kopia: Cant create SFTP repository. Kopia does not support ed25519 keys
Newbie here. Trying to configure a SFTP repoository using KopiaUI in Windows server 2012r2 I’m getting this error:
Connect Error: INTERNAL: internal server error: unable to open SFTP storage: error establishing connecting: unable to dial [myhost:20021]: &ssh.ClientConfig{Config:ssh.Config{Rand:io.Reader(nil), RekeyThreshold:0x0, KeyExchanges:[]string(nil), Ciphers:[]string(nil), MACs:[]string(nil)}, User:"myuser", Auth:[]ssh.AuthMethod{(ssh.passwordCallback)(0x1015520)}, HostKeyCallback:(ssh.HostKeyCallback)(0x10119e0), BannerCallback:(ssh.BannerCallback)(nil), ClientVersion:"", HostKeyAlgorithms:[]string(nil), Timeout:0}: ssh: handshake failed: knownhosts: key mismatch
I’ve created the know_hosts file using openSSH.
Trying to create the repository using CLI in windows makes the same result:
C:\Users\Administrador\AppData\Local\Programs\KopiaUI\resources\server>kopia repository create sftp --path=kopia/docs --host=myhost --port=20021 --username=myuser --sftp-password=mypass --known-hosts="C:\Users\Administrador\.ssh\known_hosts"
ERROR can't connect to storage: unable to open SFTP storage: error establishing connecting: unable to dial [myhost:20021]: &ssh.ClientConfig{Config:ssh.Config{Rand:io.Reader(nil), RekeyThreshold:0x0, KeyExchanges:[]string(nil), Ciphers:[]string(nil), MACs:[]string(nil)}, User:"myuser", Auth:[]ssh.AuthMethod{(ssh.passwordCallback)(0x1015520)}, HostKeyCallback:(ssh.HostKeyCallback)(0x10119e0), BannerCallback:(ssh.BannerCallback)(nil), ClientVersion:"", HostKeyAlgorithms:[]string(nil), Timeout:0}: ssh: handshake failed: knownhosts: key mismatch
So why this key mismatch? How to get the “right” host key for kopia?
About this issue
- Original URL
- State: open
- Created 2 years ago
- Comments: 25 (1 by maintainers)
I’m really glad you both managed to get it working!
Unfortunately the issues I mentioned a few comments back are still there. It shouldn’t be necessary to move to another SFTP host just because Kopia doesn’t support ed25519 keys. Or because the external ssh option doesn’t support non-standard ports. Or, for Pete’s sake, because Kopia keeps demanding the known_hosts data even when the docs state it’s optional.
Let’s hope that one day someone will find the time and inspiration to fix these shortcomings of this great tool. Sadly I still don’t have the skills to do it myself.
Hmmm. I think you may actually have come across a shortcoming in the way Kopia’s internal ssh client handles the known_hosts data. This may have been your problem already in the first place.
I tried to figure out why your key would mismatch, and experimented a little. It turned out that Kopia doesn’t understand ssh-ed25519 keys at all, and if that’s the only key type for your host in known_hosts, Kopia will throw exactly the error you got. Other keys (at least ssh-rsa and ecdsa-sha2-nistp256 keys that I have) seem to work fine.
You could try the command
ssh-keyscan -p 20021 <your_host>, which should list all available keys for your host (don’t care about the lines beginning with a #). If there’s only an ssh-ed25519 key available, you’re probably out of luck (regarding the internal ssh client). If the list contains any other keys, copy one or all of those lines to the bottom of your known_hosts file and try to connect again.You could also use an external ssh client (as you already seem to have OpenSSH), but that requires creating a personal key file for logging into your host. That procedure has its own quirks, so let’s leave it as a last resort.
A non-standard port doesn’t seem to be a problem. That was the conclusion also in the issue you linked to. Edit: I noticed that issue actually states that you cannot use non-standard ports with an external ssh client, so there goes our “last resort” above.
As a common observation, I’m getting really tired of this whole mess that is Kopia’s mandatory known_hosts data. It’s already not easy to understand for many people, and now it seems you may not get it right even if you know what you’re doing. Could we please have this thing made optional?
I can confirm - kopia does not handle
ed25519key. Luckily my host also supports rsa key and thus I could get it to work.