New SFTP backend uses outdated paramiko, breaks connection to server even with --use-scp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Duplicity |
Fix Released
|
Undecided
|
Unassigned | ||
duplicity (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
We recently tried updating from duplicity 0.6.17 to 0.6.18 on Gentoo.
The SSH backend now makes uses of paramiko to establish a sftp connection.
This is a problem because the paramiko library do not support ECDSA authentication, and because of that complains:
BackendException: ssh connection to x failed: Unknown server x
That is because there is no RSA or DSA key for server x in ~/.ssh/known_hosts. This shouldn't be a problem with --use-scp flag, however file sshbackend.py shows that it is indeed: check for self.client.connect happens before any check for globals.use_scp is done.
We solved this temporarily via:
ssh -o <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>
Now it fails with another error:
BackendException: ssh connection to x failed: No authentication methods available
UPDATE: the documentation states that --use-scp allows duplicity to use scp. I had assumed it was in the way it used to be, but it seems not. I guess in the meantime the only option for us will be to downgrade duplicity in wait for a fix to this.
Changed in duplicity (Ubuntu): | |
status: | Confirmed → Fix Released |
I am getting the same message despite as far as I can tell the remote server does not use ECDSA authentication, at least the keys in known_hosts are both ssh-rsa after I sftp there by hand.