I’ve just started playing with duplicati. Looks very good!
The issue I’m running into is backing up files using storage type SFTP (SSH) without a password using pubkey (keyfile) only. I’ve searched the forum, spend time on it but perhaps I did not look in the right area’s.
In the UI when creating a new backup under the ‘backup destination’ there is a ‘password’ field requiring ‘authentication password’, even though that should not be needed when using pubkey based authentication and when the correct keyfile has been set. In the webinterface I’m forced to enter a password, even though I’ve selected the correct keyfile (/root/.ssh/id_rsa) and using the correct the ssh-fingerprint. A ‘test connection’ gives ‘you must fill in the password’.
How can I make backups over SSH without password?
Background info:
I’m using an unencrypted private key. I’ve tried both the ssh-key option as well as the keyfile options.
Manual backup works using rsync and the provided information. So permissions, server address, port, key paths etc. are correct.
Did you try the --ssh-key or --ssh-keyfile parameters listed under “SFTP (SSH)” section of Advanced options in step 5 (Options) of creating/editing a backup set?
Yes I have tried both. That should suffice, based on how SSH works. However, a password is required according to the UI. I’m currently trying to get the private key in the proper encoding as per SSH Guide or How-To Request.
The ‘SSH Guide or How-To Request’ only describes how to add a ‘ssh-key’ using proper encoding. It does not describe how to use ‘ssh-keyfile’ without a password, so that seems irrelevant for now.
You actually might want to have your ssh key encrypted with the password and then use that password in appropriate field - I would think this will be a bit more secure.
dgcom:
You actually might want to have your ssh key encrypted with the password and then use that password in appropriate field - I would think this will be a bit more secure.
Just tested this with encrypted key. Works correctly.
Solved. Thanks @dgcom for the suggestion & @dcurrey for testing. It’s a known bug [to not allow an empty password field when an unencrypted private key is used] apparently. Created a new keypair for this purpose with password and, indeed, that works like a charm.