without a password. But here… the password is still asked. I’ve assumed that this ssh password is for the 192.168.1.10 backup machine…

So, I am stuck at the very first part of your write-up/

upssnowman · 17 November 2022 20:13

What is the exact command you run to connect to this server outside of duplicacy?

Not sure if you need the double slashes…

Maybe try it like one of these:

duplicacy init mywork sftp://user@192.168.1.10/Duplicacy/deb_test

duplicacy init mywork sftp://user@192.168.1.10/volume1/Duplicacy/deb_test

As I said I’m not a WIndows guy

truthsword · 17 November 2022 21:00

ssh me@192.168.1.10

Didn’t mean to confuse you. This is not Windows. It is Debian backed up to Synology NAS.

After setting the SSH key in the NAS, and restarting the NAS, here is what I got, from init to final fail after set command…

duplicacy init bkup sftp://me@192.168.1.10:2299//Duplicacy/deb_test
Enter SSH password:**********
/home/me/downloads will be backed up to sftp://me@192.168.1.10:2299//Duplicacy/deb_test with id bkup
me@debi:~/downloads$ duplicacy backup -stats
Storage set to sftp://me@192.168.1.10:2299//Duplicacy/deb_test
Enter SSH password:**********
No previous backup found
Listing all chunks
Indexing /home/me/downloads
Parsing filter file /home/me/downloads/.duplicacy/filters
Loaded 0 include/exclude pattern(s)
Uploaded chunk 0 size 37057, 36KB/s 00:00:01 100.0%
Uploaded Job.log (31207)
Uploaded veeam-release-deb_1.0.8_amd64.deb (5850)
Backup for /home/me/downloads at revision 1 completed
Files: 4 total, 36K bytes; 2 new, 36K bytes
File chunks: 1 total, 36K bytes; 1 new, 36K bytes, 13K bytes uploaded
Metadata chunks: 3 total, 358 bytes; 3 new, 358 bytes, 368 bytes uploaded
All chunks: 4 total, 36K bytes; 4 new, 36K bytes, 13K bytes uploaded
Total running time: 00:00:01
me@debi:~/downloads$ duplicacy set -key ssh_password -value dbhjujukk
New options for storage sftp://me@192.168.1.10:2299//Duplicacy/deb_test have been saved
me@debi:~/downloads$ duplicacy backup -stats
Storage set to sftp://me@192.168.1.10:2299//Duplicacy/deb_test
Enter the path of the private key file:
No private key file is provided
Failed to load the SFTP storage at sftp://me@192.168.1.10:2299//Duplicacy/deb_test: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password publickey], no supported methods remain
me@debi:~/downloads$

In summary

Init worked
First backup worked
Set command seemed to work (no errors present)
Second backup asked for path of private key file (Debian?). I just hit enter (blank)

truthsword · 17 November 2022 21:32

WINNER!. This was the trick

Enter SSH password:**********
/home/me/downloads will be backed up to sftp://me@192.168.1.10:2299//Duplicacy/deb_test with id bkup
me@debi:~/downloads$ duplicacy set -key 'ssh_key_file' -value '/home/me/.ssh/id_rsa'
New options for storage sftp://me@192.168.1.10:2299//Duplicacy/deb_test have been saved
me@debi:~/downloads$ duplicacy backup -stats
Storage set to sftp://me@192.168.1.10:2299//Duplicacy/deb_test
No previous backup found
Listing all chunks
Indexing /home/me/downloads
Parsing filter file /home/me/downloads/.duplicacy/filters
Loaded 0 include/exclude pattern(s)
Uploaded chunk 0 size 37057, 36KB/s 00:00:01 100.0%
Uploaded Job.log (31207)
Uploaded release-deb_1.0.8_amd64.deb (5850)
Backup for /home/me/downloads at revision 1 completed
Files: 4 total, 36K bytes; 2 new, 36K bytes
File chunks: 1 total, 36K bytes; 1 new, 36K bytes, 13K bytes uploaded
Metadata chunks: 3 total, 358 bytes; 3 new, 358 bytes, 368 bytes uploaded
All chunks: 4 total, 36K bytes; 4 new, 36K bytes, 13K bytes uploaded
Total running time: 00:00:01

While I couldn’t figure out the password issue, the keyfile took care of that. Thanks for the tim spent summarizing your process.

upssnowman · 17 November 2022 21:47

Glad that worked!!!

I honestly do love Duplicacy and everyone is great but I told you the documentation can be lacking sometimes

upssnowman · 17 November 2022 21:56

Oh if you are still having the password issue for SSH, you need to set it blank if you really don’t have a password for ssh.

In my example:

duplicacy set -storage nachostorage -key “nachostorage_ssh_password” -value ’ ’

system · 27 November 2022 21:57

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.