How export BORG_PASSPHRASE in config.yaml #833
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#833
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
I have 4 borgmatic backup jobs from different servers to a Hetzner storage box. On a synology NAS I have the probleme that when I start the backup over a bash script or I call a "borgmatic list" or any other command, I get a request about the "BORG_PASSPHRASE". The other jobs works without that request. The bash script contains "export BORG_PASSPHRASE="9jyjxxxxxxF9", but it doesn't work.
On the Hetzner storage box is borg version 1.2.0, and on synology Nas is 1.2.6
`root@nas2:~# borgmatic list
ssh://u123456@u123456.your-storagebox.de:23/./backups/nas2.example.local: Listing archives
u123456@u123456.your-storagebox.de's password:
Steps to reproduce
If I make a "ssh -p 23 u123456@u123456.your-storagebox.de" I get a connetion without request off the passphrase.
Actual behavior
No response
Expected behavior
No response
Other notes / implementation ideas
No response
borgmatic version
1.8.2
borgmatic installation method
synology community package installer
Borg version
1.2.6
Python version
3.11.5
Database version (if applicable)
No response
Operating system and version
DSM 7.2-64570 Update 1
The
u123456@u123456.your-storagebox.de's password:
password prompt is almost certainly coming from SSH, not Borg, and therefore has nothing to do with your Borg passphrase! My guess is that the user account running borgmatic does not have passwordless SSH configured between your client and your server, and that's why it's asking you for a password. The solution? Set up passwordless SSH, assuming that's how you want to connect to your server. Alternatively, leave things as-is and just type your server password each time.A related note: If you'd prefer to put your
BORG_PASSPHRASE
into your borgmatic configuration file so that you don't have to set it via your bash script, then check out theencryption_passhprase
configuration option!If I make a direct connect to the storage box with "ssh -p 23 u123456@u123456.your-storagebox.de", that works without passphrase. So it couldn't come from SSH, the SSH key works without probleme.
The encryption_passhprase is set in config.yaml:
Passphrase to unlock the encryption key with. Only use on
repositories that were initialized with passphrase/repokey/keyfile
encryption. Quote the value if it contains punctuation, so it parses
correctly. And backslash any quote or backslash literals as well.
Defaults to not set.
encryption_passphrase: "9jyjxxxxxxF9"
Is it possible that the probleme are the different borg version of the NAS (1.2.6) and the storage box (1.2.0)?
I don't know what to tell you.. What you're getting is an SSH password prompt and not a Borg passphrase prompt! Is it possible that you're testing the manual
ssh
command from a different user account than the one borgmatic is running as? Or maybe there's a typo in your repository path (e.g., the username portion) in your borgmatic configuration file?Borg 1.2.6 and 1.2.0 should be totally compatible as far as I know.
all backup jobs are running as root
I removed the ssh key path from the config.yaml:
storage: # Point to your private key # ssh_command: ssh -i /volume1/borgbackup/id_synology
After that I got:
`123456@u123456.your-storagebox.de:23/./backups/nas2.example.local: Listing archives
nas2-2024-02-16T21:35:38.924063 Fri, 2024-02-16 21[43acaf1d03526119c8ea97736b21acd0ed00304044ec2b70a355b22c7ec54965]
nas2-2024-02-23T19:10:29.203961 Fri, 2024-02-23 19:[80576cc7ba767ba85887f0f330db6e4423d71c95e45fb35fae460127a830a50c]
summary:
/etc/borgmatic/config.yaml: Configuration sections (like location: and storage:) are deprecated and support will be removed from a future release. To prepare for this, move your options out of sections to the global scope.
/etc/borgmatic/config.yaml: The checks option now expects a list of key/value pairs. Lists of strings for this option are deprecated and support will be removed from a future release.
/etc/borgmatic/config.yaml: The repositories option now expects a list of key/value pairs. Lists of strings for this option are deprecated and support will be removed from a future release.
`
Now without password prompt. I try the next backup with this config.yaml
Oh, good find! Yeah, if it's using a different SSH key that doesn't correspond to the passwordless config on the server, you will get an SSH password prompt. So if you do want to use that SSH key for whatever reason, you'll need its corresponding
authorized_keys
entry on the server.you are right, it was the wrong SSH Key path in the config.yaml. For a while I changed the key, and I have forgotten to change the path.
Thanks for helping!
Bernd
Glad to hear that did it!