I’ll try to give a precise description of the 3 requested steps in the original post, but I’m including some additional info which may or may not be useful to you (for the sake of making it #HowTo-able )
You can generate the key-set for MacOS using
ssh-keygen. I usually just press enter the entire way through to create an unprotected private key. It’s up to you.
Assuming defaults the keyset is now in
Next, you need to tell the SSHD service that this key is allowed, so you update the
cat /Users/user/.ssh/id_rsa.pub >> /Users/user/.ssh/authorized_keys
You will need to copy
id_rsa from the server to the machine running Duplicati in order to set it up.
You can either use WinSCP to download the file, or just plain open the file and copy the contents out of it using
SSH should be enabled first. It looks like it is on your system, but if it’s not it can be done by going into
System Preferences -> Sharing and then enabling
After ensuring SSH is enabled on the destination you need to make sure it supports the login method you want to use. I like to fail the SSH handshake as the SSH server will tell you what methods it expects (allows).
# ssh user@server -o PreferredAuthentications=none
user@server: Permission denied (publickey,password,keyboard-interactive).
If your desired option is not allowed (eg publickey or password) it needs to be tweaked in the SSHD config, there’s another thread here which may help SSH into Mac- no authentication method found
To configure Duplicati for SFTP (SSH), you need the usual servername, port, path, username, and password. Username is whatever user you have on the MacOS server. Password can be omitted if you’re using a private key without password protection.
In addition to the above settings, you need a few more settings, when using private keys, under the
ssh-keyfile to the path of the
id_rsa file on your machine running Duplicati, or use
ssh-key to paste the key inline.
ssh-key requires you to URL encode the
id_rsa file contents
ssh-fingerprint also needs to be defined, or omitted with
Luckily, Duplicati will give you the option to simply press
yes to add the
ssh-fingerprint option when you press
Test connection, so I recommend doing that.
After adding the fingerprint and ssh-key you should be able to successfully test the connection and create the remote folder (if it’s missing) and you’re ready to use SFTP for backups