-
Notifications
You must be signed in to change notification settings - Fork 414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cant create SFTP repository. Kopia does not support ed25519 keys #2443
Comments
Ok, so I found this https://kopia.discourse.group/t/kopia-and-sftp-repos/183 forum post and used Thank you for this great software |
I'm opening this again because I'm having an issue creating a sftp repository. Following https://kopia.discourse.group/t/kopia-and-sftp-repos/183 that has worked in the past now throws this error when creating repository:
I've created known_host in the same way I did it in the past, using ssh-keygen (openssh for windows). Could you help me? |
I think you are confusing two different things here. With The known_hosts file is created automatically when you connect to a previously unknown host for the first time. Since you are using OpenSSH, you can use the simple command So, you are confusing your key, which is for authenticating you to the host, with a host key, which is for authenticating the host to you. Keep in mind that the host key (in known_hosts) may change occasionally (generally not that often), after which you have to connect there again using ssh just like above in order to collect the new key. I know this sounds complicated, and to some extent it is. In your first post it seems there either wasn't a key for this host in your known_hosts, or it had changed (
Then try and connect to your host as I told above, and you should be good to go. |
Hello! I'm trying to get this working again after having problems with another backup solution, and after trying to use WebDAV repository (it is not working for me, see https://kopia.discourse.group/t/invalid-length-when-restoring/1741/3) I understand your explanation, and I've followed your indications:
And then I get the "key mismatch" error. Same thing happens when trying to do it from a linux desktop, and from the command line. I've been searching and I've found this SFTP repository won't work if remote SSH server using non standard 22 port. Could I fix this in any way? Am I missing something? |
Hmmm. I think you may actually have come across a shortcoming in the way Kopia's internal ssh client handles the known_hosts data. This may have been your problem already in the first place. I tried to figure out why your key would mismatch, and experimented a little. It turned out that Kopia doesn't understand ssh-ed25519 keys at all, and if that's the only key type for your host in known_hosts, Kopia will throw exactly the error you got. Other keys (at least ssh-rsa and ecdsa-sha2-nistp256 keys that I have) seem to work fine. You could try the command You could also use an external ssh client (as you already seem to have OpenSSH), but that requires creating a personal key file for logging into your host. That procedure has its own quirks, so let's leave it as a last resort. A non-standard port doesn't seem to be a problem. That was the conclusion also in the issue you linked to. As a common observation, I'm getting really tired of this whole mess that is Kopia's mandatory known_hosts data. It's already not easy to understand for many people, and now it seems you may not get it right even if you know what you're doing. Could we please have this thing made optional? |
Hello! And thank you.
And yes ed25519 is the only key available. I'm using this docker container as sftp server: https://github.com/atmoz/sftp So I have to use the "last resort" path. :(. I'll try to get it working. |
Well, that probably won't work either. As I said in my edit above, the issue you mentioned about non-standard ssh ports not working seems to apply only when using an external ssh client. I haven't tried it myself though. I'm sorry but you seem to be hitting a snag on every front here.
That equation surely doesn't leave you with much... |
Ok, thank you anyway. Now I have a clearer vision of how thinks work. Thanks for sharing you knowledge. What I am going to do is |
Hi all, I have the same issue and I can't quite get my head around how to fix this issue (other than not using known_hosts) My error is:
I've tried using the openSSH client to connect to the NAS, therefore adding the ed25519 key to known_hosts, and I also tried using the Am I missing something, or is there no way around this issue? Cheers! |
Are you sure you copied the whole key? The other keys (especially an rsa one) are much longer than the ed25519 key, and thus the key line is usually wrapped across several lines in a command window. In the known_hosts file each key should be on one long line though. Maybe it would be easier if you redirected the command output directly to the end of your known_hosts file: |
Yes! That was it. That worked perfectly. I knew it would be something like that. |
Hello again! So, the understanding of the matter, thanks to @ingul-buz, made me find a solution:
And now it is working. Thank you! |
I'm really glad you both managed to get it working! Unfortunately the issues I mentioned a few comments back are still there. It shouldn't be necessary to move to another SFTP host just because Kopia doesn't support ed25519 keys. Or because the external ssh option doesn't support non-standard ports. Or, for Pete's sake, because Kopia keeps demanding the known_hosts data even when the docs state it's optional. Let's hope that one day someone will find the time and inspiration to fix these shortcomings of this great tool. Sadly I still don't have the skills to do it myself. |
I can confirm - kopia does not handle |
This was reported as answered on Kopia Slack. I am closing this out but please feel free to reopen if needed. |
I don't use Slack so I don't know what's been answered over there. But the matter of fact is that ssh in Kopia 0.13.0 still doesn't support ed25519 keys. I myself don't need it, since my host has other key options as well, but I think there are others without that luxury. Just for the heck of it I tried and left only an ed25519 key in my known_hosts file, and this is what I got:
I cannot re-open this issue, so @friki67 or @ntolia, feel free to do that if you feel that way... |
@ingul-buz Thank you for your response. Reopening this. |
@ntolia If we open the issue again, can we at least change the title. The defect is that Kopia does not support ed25519 keys. Otherwise, the defect will get lost. |
Any updates on this isssue? |
If the known hosts data/file only contains the server's public rsa key and not the ed25519 key, kopia will connect to the sftp server using an ed25519 key (as confirmed by the server's auth log). |
This is still a problem on my end. Kopia isn't connecting to my SFTPgo server because of the ed25519 key. Any way to bypass the check? |
same here.. conecting to truenas `root@fernandocheca:~/# kopia repository create sftp --path="vps" --host truenas --username=user --known-hosts ~/.ssh/known_hosts --keyfile ~/.ssh/id_rsa ERROR can't connect to storage: unable to open SFTP storage: error establishing connecting: unable to dial [truenas:22]: &ssh.ClientConfig{Config:ssh.Config{Rand:io.Reader(nil), RekeyThreshold:0x0, KeyExchanges:[]string(nil), Ciphers:[]string(nil), MACs:[]string(nil)}, User:"user", Auth:[]ssh.AuthMethod{(ssh.publicKeyCallback)(0x11e1060)}, HostKeyCallback:(ssh.HostKeyCallback)(0x11dd6e0), BannerCallback:(ssh.BannerCallback)(nil), ClientVersion:"", HostKeyAlgorithms:[]string(nil), Timeout:0}: ssh: handshake failed: knownhosts: key mismatch` |
what's even failing here? I'm pretty sure the used libraries support ed25519 (please call me out if I'm wrong), and I don't see anything that disables ed25519 in the kopia source. is this a kopia thing or is this a x/crypto/ssh thing? |
Update: Apparently In that pull requests, one of the developers posted a trickery that he used to make a thin wrapper for the original |
Using |
2024 Dec, v0.18.2 still not fixed |
Newbie here. Trying to configure a SFTP repoository using KopiaUI in Windows server 2012r2 I'm getting this error:
Connect Error: INTERNAL: internal server error: unable to open SFTP storage: error establishing connecting: unable to dial [myhost:20021]: &ssh.ClientConfig{Config:ssh.Config{Rand:io.Reader(nil), RekeyThreshold:0x0, KeyExchanges:[]string(nil), Ciphers:[]string(nil), MACs:[]string(nil)}, User:"myuser", Auth:[]ssh.AuthMethod{(ssh.passwordCallback)(0x1015520)}, HostKeyCallback:(ssh.HostKeyCallback)(0x10119e0), BannerCallback:(ssh.BannerCallback)(nil), ClientVersion:"", HostKeyAlgorithms:[]string(nil), Timeout:0}: ssh: handshake failed: knownhosts: key mismatch
I've created the know_hosts file using openSSH.
Trying to create the repository using CLI in windows makes the same result:
ERROR can't connect to storage: unable to open SFTP storage: error establishing connecting: unable to dial [myhost:20021]: &ssh.ClientConfig{Config:ssh.Config{Rand:io.Reader(nil), RekeyThreshold:0x0, KeyExchanges:[]string(nil), Ciphers:[]string(nil), MACs:[]string(nil)}, User:"myuser", Auth:[]ssh.AuthMethod{(ssh.passwordCallback)(0x1015520)}, HostKeyCallback:(ssh.HostKeyCallback)(0x10119e0), BannerCallback:(ssh.BannerCallback)(nil), ClientVersion:"", HostKeyAlgorithms:[]string(nil), Timeout:0}: ssh: handshake failed: knownhosts: key mismatch
So why this key mismatch? How to get the "right" host key for kopia?
The text was updated successfully, but these errors were encountered: