borgmatic-collective/borgmatic
borgmatic-collective
/
borgmatic
15
57
Fork 41
Code Issues 55 Pull Requests 2 Actions Packages Releases 121 Activity

How export BORG_PASSPHRASE in config.yaml #833

New Issue
Closed
opened 2024-02-26 14:56:08 +00:00 by barnybla · 8 comments
barnybla commented 2024-02-26 14:56:08 +00:00
Copy Link

What I'm trying to do and why

I have 4 borgmatic backup jobs from different servers to a Hetzner storage box. On a synology NAS I have the probleme that when I start the backup over a bash script or I call a "borgmatic list" or any other command, I get a request about the "BORG_PASSPHRASE". The other jobs works without that request. The bash script contains "export BORG_PASSPHRASE="9jyjxxxxxxF9", but it doesn't work.
On the Hetzner storage box is borg version 1.2.0, and on synology Nas is 1.2.6

`root@nas2:~# borgmatic list
ssh://u123456@u123456.your-storagebox.de:23/./backups/nas2.example.local: Listing archives
u123456@u123456.your-storagebox.de's password:

Steps to reproduce

If I make a "ssh -p 23 u123456@u123456.your-storagebox.de" I get a connetion without request off the passphrase.

Actual behavior

No response

Expected behavior

No response

Other notes / implementation ideas

No response

borgmatic version

1.8.2

borgmatic installation method

synology community package installer

Borg version

1.2.6

Python version

3.11.5

Database version (if applicable)

No response

Operating system and version

DSM 7.2-64570 Update 1

### What I'm trying to do and why I have 4 borgmatic backup jobs from different servers to a Hetzner storage box. On a synology NAS I have the probleme that when I start the backup over a bash script or I call a "borgmatic list" or any other command, I get a request about the "BORG_PASSPHRASE". The other jobs works without that request. The bash script contains "export BORG_PASSPHRASE="9jyjxxxxxxF9", but it doesn't work. On the Hetzner storage box is borg version 1.2.0, and on synology Nas is 1.2.6 `root@nas2:~# borgmatic list ssh://u123456@u123456.your-storagebox.de:23/./backups/nas2.example.local: Listing archives u123456@u123456.your-storagebox.de's password: ### Steps to reproduce If I make a "ssh -p 23 u123456@u123456.your-storagebox.de" I get a connetion without request off the passphrase. ### Actual behavior _No response_ ### Expected behavior _No response_ ### Other notes / implementation ideas _No response_ ### borgmatic version 1.8.2 ### borgmatic installation method synology community package installer ### Borg version 1.2.6 ### Python version 3.11.5 ### Database version (if applicable) _No response_ ### Operating system and version DSM 7.2-64570 Update 1
borgmatic_config_log.txt
32 KiB
config.txt
2.2 KiB
borg_backup.txt
1.8 KiB
witten commented 2024-02-26 17:06:40 +00:00
Owner
Copy Link

The u123456@u123456.your-storagebox.de's password: password prompt is almost certainly coming from SSH, not Borg, and therefore has nothing to do with your Borg passphrase! My guess is that the user account running borgmatic does not have passwordless SSH configured between your client and your server, and that's why it's asking you for a password. The solution? Set up passwordless SSH, assuming that's how you want to connect to your server. Alternatively, leave things as-is and just type your server password each time.

The `u123456@u123456.your-storagebox.de's password:` password prompt is almost certainly coming from SSH, not Borg, and therefore has nothing to do with your Borg passphrase! My guess is that the user account running borgmatic does not have passwordless SSH configured between your client and your server, and that's why it's asking you for a password. The solution? Set up passwordless SSH, assuming that's how you want to connect to your server. Alternatively, leave things as-is and just type your server password each time.
witten added the
question / support
 label 2024-02-26 17:06:48 +00:00
witten commented 2024-02-26 17:08:48 +00:00
Owner
Copy Link

A related note: If you'd prefer to put your BORG_PASSPHRASE into your borgmatic configuration file so that you don't have to set it via your bash script, then check out the encryption_passhprase configuration option!

A related note: If you'd prefer to put your `BORG_PASSPHRASE` into your borgmatic configuration file so that you don't have to set it via your bash script, then check out the `encryption_passhprase` configuration option!
barnybla commented 2024-02-26 19:04:00 +00:00
Author
Copy Link

If I make a direct connect to the storage box with "ssh -p 23 u123456@u123456.your-storagebox.de", that works without passphrase. So it couldn't come from SSH, the SSH key works without probleme.

The encryption_passhprase is set in config.yaml:
Passphrase to unlock the encryption key with. Only use on

repositories that were initialized with passphrase/repokey/keyfile

encryption. Quote the value if it contains punctuation, so it parses

correctly. And backslash any quote or backslash literals as well.

Defaults to not set.

encryption_passphrase: "9jyjxxxxxxF9"

Is it possible that the probleme are the different borg version of the NAS (1.2.6) and the storage box (1.2.0)?

If I make a direct connect to the storage box with "ssh -p 23 u123456@u123456.your-storagebox.de", that works without passphrase. So it couldn't come from SSH, the SSH key works without probleme. The encryption_passhprase is set in config.yaml: Passphrase to unlock the encryption key with. Only use on # repositories that were initialized with passphrase/repokey/keyfile # encryption. Quote the value if it contains punctuation, so it parses # correctly. And backslash any quote or backslash literals as well. # Defaults to not set. encryption_passphrase: "9jyjxxxxxxF9" Is it possible that the probleme are the different borg version of the NAS (1.2.6) and the storage box (1.2.0)?
witten commented 2024-02-26 19:10:13 +00:00
Owner
Copy Link

If I make a direct connect to the storage box with "ssh -p 23 u123456@u123456.your-storagebox.de", that works without passphrase. So it couldn't come from SSH, the SSH key works without probleme.

I don't know what to tell you.. What you're getting is an SSH password prompt and not a Borg passphrase prompt! Is it possible that you're testing the manual ssh command from a different user account than the one borgmatic is running as? Or maybe there's a typo in your repository path (e.g., the username portion) in your borgmatic configuration file?

Is it possible that the probleme are the different borg version of the NAS (1.2.6) and the storage box (1.2.0)?

Borg 1.2.6 and 1.2.0 should be totally compatible as far as I know.

> If I make a direct connect to the storage box with "ssh -p 23 u123456@u123456.your-storagebox.de", that works without passphrase. So it couldn't come from SSH, the SSH key works without probleme. I don't know what to tell you.. What you're getting is an SSH password prompt and not a Borg passphrase prompt! Is it possible that you're testing the manual `ssh` command from a different user account than the one borgmatic is running as? Or maybe there's a typo in your repository path (e.g., the username portion) in your borgmatic configuration file? > Is it possible that the probleme are the different borg version of the NAS (1.2.6) and the storage box (1.2.0)? Borg 1.2.6 and 1.2.0 should be totally compatible as far as I know.
barnybla commented 2024-02-26 20:46:25 +00:00
Author
Copy Link

all backup jobs are running as root

I removed the ssh key path from the config.yaml:

storage: # Point to your private key # ssh_command: ssh -i /volume1/borgbackup/id_synology
After that I got:

`123456@u123456.your-storagebox.de:23/./backups/nas2.example.local: Listing archives
nas2-2024-02-16T21:35:38.924063 Fri, 2024-02-16 21[43acaf1d03526119c8ea97736b21acd0ed00304044ec2b70a355b22c7ec54965]
nas2-2024-02-23T19:10:29.203961 Fri, 2024-02-23 19:[80576cc7ba767ba85887f0f330db6e4423d71c95e45fb35fae460127a830a50c]

summary:
/etc/borgmatic/config.yaml: Configuration sections (like location: and storage:) are deprecated and support will be removed from a future release. To prepare for this, move your options out of sections to the global scope.
/etc/borgmatic/config.yaml: The checks option now expects a list of key/value pairs. Lists of strings for this option are deprecated and support will be removed from a future release.
/etc/borgmatic/config.yaml: The repositories option now expects a list of key/value pairs. Lists of strings for this option are deprecated and support will be removed from a future release.
`
Now without password prompt. I try the next backup with this config.yaml

all backup jobs are running as root I removed the ssh key path from the config.yaml: `storage: # Point to your private key # ssh_command: ssh -i /volume1/borgbackup/id_synology ` After that I got: `123456@u123456.your-storagebox.de:23/./backups/nas2.example.local: Listing archives nas2-2024-02-16T21:35:38.924063 Fri, 2024-02-16 21[43acaf1d03526119c8ea97736b21acd0ed00304044ec2b70a355b22c7ec54965] nas2-2024-02-23T19:10:29.203961 Fri, 2024-02-23 19:[80576cc7ba767ba85887f0f330db6e4423d71c95e45fb35fae460127a830a50c] summary: /etc/borgmatic/config.yaml: Configuration sections (like location: and storage:) are deprecated and support will be removed from a future release. To prepare for this, move your options out of sections to the global scope. /etc/borgmatic/config.yaml: The checks option now expects a list of key/value pairs. Lists of strings for this option are deprecated and support will be removed from a future release. /etc/borgmatic/config.yaml: The repositories option now expects a list of key/value pairs. Lists of strings for this option are deprecated and support will be removed from a future release. ` Now without password prompt. I try the next backup with this config.yaml
witten commented 2024-02-26 23:21:03 +00:00
Owner
Copy Link

Oh, good find! Yeah, if it's using a different SSH key that doesn't correspond to the passwordless config on the server, you will get an SSH password prompt. So if you do want to use that SSH key for whatever reason, you'll need its corresponding authorized_keys entry on the server.

Oh, good find! Yeah, if it's using a different SSH key that doesn't correspond to the passwordless config on the server, you will get an SSH password prompt. So if you _do_ want to use that SSH key for whatever reason, you'll need its corresponding `authorized_keys` entry on the server.
barnybla commented 2024-02-27 17:17:04 +00:00
Author
Copy Link

you are right, it was the wrong SSH Key path in the config.yaml. For a while I changed the key, and I have forgotten to change the path.

Thanks for helping!

Bernd

you are right, it was the wrong SSH Key path in the config.yaml. For a while I changed the key, and I have forgotten to change the path. Thanks for helping! Bernd
👍 1
witten commented 2024-02-27 17:18:11 +00:00
Owner
Copy Link

Glad to hear that did it!

Glad to hear that did it!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
spot-check
1.8.10
1.8.9
1.8.8
1.8.7
1.8.6
1.8.5
1.8.4
1.8.3
1.8.2
1.8.1
1.8.0
1.7.15
1.7.14
1.7.13
1.7.12
1.7.11
1.7.10
1.7.9
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.24
1.5.23
1.5.22
1.5.21
1.5.20
1.5.19
1.5.18
1.5.17
1.5.16
1.5.15
1.5.14
1.5.13
1.5.12
1.5.11
1.5.10
1.5.9
1.5.8
1.5.7
1.5.7.dev0
1.5.6
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.5.0
1.4.22
1.4.21
1.4.20
1.4.19
1.4.18
1.4.17
1.4.16
1.4.15
1.4.14
1.4.13
1.4.12
1.4.11
1.4.10
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.21
1.3.20
1.3.19
1.3.18
1.3.17
1.3.16
1.3.15
1.3.14
1.3.13
1.3.12
1.3.11
1.3.10
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.18
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.15
1.1.14
1.1.13
1.1.12
1.1.11
1.1.10
1.1.9
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0
0.1.8
0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
0.0.2
Labels
Clear labels   
bug

   
data loss

   
design finalized

   
good first issue

   
new feature area

   
question / support

   
security

   
waiting for response
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: borgmatic-collective/borgmatic#833
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?