Just got this message:
Failed to connect: Failed to parse the keyfile, check the key format and passphrase. Error message was openssh key type: ssh-rsa is not supported
ETA: debian buster is the OS, mono ver. is 126.96.36.199
ETA2: Upgraded to 188.8.131.52_beta_2021-06-17, no change
Is this a new backup configuration, or is this failure from an existing configuration?
Support for OpenSSH RSA keys were only recently added to SSH.NET. Once a new version of SSH.NET is released, we can update the libraries used by Duplicati.
Neither, just a key refresh. I used Debian’s ssh-keygen and took the default.
What formats are OK? I did not see any mention of this in the doc.
Support new openssh format #3360 has discussion and workarounds.
Interestingly, they update their docs before their release. https://github.com/sshnet/SSH.NET has
ECDSA 256/384/521, ED25519 and RSA in OpenSSH key format
January 3 version captured by archive.org had
ED25519 in OpenSSH key format
but if you use
-m key_format option on ssh-keygen, there are lots of options.using older formats.
OK - I will grab an oldie but goodie.
I just had a QNap unit go tits-up, didn’t really want to think about THIS. But when it rains…
Their repository defaults to their
develop branch. If you look at
master (which I think is their release branch), the documentation is consistent.
@Kahomono, I modified the thread title to make it easier for others to understand what the issue is.
(further off-topic) Duplicati’s manual is a totally separate GitHub project, often in catch-up mode.
S3 Compatible did catch up with 184.108.40.206, but leaves no info on underscored options for earlier…
Testing backup configuration and “clean” backups might have been thrown off by the mismatch.
(more on-topic) I wonder if Duplicati manual can permalink to the in-use version for tech detail?
https://github.com/sshnet/SSH.NET/tree/2020.0.1 says lots for those who really want to know it.
The format change is obscure even with that. One almost needs OpenSSH release note on it…
This release includes a number of changes that may affect existing
* ssh-keygen(1): write OpenSSH format private keys by default
instead of using OpenSSL's PEM format. The OpenSSH format,
supported in OpenSSH releases since 2014 and described in the
PROTOCOL.key file in the source distribution, offers substantially
better protection against offline password guessing and supports
key comments in private keys. If necessary, it is possible to write
old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
when generating or updating a key.
FWIW this cleared the issue for me: when generating the keys, I used the command
ssh-keygen -m pem -f some_key_file -t rsa -b 4096