Package: duplicity
Version: 0.6.18-3
Severity: normal
Dear Maintainer,
Backups with duplicity are failing in a random manner. I use public key
authentication with duplicity and it often dies with the following
message:
BackendException: ssh connection to sftp.host.xxx:22 failed: Authentication
failed.
(sftp.host.xxx is just an example name)
It also works from time to time while nothing changed. This bug is something
that popped up several weeks ago. I have 20+ hosts running duplicity every
night some fail some don't.
Now i'm 100% sure there is nothing wrong with the ssh hosts and public key
authentication works with "normal" ssh/scp/sftp.
I have tested this on:
- oldstable with 0.6.18-3~bpo60+1 (backport)
- stable with 0.6.18-3
- oldstable with 0.6.23-1 (build from deb-src)
A verbose trace of duplicity failing in action:
--------------------------------------------------------------------------
command:
/usr/bin/duplicity collection-status --sign-key #### --log-file
/var/log/duplicity/duplicity.log --verbosity 9 scp://###@sftp.host.xxx/path
Using archive dir: /root/.cache/duplicity/c5af6ab267a8aff1a2af8efc9f6d5467
Using backup name: c5af6ab267a8aff1a2af8efc9f6d5467
Import of duplicity.backends.hsibackend Succeeded
Import of duplicity.backends.imapbackend Succeeded
Import of duplicity.backends.cloudfilesbackend Succeeded
Import of duplicity.backends.webdavbackend Succeeded
Import of duplicity.backends.gdocsbackend Succeeded
Import of duplicity.backends.u1backend Succeeded
Import of duplicity.backends.sshbackend Succeeded
Import of duplicity.backends.rsyncbackend Succeeded
Import of duplicity.backends.botobackend Succeeded
Import of duplicity.backends.ftpsbackend Succeeded
Import of duplicity.backends.giobackend Failed: No module named gio
Import of duplicity.backends.localbackend Succeeded
Import of duplicity.backends.ftpbackend Succeeded
Import of duplicity.backends.tahoebackend Succeeded
ssh: starting thread (client mode): 0x1e24590L
ssh: Connected (version 2.0, client OpenSSH_3.7.1p2)
ssh: kex algos:['diffie-hellman-group-exchange-sha1',
'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client
encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc'] server
encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc'] client mac:['hmac-md5',
'hmac-sha1', 'hmac-sha1-96'] server mac:['hmac-md5', 'hmac-sha1',
'hmac-sha1-96'] client compress:['none'] server compress:['none'] client
lang:[''] server lang:[''] kex follows?False
ssh: Ciphers agreed: local=aes128-cbc, remote=aes128-cbc
ssh: using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher:
local aes128-cbc, remote aes128-cbc; mac: local hmac-sha1, remote hmac-sha1;
compression: local none, remote none
ssh: Switch to new keys ...
ssh: Trying discovered key ###################### in /root/.ssh/id_rsa
ssh: userauth is OK
ssh: Authentication (publickey) failed.
Using temporary directory /tmp/duplicity-nhEUIu-tempdir
Backend error detail: Traceback (most recent call last):
File "/usr/bin/duplicity", line 1404, in <module>
with_tempdir(main)
File "/usr/bin/duplicity", line 1397, in with_tempdir
fn()
File "/usr/bin/duplicity", line 1248, in main
action = commandline.ProcessCommandLine(sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py", line 999,
in ProcessCommandLine
globals.backend = backend.get_backend(args[0])
File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 158, in
get_backend
return _backends[pu.scheme](pu)
File "/usr/lib/python2.7/dist-packages/duplicity/backends/sshbackend.py",
line 140, in __init__
raise BackendException("ssh connection to %s:%d failed: %s" %
(parsed_url.hostname,portnumber,e))
BackendException: ssh connection to sftp.host.xxx:22 failed: Authentication
failed.
BackendException: ssh connection to sftp.host.xxx:22 failed: Authentication
failed.
ssh: EOF in transport thread
--------------------------------------------------------------------------
This all happens when using the default ssh backend (paramiko). I've build
0.6.23-1 on oldstable:
1. add a deb-src line for sid to your sources.list
2. apt-get update
3. apt-get build-dep duplicity
4. apt-get -b source duplicity
5. dpkg -i duplicity_0.6.23-1_amd64.deb
With 0.6.23-1 i have the oppertunity to choose the pexpect backend which uses
the sftp commands. This works flawlessly, everytime duplicity works, no
authentication failed messages.
So to conclude:
This sometimes works:
/usr/bin/duplicity collection-status --sign-key #### --log-file
/var/log/duplicity/duplicity.log --verbosity 9 scp://###@sftp.host.xxx/path
but often fails with:
BackendException: ssh connection to sftp.host.xxx:22 failed: Authentication
failed.
This always works:
/usr/bin/duplicity collection-status --ssh-backend -expect --sign-key ####
--log-file /var/log/duplicity/duplicity.log --verbosity 9
scp://###@sftp.host.xxx/path
Regards,
Frodo
-- System Information:
Debian Release: 7.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12.9-x86_64-linode37 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages duplicity depends on:
ii libc6 2.13-38+deb7u1
ii librsync1 0.9.7-9
ii python 2.7.3-4+deb7u1
ii python-gnupginterface 0.3.2-9.1
Versions of packages duplicity recommends:
ii python-paramiko 1.7.7.1-3.1
ii rsync 3.0.9-4
Versions of packages duplicity suggests:
pn lftp <none>
ii ncftp 2:3.2.5-1.1
pn python-boto <none>
pn python-cloudfiles <none>
pn python-gdata <none>
pn python-pexpect <none>
pn tahoe-lafs <none>
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
