duplicacy icon indicating copy to clipboard operation
duplicacy copied to clipboard
verified publisher icon gilbertchen

SFTP prompting for private key file

Open plasticrake opened this issue 7 years ago • 4 comments

The documentation here and here are vague, but I would think that using SFTP with public key (without passphrase) should just work (as it does when using ssh or sftp standalone). However I'm not seeing that behavior.

Summary:

  • Public key (without passphrase)
    • ssh-agent not running: prompts for private key file, fails unless specified
    • ssh-agent running: prompts for private key file, can press enter, WORKS but requires interaction
    • Specifying path to private key in environment variables, WORKS

Ideally this should just work without specifying an environment varible and without requiring ssh-agent. However, if ssh-agent is running it shouldn't need to prompt for the private key file.

Machines:

  • debian-source-instance Debian 4.9.110-1 (2018-07-05) x86_64
  • debian-storage-instance Debian 4.9.110-1 (2018-07-05) x86_64

duplicacy version: 2.1.1 (e8b892)

ssh works:

$ ssh duplicacy@storage-instance
Last login: Thu Oct 18 18:23:54 2018 from 10.5.5.11
$

sftp works:

$ sftp duplicacy@storage-instance
Connected to storage-instance.
sftp>

duplicacy init does not:

Note below I'm showing duplicacy init but also same behavior running duplicacy backup

Without ssh-agent runnning:

$ duplicacy -d init -storage-name test_sftp repo_sftp sftp://duplicacy@storage-instance//test
Reading the environment variable DUPLICACY_TEST_SFTP_SSH_KEY_FILE
Attempting public key authentication
Reading the environment variable DUPLICACY_TEST_SFTP_SSH_KEY_FILE
Failed to store the value to the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: dbus: DBUS_SESSION_BUS_ADDRESS not set
Enter the path of the private key file: <presses enter>
No private key file is provided
Failed to load the SFTP storage at sftp://duplicacy@storage-instance//srv/backup/duplicacy: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

With ssh-agent runnning:

$ duplicacy -d init -storage-name test_sftp repo_sftp sftp://duplicacy@storage-instance//test

duplicacy -d init -storage-name test_sftp repo_sftp sftp://duplicacy@storage-instance//srv/backup/duplicacy
Reading the environment variable DUPLICACY_TEST_SFTP_SSH_KEY_FILE
Attempting public key authentication
Attempting public key authentication via agent
Reading the environment variable DUPLICACY_TEST_SFTP_SSH_KEY_FILE
Failed to store the value to the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: dbus: DBUS_SESSION_BUS_ADDRESS not set
Enter the path of the private key file: <presses enter>
No private key file is provided
Compression level: 100
Average chunk size: 4194304
Maximum chunk size: 16777216
Minimum chunk size: 1048576
Chunk seed: 6475706c6963616379
/home/duplicacy will be backed up to sftp://duplicacy@storage-instance//srv/backup/duplicacy with id repo_sftp

** Note that I am still prompted to enter a private key file, I press enter and it continues and works **

plasticrake avatar Oct 18 '18 22:10 plasticrake

You can provide a non-empty dummy key file that points to a non-existing file:

export DUPLICACY_TEST_SFTP_SSH_KEY_FILE=xxxxx

The agent-based authentication is tried first, so if it succeeds Duplicacy won't actually attempt to read from this key file.

Another way is to use the -background option:

duplicacy -d -background init ...

gilbertchen avatar Oct 20 '18 01:10 gilbertchen

Hi @gilbertchen, the example I gave was with the agent running, it still prompts even thought it works when I just press enter. However using -background with the agent did seem to make it work. Although I don't think it should be prompting when the agent is working regardless. Also perhaps you can shed some light on -background I didn't bother trying it because the docs say it is the default (and it says to NEVER use it).

https://forum.duplicacy.com/t/global-options-details/1087:

The -background option will instruct Duplicacy not to ask for interactive password input. As a result, Duplicacy will read all credentials only from keychain/keyring or the environment variables. If a credential can’t be found, an error will be reported.

This is the default CLI usage!

This options should is useful only for duplicacy GUI and therefore should never be used by duplicacy CLI!

plasticrake avatar Oct 20 '18 18:10 plasticrake

Found this issue to solve the similar problem. While -background worked, it may be more intuitive to fallback to user input (especially if the agent is used first anyways).

Thanks for maintaining this great tool and always being so responsive!

chaseadam avatar Jun 16 '19 04:06 chaseadam

So glad I found this. Was starting to go crazy.

btilford avatar Aug 17 '22 03:08 btilford