Kopia and SFTP repos


I wanted to use a remote SFTP server for my kopia repo and ran in to some issues setting it up.
First I read the user manual here Repositories | Kopia and then went to set up keys like the linked instructions suggests. After following the instructions I could successfully connect using ssh user@host.

When trying to create the SFTP repo however…

user@desktop:~# kopia repo create sftp --host 192.x.x.x --username user --keyfile ~/.ssh/id_rsa.pub --known-hosts ~/.ssh/known_hosts --path /mnt/user/backups/kopia-minty
kopia: error: can't connect to storage: unable to getHostKey: 192.x.x.x: no hostkey found for 192.x.x.x, try --help

No success! I did see that the topic of hashed host names have been brought up before, and there is also a mention of it in issue #500 on Github.
But what is the actual solution? Following the instructions in the docs doesn’t work. I have to add un-hashed hosts specifically for it to work. Not using ssh-keyscan option -H.

From ssh-keygen manpage:

-H’ Hash all hostnames and addresses in the output. Hashed names may be used normally by ssh and sshd, but they do not reveal identifying information should the file’s contents be disclosed.

So I used the below command:

user@desktop:~# ssh-keyscan 192.x.x.x >> ~/.ssh/known_hosts
# 192.x.x.x:22 SSH-2.0-OpenSSH_8.1
# 192.x.x.x:22 SSH-2.0-OpenSSH_8.1
# 192.x.x.x:22 SSH-2.0-OpenSSH_8.1
# 192.x.x.x:22 SSH-2.0-OpenSSH_8.1
# 192.x.x.x:22 SSH-2.0-OpenSSH_8.1

And then it works.

user@desktop:~# kopia repo create sftp --host 192.x.x.x --username user --keyfile ~/.ssh/id_rsa.pub --known-hosts ~/.ssh/known_hosts --path /mnt/user/backups/kopia-minty
Enter password to create new repository: 
Re-enter password for verification: 
Initializing repository with:
  block hash:          BLAKE2B-256-128
  encryption:          AES256-GCM-HMAC-SHA256
  splitter:            DYNAMIC-4M-BUZHASH
Connected to repository.

Also from the documentation

If the connection to SFTP server does not work, try adding --external which will launch external ssh process, which supports more connectivity options which may be needed for some hosts.

What does this mean?

Will there be support for hashed host names in known_hosts?

Thanks for creating kopia! It really is a great backup tool. :wink:

SFTP has been contributed to the codebase by an external developer, I don’t personally use it and maintaining it and without knowing all the use cases (or ability to test more complex cases) is challenging for me. I would love if somebody could take ownership of improvements like this going forward. I’ll be happy to review and merge PRs.

1 Like