Fiddling with duply and ed25519 keys

Posted on 8. December 2015 by bastelfreak

I’m using duply for my backups, the config is very simple (/root/.duply/backup/conf):

GPG_KEY='IDOFMYGPGKEY'
GPG_PW='PASSWORD'
GPG_OPTS='--compress-algo=bzip2'
TARGET='sftp://user@storage01.server.de:22//user'
SOURCE='/'
DUPL_PRECMD="nice -n 20 ionice -c 3"
MAX_AGE=2M
MAX_FULL_BACKUPS=8
MAX_FULLBKP_AGE=1W
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
VOLSIZE=512
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "
VERBOSITY=4
DUPL_PARAMS="$DUPL_PARAMS --asynchronous-upload "

I installed a new host with Debian 8 which ships the following software versions:

# dpkg -l | grep -E "paramiko|duply|duplicity"
ii duplicity 0.6.24-1 amd64 encrypted bandwidth-efficient backup
ii duply 1.9.1-1 all easy to use frontend to the duplicity backup system
ii python-paramiko 1.15.1-1 all Make ssh v2 connections with Python (Python 2)

After installing it, I created a ed25519 key pair, copied it to my backup server, and tried to ssh:

# ssh user@storage01.server.de
Could not chdir to home directory /customers/user: No such file or directory
This service allows sftp connections only.
Connection to storage01.server.de closed.

The server only allows sftp for this user and no normal ssh, so this is expected, the key seems to work. Lets test duply:

# duply backup status
Start duply v1.9.1, time is 2015-12-04 10:22:49.
Using profile '/root/.duply/backup'.
Using installed duplicity version 0.6.24, python 2.7.9, gpg 1.4.18 (Home: ~/.gnupg), awk 'GNU Awk 4.1.1, API: 1.1 (GNU MPFR 3.1.2-p3, GNU MP 6.0.0)', bash '4.3.30(1)-release (x86_64-pc-linux-gnu)'.
Autoset found secret key of first GPG_KEY entry 'IDOFMYGPGKEY' for signing.
Checking TEMP_DIR '/tmp' is a folder (OK)
Checking TEMP_DIR '/tmp' is writable (OK)
TODO: reimplent tmp space check
Test - Encrypt to 'IDOFMYGPGKEY' & Sign with 'IDOFMYGPGKEY' (OK)
Test - Decrypt (OK)
Test - Compare (OK)
Cleanup - Delete '/tmp/duply.23085.1449220969_*'(OK)

--- Start running command STATUS at 10:22:50.404 ---
The authenticity of host 'storage01.server.de' can't be established.
SSH-RSA key fingerprint is d1:d6:47:0e:d7:6c:98:ba:f5:3c:d2:ef:cd:9f:0a:d7.
Are you sure you want to continue connecting (yes/no)? yes
BackendException: ssh connection to bastelknecht@storage01.server.de:22 failed: No authentication methods available
10:22:52.766 Task 'STATUS' failed with exit code '23'.
--- Finished state FAILED 'code 23' at 10:22:52.766 - Runtime 00:00:02.362 ---

Hu? broken? but lets test sftp:

# sftp user@storage01.server.de
Connected to storage01.server.de.
sftp> ls
bastelknecht
sftp> ^D

Works perfectly fine. Long story short: After debugging this for an hour I switched to a simple rsa key pair, aaaaaand it works. pyhton-paramiko doesn’t like new key types, the version shipped on Debian 8 is really old, I will test newer ones in the future.

This entry was posted in General, Linux. Bookmark the permalink.

One Response to Fiddling with duply and ed25519 keys

Leave a Reply to Raf Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.