SSH Guide or How-To Request

Would anyone be able to point me to a guide or how-to that describes how to use an SSH backend?

An url-encoded SSH private key. The private key must be prefixed with sshkey://. If the file is encrypted, the password supplied is used to decrypt the keyfile. If this option is supplied, the password is not used to authenticate. This option only works when using the managed SSH client.

I know how to generate RSA keys and how to add them to ~/.ssh/authorized_hosts. What I do not know how to do is to generate a “An url-encoded SSH private key.”

Thanks

The way I did this was to go to the advanced features in the Destination tab. You can set:

–ssh-keyfile=/config/private_keys/backup/id_rsa

This passes the private key with the passphrase to sshd.

david

1 Like

Thanks, not sure how I missed that option.

BTW: A good way of showing your appreciation for a post is to like it: just press the :heart: button under the post.

If you asked the original question, you can also mark an answer as the accepted answer which solved your problem using the tick-box button you see under each reply.

All of this also helps the forum software distinguish interesting from less interesting posts when compiling summary emails.

Thanks for the info. I liked his post.

The problem is solved in that I can SSH but I’d still like to know how to create a “url-encoded SSH private key” as storing the key in the config vs in a separate file on the FS appeals to me.

Should you need it, what you do is take the contents of the private key file, looking something like:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----

Then you paste it into a url encoder, like this one:
https://www.url-encode-decode.com/

And you get a single (url encoded) line like this:

-----BEGIN+RSA+PRIVATE+KEY-----%0D%0AMIICXAIBAAKBgQCqGKukO1De7zhZj6%2BH0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ%2FDgYSF6vUp%0D%0AwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1%2F3j%2BskZ6UtW%2B5u09lHNsj6tQ5%0D%0A1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56%2BqGyN8M0RVyaRAXz%2B%2BxTqHBLh%0D%0A3tx4VgMtrQ%2BWEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2%0D%0ApIIVOFMDG%2BKESnAFV7l2c%2BcnzRMW0%2Bb6f8mR1CJzZuxVLL6Q02fvLi55%2FmbSYxECQQDeAw6fiIQX%0D%0AGukBI4eMZZt4nscy2o12KyYner3VpoeE%2BNp2q%2BZ3pvAMd%2FaNzQ%2FW9WaI%2BNRfcxUJrmfPwIGm63il%0D%0AAkEAxCL5HQb2bQr4ByorcMWm%2FhEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3%2F9s5p%2BsqGxOlF%0D%0AL0NDt4SkosjgGwJAFklyR1uZ%2FwPJjj611cdBcztlPdqoxssQGnh85BzCj%2Fu3WqBpE2vjvyyvyI5k%0D%0AX6zk7S0ljKtt2jny2%2B00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu%2FfhrT8ebHkTz2epl%0D%0AU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ%0D%0A37sJ5QsW%2BsJyoNde3xH8vdXhzU7eT82D6X%2Fscw9RZz%2B%2F6rCJ4p0%3D%0D%0A-----END+RSA+PRIVATE+KEY-----
2 Likes

Hi,

I’m new to Duplicati (another Crashplan refugee) but so far I have been impressed with the program. However, I have still having troubles getting public/private key authentication working. I am using Bitwise SSH server on my destination and I am able to get the private key for the server and public key setup for the user. However, when I try to have Duplicati use the key to login, I am unable to. Can you provide some more detail on the Duplicati setup required?

Thanks!

Edit: I was able to get the private key to work as a file but every time that I tried the URL encoded version in the config, I got an error stating the the file name was too long. Has anyone else experience this? I would prefer not to have the key in a file.

Thanks @kenkendk for the info on how to create an url-encoded SSH private key. How could one do the same thing offline (e.g. using linux setup) so that the private key does not need to be sent to an untrusted website? Kindly, Fred

NOTE: Perhaps Base64 and URL Encoding and Decoding can be used using the 'url encode’ option, when adding the ‘sshkey://’ prefix before adding it as an ‘ssh-key’. This page can be made available offline and still functions. Did not get this to work yet though.

The conversion to url-encoded string is relatively simple, quick Googling found this discussion with bash script:

Trying to set up backup with SSH private key but no luck.

I use Duplicati as docker on Openmediavault (debian 9). Private key is “sshremote” in /tmp.

So I leave password field empty and get following errors when I fill in “ssh-keyfile” field under Advanced options:

  • /tmp/sshremote - Failed to connect: Failed to parse the keyfile, check the key format and passphrase. Error message was Could not find file “/tmp/sshremote”
  • tmp/sshremote - Failed to connect: Failed to parse the keyfile, check the key format and passphrase. Error message was Could not find a part of the path “/app/duplicati/tmp/sshremote”.
  • same if I add root/… or /root/…

If I use “ssh-keyfile” method I get “Invalid private key file” (though I manage to use it elsewhere).

Logging to the same server with password works (test connection - ok). So how path to file should be listed to work?

UPD: I learned how to mount extra volumes to docker, so I just mounted folder with ssh key and it worked.