我想使用 duplicity 创建加密的远程备份。SSH 密钥已到位并可用:
sudo -u ssh-user -p 41111 domain.myfritz.net
打开远程主机上的终端。登录无需密码,因为我创建了这些登录名以便通过脚本进行连接。
还:
sudo -u ssh-user duplicity -v 5 --encrypt-key=*keyid* /path/to/local scp://123.456.789.012:41111//path/to/backup
效果非常好!但是:
sudo -u ssh-user duplicity -v 5 --encrypt-key=*keyid* /path/to/local scp://domain.myfritz.net:41111//path/to/backup
失败了。顺便说一句,我当然也用过[电子邮件保护]和[电子邮件保护],总是与 sudo -u 结合使用,没有区别。
使用 -v 5 时会显示以下内容(使用带有 IP 的命令时不会出现这种情况!):
Using temporary directory /tmp/duplicity-H9igFH-tempdir
Backend error detail: Traceback (most recent call last):
File "/usr/bin/duplicity", line 1553, in <module>
with_tempdir(main)
File "/usr/bin/duplicity", line 1547, in with_tempdir
fn()
File "/usr/bin/duplicity", line 1382, in main
action = commandline.ProcessCommandLine(sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py", line 1126, in ProcessCommandLine
backup, local_pathname = set_backend(args[0], args[1])
File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py", line 1015, in set_backend
globals.backend = backend.get_backend(bend)
File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 223, in get_backend
obj = get_backend_object(url_string)
File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 209, in get_backend_object
return factory(pu)
File "/usr/lib/python2.7/dist-packages/duplicity/backends/ssh_paramiko_backend.py", line 235, in __init__
self.config['port'], e))
BackendException: ssh connection to [email protected]:41111 failed: [Errno 13] Permission denied
我尝试理解(!)并使用:--scp-command ssh;pexpect+scp;将我的 ssh_config 更改为接受所有主机密钥;--ssh-option“-op 41111”等,以避免端口问题和 paramiko,因为这似乎是一个问题。但这没有帮助……myfritz.net 是我的路由器制造商(Fritz!Box)提供的 DDNS 服务,运行良好 - 从我的本地机器使用 putty 登录和 ssh 登录没有任何问题。对域执行 ping 操作,IP 几乎同时返回。有人可以尝试帮忙吗?我当然可以编写一个脚本来 ping 远程服务器并使用该 IP,但这似乎很奇怪。
本地:OpenSSH_7.4p1 Debian-10+deb9u6,OpenSSL 1.0.2r 2019 年 2 月 26 日 duplicity 0.7.11
远程(domain.myfritz.net):OpenSSH_7.4p1 Raspbian-10+deb9u5,OpenSSL 1.0.2q 2018 年 11 月 20 日
谢谢阅读!
编辑BarsMonster的回答:
谢谢你的回答!虽然 ping 返回了正确的 IP 地址,但我手动将 IP 地址添加到 /etc/hosts(test.test.de 现在链接到了正确的 IP)。现在 ssh 连接成功了,但出现了一个新问题:
ssh: Connected (version 2.0, client OpenSSH_7.4p1)
ssh: Authentication (publickey) successful!
Main action: inc
================================================================================
duplicity 0.7.11 (December 31, 2016)
Args: /usr/bin/duplicity -v 5 --encrypt-key=REDACTED /REDACTED scp://[email protected]:41111/REDACTED Linux odroidhc2 4.14.94-odroidxu4 #14 SMP PREEMPT Fri Feb 8 11:14:13 CET 2019 armv7l
/usr/bin/python 2.7.13 (default, Sep 26 2018, 18:42:22)
[GCC 6.3.0 20170516]
================================================================================
Using temporary directory /tmp/duplicity-L7N_bX-tempdir
Temp has 1046974464 available, backup will use approx 272629760.
Synchronizing remote metadata to local cache...
PASSPHRASE variable not set, asking user.
GnuPG passphrase for decryption:
出现一个要求 GnuPG 解密的提示,我输入了密码。然后 GPG 抛出了一个错误:
GPG error detail: Traceback (most recent call last):
File "/usr/bin/duplicity", line 1553, in <module>
with_tempdir(main)
File "/usr/bin/duplicity", line 1547, in with_tempdir
fn()
File "/usr/bin/duplicity", line 1398, in main
do_backup(action)
File "/usr/bin/duplicity", line 1419, in do_backup
sync_archive(decrypt)
File "/usr/bin/duplicity", line 1206, in sync_archive
copy_to_local(fn)
File "/usr/bin/duplicity", line 1151, in copy_to_local
gpg.GzipWriteFile(src_iter, tdp.name, size=sys.maxsize)
File "/usr/lib/python2.7/dist-packages/duplicity/gpg.py", line 421, in GzipWriteFile
new_block = block_iter.next()
File "/usr/bin/duplicity", line 1131, in next
self.fileobj.close()
File "/usr/lib/python2.7/dist-packages/duplicity/dup_temp.py", line 226, in close
assert not self.fileobj.close()
File "/usr/lib/python2.7/dist-packages/duplicity/gpg.py", line 279, in close
self.gpg_failed()
File "/usr/lib/python2.7/dist-packages/duplicity/gpg.py", line 246, in gpg_failed
raise GPGError(msg)
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: encrypted with 3072-bit RSA key, ID REDACTED, created 2019-03-16
"My Name <[email protected]>"
gpg: decryption failed: No secret key
===== End GnuPG log =====
当我通过 IP 连接时(scp://123.456.789.012//...),它可以正常工作。无需输入密码,并且 gpg/duplicity 可以正确“掌握”情况。见下文:
ssh: Connected (version 2.0, client OpenSSH_7.4p1)
ssh: Authentication (publickey) successful!
Main action: inc
================================================================================
duplicity 0.7.11 (December 31, 2016)
Args: /usr/bin/duplicity -v 5 --encrypt-key=REDACTED /REDACTED scp://[email protected]:41111/REDACTED
Linux odroidhc2 4.14.94-odroidxu4 #14 SMP PREEMPT Fri Feb 8 11:14:13 CET 2019 armv7l
/usr/bin/python 2.7.13 (default, Sep 26 2018, 18:42:22)
[GCC 6.3.0 20170516]
================================================================================
Using temporary directory /tmp/duplicity-rmi2v3-tempdir
Temp has 1046974464 available, backup will use approx 272629760.
Local and Remote metadata are synchronized, no sync needed.
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Added incremental Backupset (start_time: Sat Mar 16 13:05:52 2019 / end_time: Sat Mar 16 13:14:34 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:14:34 2019 / end_time: Sat Mar 16 13:18:29 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:18:29 2019 / end_time: Sat Mar 16 13:20:33 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:20:33 2019 / end_time: Sat Mar 16 13:27:07 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:27:07 2019 / end_time: Sat Mar 16 13:28:15 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:28:15 2019 / end_time: Sat Mar 16 13:28:47 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:28:47 2019 / end_time: Sat Mar 16 13:29:03 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:29:03 2019 / end_time: Sat Mar 16 17:28:58 2019)
Added incremental Backupset (start_time: Sat Mar 16 17:28:58 2019 / end_time: Sat Mar 16 17:43:03 2019)
Added incremental Backupset (start_time: Sat Mar 16 17:43:03 2019 / end_time: Sat Mar 16 17:45:53 2019)
Last full backup date: Sat Mar 16 13:05:52 2019
Processing local manifest REDACTED
Found 1 volumes in manifest
Fatal Error: Backup source directory has changed.
Current directory: /REDACTED
Previous directory: REDACTED
Aborting because you may have accidentally tried to backup two different data sets to the same remote location, or using the same archive directory. If this is not a mistake, use the --allow-source-mismatch switch to avoid seeing this message
最后一个警告其实是正确的。我在远程服务器上使用 duplicity 加密了一个小型测试文件夹。我的目标是加密完整的远程备份(已到位,由 rsync 完成),并使用 duplicity 添加加密的新数据。
答案1
唯一的解释可能是您期望的已解析(缓存)域名和 IP 地址不匹配。因此,当您通过域名连接时,您将连接到不同的服务器。
请仔细检查 ping 域是否为您提供了您期望的服务器,并且此 IP 地址与您知道正常工作的 IP 地址相匹配。如果您的路由器设置中有端口转发 - 您还需要仔细检查(即您是否在家庭网络之外,还是全部在内部)。
如果这没有显示问题 -
1) 尝试添加 /etc/hosts 条目,以便将某个测试域解析为您的目标 IP,然后尝试连接到此测试域。2) 尝试添加 /etc/hosts 条目,以便将目标域 domain.myfritz.net 解析为您的目标 IP。如果这有帮助 - 那么这肯定是解析器的问题。3) 调查网络内部行为的差异(使用 NAT 后面的目标服务器的本地 IP)和从外部连接时的行为差异(例如使用蜂窝网络),以验证 NAT 和端口转发是否按预期工作。