Ssh – Duplicity error: BackendException: ssh connection to SERVER_IP:22 failed: Unknown server SERVER_IP

debiandebian-wheezyduplicitysftpssh

I'm trying to setup a backup system with Duplicity. I have a server that I want to backup to another SFTP server.

If I try to connect via sftp it works fine:

    root@SERVER:~# sftp user@SFTP_IP
    user@SFTP_IP's password: 
    Connected to SFTP_IP.
    sftp>

But when I try using Duplicity:

    root@SERVER:~# duplicity /etc sftp://user@SFTP_IP//
    BackendException: ssh connection to SFTP_IP:22 failed: Unknown server SFTP_IP

I've tried following the only instructions regarding this problem I found on the net:
http://tom.meinlschmidt.org/2014/04/24/duplicity-backendexception-ssh-connection-to-server22-failed-unknown-server/

However it didn't work and since the author gives almost no details about what causes the issue, only that's it's probably paramiko, I cannot figure out what to do.

My configuration is as follows:

    root@SERVER:~# lsb_release -a
    No LSB modules are available.
    Distributor ID: Debian
    Description:    Debian GNU/Linux 7.7 (wheezy)
    Release:    7
    Codename:   wheezy

    root@SERVER:~# ssh -V
    OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013

    root@SERVER:~# duplicity -V
    duplicity 0.6.18

    root@SERVER:~# python -c "import paramiko; print paramiko.__version__"
    1.7.7.1 (George)

EDIT1: Ok the problem doesn't seem to come strictly from paramiko since a simple paramiko sftp demo program from 2013 (github-link) manages to connect just fine.

EDIT2: I had this problem on a server with an almost brand-new install of Wheezy, I installed an Ubuntu 14.04 (with OpenSSH_6.6.1p1 and paramiko 1.10.1) on it and Duplicity (0.6.23) works fine.

Best Answer

Ok, I have fooled around some more with the python code. @lxio you are right, this is not really a bug from Paramiko or Duplicity but it seems the known_hosts system seems to be a bit inconsistent (and unclear), but I finally got it working.

I used ssh myhost -p 2323 to accept the signature, but this method does not seem to store the specific port value in the known_hosts list (thus is Paramiko refusing to connect, because it thinks the fingerprint is of myhost:21. I have still no correct to add the key via bash, but I know how to add the fingerprint to the known_hosts file via Paramiko to ensure it will connect to the correct host in the future.

We are going to add the key via Paramiko to the known_hosts file:

  1. Edit /usr/share/pyshared/duplicity/backends/sshbackend.py:

Add before keyfilename=None:

self.client.load_host_keys("/root/.ssh/known_hosts")
self.client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

(/root/ is the userdir here, this might be different for you).

  1. Execute a sync commando with Duplicity (where you use the host). Now Paramiko will add the ssh fingerprint to your known_hosts.

  2. Remove all edits you made to your sshbackend.py and save the file.

You can verify it by using cat /root/.ssh/known_hosts. You will see [myhost]:2323 ssh-rsa ....

Related Topic