SocketException: Connection Refused for SFTP (SSH)

Hello,

When trying to backup data to a remote location using SFTP (SSH) with a sshkey, I receive the following error:

Failed: Connection refused
Details: System.Net.Sockets.SocketException (0x80004005): Connection refused
  at Duplicati.Library.Main.BackendManager.List () [0x00049] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Operation.FilelistProcessor.RemoteListAnalysis (Duplicati.Library.Main.BackendManager backend, Duplicati.Library.Main.Options options, Duplicati.Library.Main.Database.LocalDatabase database, Duplicati.Library.Main.IBackendWriter log, System.String protectedfile) [0x0000d] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Operation.FilelistProcessor.VerifyRemoteList (Duplicati.Library.Main.BackendManager backend, Duplicati.Library.Main.Options options, Duplicati.Library.Main.Database.LocalDatabase database, Duplicati.Library.Main.IBackendWriter log, System.String protectedfile) [0x00000] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Operation.BackupHandler.PreBackupVerify (Duplicati.Library.Main.BackendManager backend, System.String protectedfile) [0x0005f] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 
  at CoCoL.ChannelExtensions.WaitForTaskOrThrow (System.Threading.Tasks.Task task) [0x00050] in <6973ce2780de4b28aaa2c5ffc59993b1>:0 
  at Duplicati.Library.Main.Operation.BackupHandler.Run (System.String[] sources, Duplicati.Library.Utility.IFilter filter) [0x00008] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Controller+<>c__DisplayClass13_0.<Backup>b__0 (Duplicati.Library.Main.BackupResults result) [0x00035] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Controller.RunAction[T] (T result, System.String[]& paths, Duplicati.Library.Utility.IFilter& filter, System.Action`1[T] method) [0x0011d] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 

Log data:
2019-06-02 13:15:24 +02 - [Error-Duplicati.Library.Main.Operation.BackupHandler-FatalError]: Fatal error
System.Net.Sockets.SocketException (0x80004005): Connection refused
  at Duplicati.Library.Main.BackendManager.List () [0x00049] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Operation.FilelistProcessor.RemoteListAnalysis (Duplicati.Library.Main.BackendManager backend, Duplicati.Library.Main.Options options, Duplicati.Library.Main.Database.LocalDatabase database, Duplicati.Library.Main.IBackendWriter log, System.String protectedfile) [0x0000d] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Operation.FilelistProcessor.VerifyRemoteList (Duplicati.Library.Main.BackendManager backend, Duplicati.Library.Main.Options options, Duplicati.Library.Main.Database.LocalDatabase database, Duplicati.Library.Main.IBackendWriter log, System.String protectedfile) [0x00000] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 
  at Duplicati.Library.Main.Operation.BackupHandler.PreBackupVerify (Duplicati.Library.Main.BackendManager backend, System.String protectedfile) [0x0005f] in <c6c6871f516b48f59d88f9d731c3ea4d>:0 

However, on the same machine, when trying to connect to the server via ssh -i my_keyfile -p 123 duplicati_user@remote.host it works just fine. I also used the same setup on another computer (url-encoded sshkey with the sshkey:// prefix) and it works there.

Any idea how to debug this?

The -p ssh parameter indicates you’re connecting on port 123, not the standard port 22.

You’ll need to set the correct port when setting up your SFTP backend

Screenshot 2019-06-02 at 16.49.18.png1332×336 16 KB

I’m sorry for not being precise enough. Of course, I configured the port in the web-interface as well. Because I specified the port in the command line I thought it is clear that I know that I have to set the port.

As mentioned, I also configured the same backup destination server (SSH) on another machine and it works there. I was hoping to find a more specific error message as to why the connection was refused (what command was used internally by Duplicati?). It should be possible to replicate the error in the console, but when I try it manually with my own command the connection works flawlessly.

Not sure what it could be, but it’s not even getting to talk to the daemon.

If it was an issue with your ssh key it would be Failed to connect: Permission denied (publickey). or similar.

A flat Connection refused is a firewall/port opening problem.

It’s really strange and even when enabling the --log-level=profiling Duplicati does not show any hint of what is happening behind the scenes. There is no firewall/port issue and I verified the config file of Duplicati (via the “export configuration” option) contains the SSH port number. I see two possible reasons for this issue:

1. The version combination of Duplicati and Mono does not work well and therefore the connection is not working properly.
2. Mono itself is somehow malconfigured (e.g. no permissions?) and cannot connect to the remote SSH server.

Using default Debian packages, the versions are as follows:

root@dat:~# apt policy mono-runtime
mono-runtime:
  Installed: 4.6.2.7+dfsg-1
  Candidate: 4.6.2.7+dfsg-1
  Version table:
 *** 4.6.2.7+dfsg-1 500
        500 http://ftp.de.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status
root@dat:~# apt policy duplicati
duplicati:
  Installed: 2.0.4.5-1
  Candidate: 2.0.4.5-1
  Version table:
 *** 2.0.4.5-1 100
        100 /var/lib/dpkg/status

Firewall and port issues are out of the question as there is no magic going on when simply running the ssh command from command line works as expected.

I found the issue. The machine running Duplicati is behind a typical ISP router which is used as a DNS cache (I cannot change that). The server IPv6 address was recently changed and the router did still hold the old, invalid IP address. Strangely enough, the command line SSH resolved the domain to the IPv4 address that was valid (and therefore worked) while the Duplicati server resolved the domain to the IPv6 address that was invalid. So, you were right all along and it was just a port issue (the server behind the “invalid” IPv6 address did not listen on that port).

Thanks for your help and patience.

Nice find. I would have never guessed that to be that case! But it’s hard when I can’t poke around myself