sftp backend ssh options

Asked by Simon on 2018-06-21

I'd like to backup to a host via sftp using ProxyCommand:

duplicity --ssh-options='--oProxyCommand=ssh -q -W %h:%p user@gatekeeper' /path/to/src paramiko+sftp://user@host//path/to/dst

It seems that -ssh-options is completely ignored. Also if I try to change the port instead, it still attempts to connect to port 22.

Why aren't the settings in ~/.ssh/config used by duplicity?

Question information

Language:
English Edit question
Status:
Answered
For:
Duplicity Edit question
Assignee:
No assignee Edit question
Last query:
2018-06-21
Last reply:
2019-03-02
edso (ed.so) said : #1

On 21.06.2018 10:27, Simon wrote:
> New question #670362 on Duplicity:
> https://answers.launchpad.net/duplicity/+question/670362
>
> I'd like to backup to a host via sftp using ProxyCommand:
>
> duplicity --ssh-options='--oProxyCommand=ssh -q -W %h:%p user@gatekeeper' /path/to/src paramiko+sftp://user@host//path/to/dst
>
> It seems that -ssh-options is completely ignored. Also if I try to change the port instead, it still attempts to connect to port 22.
>
> Why aren't the settings in ~/.ssh/config used by duplicity?
>

paramiko is a python native ssh implementation and as such does not support the same parameters as the openssh binary does. see http://duplicity.nongnu.org/duplicity.1.html
"
--ssh-options options
Allows you to pass options to the ssh backend.
..SNIP..

NOTE: The ssh paramiko backend currently supports only the -i or -oIdentityFile setting. If needed provide more host specific options via ssh_config file.
"

what and if a setting from ssh_config is used by paramiko needs to be investigated by yourself. i know some are, but am not sure that they support all.

if you really need to use --oProxyCommand consider using pexpect+sftp// and make sure that the parameter is properly quote wrapped as it is inserted into the ssh command line. eg.
  '--oProxyCommand="ssh -q -W %h:%p user@gatekeeper"'

..ede/duply.net

edso (ed.so) said : #2

On 21.06.2018 10:57, edso wrote:
> paramiko is a python native ssh implementation and as such does not support the same parameters

ok, that's misleading. the configuration itself is different while the options should be there for the most part. if you are interested you can see how the command line parameter is mapped to the paramiko option in
  https://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/view/head:/duplicity/backends/ssh_paramiko_backend.py#L196
.

..ede/duply.net

I'd like to backup via sftp going through an http proxy as well.
Apparently Paramiko.connect has a "socket" parameter that could be used therefore.
See https://docs.paramiko.org/en/2.4/api/client.html
That parameter would receive its value from Paramiko.ProxyCommand() as explained here:
https://www.programcreek.com/python/example/52881/paramiko.ProxyCommand

Hoping that this would help using the ProxyCommand of the OpenSSH config.

edso (ed.so) said : #4

On 01.03.2019 14:17, Peter Unthahorsten wrote:
> Question #670362 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/670362
>
> Peter Unthahorsten proposed the following answer:
> I'd like to backup via sftp going through an http proxy as well.
> Apparently Paramiko.connect has a "socket" parameter that could be used therefore.
> See https://docs.paramiko.org/en/2.4/api/client.html
> That parameter would receive its value from Paramiko.ProxyCommand() as explained here:
> https://www.programcreek.com/python/example/52881/paramiko.ProxyCommand
>
> Hoping that this would help using the ProxyCommand of the OpenSSH
> config.
>

Peter,

seems not to be implemented in
  https://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/view/head:/duplicity/backends/ssh_paramiko_backend.py

two ways to go.

A.
try to add it locally and provide a patch or even better a bzr branch.

or

B.
use the legacy pexpect+sftp:// backend utilizing cmd line ssh binaries which should support proxying out of the box.

..ede/duply.net

Can you help with this problem?

Provide an answer of your own, or ask Simon for more information if necessary.

To post a message you must log in.