[SOLVED] SFTP/SSH backups without password (pubkey only)?

Support
1

Dear all,

I’ve just started playing with duplicati. Looks very good!

The issue I’m running into is backing up files using storage type SFTP (SSH) without a password using pubkey (keyfile) only. I’ve searched the forum, spend time on it but perhaps I did not look in the right area’s.

In the UI when creating a new backup under the ‘backup destination’ there is a ‘password’ field requiring ‘authentication password’, even though that should not be needed when using pubkey based authentication and when the correct keyfile has been set. In the webinterface I’m forced to enter a password, even though I’ve selected the correct keyfile (/root/.ssh/id_rsa) and using the correct the ssh-fingerprint. A ‘test connection’ gives ‘you must fill in the password’.

How can I make backups over SSH without password?

Background info:

  • I’m using an unencrypted private key. I’ve tried both the ssh-key option as well as the keyfile options.
  • Manual backup works using rsync and the provided information. So permissions, server address, port, key paths etc. are correct.
  • Screenshot:
    image
    image.png700×745 49.4 KB

Thanks @JonMikelV for helping clarify the question.

Kind regards,
Fred

2

Did you try the --ssh-key or --ssh-keyfile parameters listed under “SFTP (SSH)” section of Advanced options in step 5 (Options) of creating/editing a backup set?

3

Yes I have tried both. That should suffice, based on how SSH works. However, a password is required according to the UI. I’m currently trying to get the private key in the proper encoding as per SSH Guide or How-To Request.

4

Ah, my apologies - I didn’t realize the issue was using pubkey without a password, not just HOW to use a pubkey.

Let us know whether or not the “SSH Guide or How-To Request” works out for you.

5

The ‘SSH Guide or How-To Request’ only describes how to add a ‘ssh-key’ using proper encoding. It does not describe how to use ‘ssh-keyfile’ without a password, so that seems irrelevant for now.

6

As far as I can tell if using the ssh keys to connect the password is ignored. I just entered random password into the password field.

My linux box doesn’t allow password logins so not sure if it actually tries to send the password first or not.

7

You actually might want to have your ssh key encrypted with the password and then use that password in appropriate field - I would think this will be a bit more secure.

1 Like
8

This is a known bug. Just enter random characters into the password field if your key is not password protected.

9

dgcom:
You actually might want to have your ssh key encrypted with the password and then use that password in appropriate field - I would think this will be a bit more secure.

Just tested this with encrypted key. Works correctly.

10

Solved. Thanks @dgcom for the suggestion & @dcurrey for testing. It’s a known bug [to not allow an empty password field when an unencrypted private key is used] apparently. Created a new keypair for this purpose with password and, indeed, that works like a charm.