Trying to connect to SFTP storage

I’m evaluating kopia and restic. (Currently I’ve got restic working but have not had success with kopia. Restic seems good and robust but I have a slight concern about the time it takes to prune snapshots)

I have 200GB possibly rising to 1TB to backup, from multiple hosts. My current strategy is buying SFTP-accessible space (from Hetzner, what they call a “storage box”) becuase the space allocation can grow and shrink without the faff and risks of changing partitions, filesystems etc.

Initially I tried to get Kopia to connect to the SFTP storate, but failed. I think some of that might be bugs and some of it may be a lack of features, or it may be a lack of documentation; I’m unsure.

I’m now wondering whether the following setup might work:

  1. SFTP server (no shell access) for storage

  2. Backup server mounts (1) locally by sshfs, and runs Kopia Repository Server

  3. Mulitple client servers that need backing up connect to (2) to stow their data.

What I want to know is: do you think tihs will work? Is it sensible?

If so, I need to know that the clients (3) can be limited to creating backups - otherwise a compromised client server could delete its backups, which would not be nice!

Many thanks,

That would absolutely work, but is sort of a workaround. would encourage anybody with access to problematic SFTP hosts (which I sadly don’t have) to actually fix the underlying issues in SFTP provider. I’ll be happy to review and merge PRs but my ability to reproduce issues with these providers is limited.

Thanks, that’s good news, I may give that a go then.

I don’t think it’s a problem with the SFTP host, I think it’s a problem with kopia’s implementation; restic’s SFTP backend works just fine, the Debian sftp command lne works fine, Gnome’s GIO SFTP wrapper works fine, for example.

Or it could be a problem with my knowledge of SSH. restic works as most ssh things work on my Debian box (e.g. rsync, scp, sftp, git…) which all understand .ssh/config entries, all connect to local ssh key agents, (thereby supporting encrypted ssh keys, the local known_hosts format which uses hashed hostname/ips) etc. kopia seems to need everything provided on the command line (and unencrypted keys and unhashed known_hosts data).

So whereas with one of the other tools I’d go like git clone storagehost:repo.git or restic -r sftp:storagehost:restic-repo etc. with kopia my command looks like:

kopia repository create sftp \
  --username=username \
  --path /home/kopia-repo \
  --host=storagehost.fqdn \
  --port=23 \
  --keyfile .ssh/id_rsa
  --known-hosts-data='storagehost.fqdn, ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=='

And then I still get an error

kopia: error: can’t connect to storage: unable to dial [storagehost.fqdn:23]: &{Config:{Rand: RekeyThreshold:0 KeyExchanges: Ciphers: MACs:} User:username Auth:[0xdf47e0] HostKeyCallback:0xdf94c0 BannerCallback:
ClientVersion: HostKeyAlgorithms: Timeout:0s}: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain, try --help

There’s no option to specify the public key, does kopia generate the public key from the private key or something?

I’d rather not use a workaround if kopia can connect using its own SFTP, so any tips/help very would be very welcome :slight_smile:

Strange. Are you sure this is port 23 (telnet) and not 22 (ssh) ?

@jkowalski yep I reaslise it’s on a custom (and unusual) port.