Cannot mount Hetzner storage box for backups using SSHFS
-
@avatar1024 Had to try it myself to understand it.
- I generated OpenSSH keys using
ssh-keygenon my PC. - SFTP'ed the keys as suggested by - https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys/#uploading-authorized_keys .
- Because, we are using OpenSSH keys, we should use port 23. So, I tested it:
$ ssh -p 23 -i /tmp/storage_rsa xx@xx.your-storagebox.de The authenticity of host '[xx.your-storagebox.de]:23 ([116.202.54.208]:23)' can't be established. ED25519 key fingerprint is SHA256:XqONwb1S0zuj5A1CDxpOSuD2hnAArV1A3wKY7Z3sdgM. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[xx.your-storagebox.de]:23,[116.202.54.208]:23' (ED25519) to the list of known hosts. PTY allocation request failed on channel 0 +-------------------------------------------------------------------------------+ | Your authentication works but we do not support interactive logins. | | For more information on how to access your Storage Box please check our Docs: | | https://docs.hetzner.com/robot/storage-box/access/access-ssh-rsync-borg | +-------------------------------------------------------------------------------+ Connection to xx.your-storagebox.de closed.Nice, so the hetzner setup works.
Now, for Cloudron side:
The key part is that the Remote Directory is
/home. That took a bit of diving into their docs but I finally found that it was/homefrom the output at https://docs.hetzner.com/robot/storage-box/access/access-ssh-rsync-borg/#sftp
@girish
I tried this exact same setup. I was able to connect to the storage via SFTP and my SSH key and I copied my private SSH key as instructed to Cloudron.When I now try to save the backup settings using SSHFS it keeps working and never finishes. The log says
Jan 14 11:40:33 box:shell addMount spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/addmount.sh [Unit]\nDescription=backup\n\nRequires=unbound.service\nAfter=unbound.service\nBefore=docker.service\n\n\n[Mount]\nWhat=uxxxxx@uxxxxx.your-storagebox.de:/\nWhere=/mnt/cloudronbackup\nOptions=allow_other,port=23,IdentityFile=/home/yellowtent/platformdata/sshfs/id_rsa_uxxxxx.your-storagebox.de,StrictHostKeyChecking=no,reconnect\nType=fuse.sshfs\n\n[Install]\nWantedBy=multi-user.target\n\n 10 Jan 14 11:40:44 box:shell addMount (stdout): Failed to mount Jan 14 11:40:44 box:shell addMount code: 3, signal: null Jan 14 11:42:04 box:shell removeMount spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/rmmount.sh /mnt/cloudronbackupNot sure what else I can try.
Edit: magically and waiting one night it works now.
- I generated OpenSSH keys using
-
I'm sorry to reopen this, but I've been trying to connect Hetzner volumes and I'm stuck with the key-gen command at the server. I'm pretty sure there's something I'm understanding poorly, but I would like to connect the Volumes with my Cloudron instance, but there's no way I can run key-gen on the Volumes via SSH to get them connected.
XXXXXXXX /home > ssh-keygen Command not found. Use 'help' to get a list of available commands. XXXXXXXX /home > help +-----------------------------------------------------------------------------+ | The following commands are available: | | ls list directory content | | tree list directory content | | cd change current working directory | | pwd show current working directory | | mkdir create new directory | | rmdir delete directory | | du disk usage of files/directories | | df show disk usage | | dd read and write files | | cat output file content | | touch create new file | | cp copy files/directories | | rm delete files/directories | | unlink delete file/directory | | mv move files/directories | | chmod change file/directory permissions | | md5|sha1|sha256|sha512 create hash sum of file | | md5sum|sha1sum|sha256sum|sha512sum create hash sum of file | | head show first lines of file | | tail show last lines of file | | grep search for specific string in files | | stat stat files/directory | | | | Available as server side backend: | | borg | | rsync | | scp | | sftp | | rclone serve restic --stdio | | | | Please note that this is only a restricted shell which do not | | support shell features like redirects or pipes. | | | | You can find more information in our Docs: | | https://docs.hetzner.com/robot/storage-box/ | +-----------------------------------------------------------------------------+ XXXXXXXX /home > -
@robi said in Cannot mount Hetzner storage box for backups using SSHFS:
It doesn't appear that package exists on your server. Install it first.
What I'm showing is the prompt logged on Hetzner Volumes, not a server
-
@robi said in Cannot mount Hetzner storage box for backups using SSHFS:
It doesn't appear that package exists on your server. Install it first.
What I'm showing is the prompt logged on Hetzner Volumes, not a server
@chetbaker Okay, then you can't generate the keys from there. Do it on your server and transfer the keys where you need them.
I'm sure they have a guide for this somewhere.
-
@robi said in Cannot mount Hetzner storage box for backups using SSHFS:
It doesn't appear that package exists on your server. Install it first.
What I'm showing is the prompt logged on Hetzner Volumes, not a server
@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Hetzner Volumes
Hetzner Cloud Volumes are a very different product to their Storage Boxes.
I don't think you can access them in the same way.
You can definitely use them as a Cloudron Volume though. I think you just have to mount them on your VPS server using fstab first.
-
@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Hetzner Volumes
Hetzner Cloud Volumes are a very different product to their Storage Boxes.
I don't think you can access them in the same way.
You can definitely use them as a Cloudron Volume though. I think you just have to mount them on your VPS server using fstab first.
@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:
@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Hetzner Volumes
Hetzner Cloud Volumes are a very different product to their Storage Boxes.
I don't think you can access them in the same way.
You can definitely use them as a Cloudron Volume though. I think you just have to mount them on your VPS server using fstab first.
Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.
-
@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:
@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Hetzner Volumes
Hetzner Cloud Volumes are a very different product to their Storage Boxes.
I don't think you can access them in the same way.
You can definitely use them as a Cloudron Volume though. I think you just have to mount them on your VPS server using fstab first.
Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.
@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.
Ah, OK. I've got that set-up but I've only ever used CIFS and not SSHFS so not sure what you have to do myself sorry.
-
I'm sorry to reopen this, but I've been trying to connect Hetzner volumes and I'm stuck with the key-gen command at the server. I'm pretty sure there's something I'm understanding poorly, but I would like to connect the Volumes with my Cloudron instance, but there's no way I can run key-gen on the Volumes via SSH to get them connected.
XXXXXXXX /home > ssh-keygen Command not found. Use 'help' to get a list of available commands. XXXXXXXX /home > help +-----------------------------------------------------------------------------+ | The following commands are available: | | ls list directory content | | tree list directory content | | cd change current working directory | | pwd show current working directory | | mkdir create new directory | | rmdir delete directory | | du disk usage of files/directories | | df show disk usage | | dd read and write files | | cat output file content | | touch create new file | | cp copy files/directories | | rm delete files/directories | | unlink delete file/directory | | mv move files/directories | | chmod change file/directory permissions | | md5|sha1|sha256|sha512 create hash sum of file | | md5sum|sha1sum|sha256sum|sha512sum create hash sum of file | | head show first lines of file | | tail show last lines of file | | grep search for specific string in files | | stat stat files/directory | | | | Available as server side backend: | | borg | | rsync | | scp | | sftp | | rclone serve restic --stdio | | | | Please note that this is only a restricted shell which do not | | support shell features like redirects or pipes. | | | | You can find more information in our Docs: | | https://docs.hetzner.com/robot/storage-box/ | +-----------------------------------------------------------------------------+ XXXXXXXX /home >@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Please note that this is only a restricted shell
It says as much that it is a restricted shell. Not sure how to generate keys though, maybe a question for hetzner support.
-
@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.
Ah, OK. I've got that set-up but I've only ever used CIFS and not SSHFS so not sure what you have to do myself sorry.
@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:
@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:
Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.
Ah, OK. I've got that set-up but I've only ever used CIFS and not SSHFS so not sure what you have to do myself sorry.
Ah, but Girish gave instructions above in this very thread!
As @robi said if you don't have ssh-keygen installed, install it.
-
For me. It's silly. All the guide is out of date. With new created storage box, there isn't sub dir and ssh pub key is not yet allowed in storage box and storage box's pub isn't in my pc known_hosts, I have to add my pub key to storage and run sshfs command once time to get pub key of storage box. So because of new user without subdirectory, the "remote dir path" after colon should be RELATIVE path or empty "" in this case not "/". uxxxxxx@uxxxxxx.your-storagebox.de: /mnt/local/mount/path -o port=23,IdentifyFile=/home/username/.ssh/id_rsa ....
-
J joseph referenced this topic on
-
Hey folks
I recently struggled a bit with those steps as well, but it was because I had set a passphrase for my SSH keys at creation time and Cloudron does not prompt for that anywhere.
Is that in the plans for the future @girish ?Thanks !
-
@SansGuidon how would automatic mounting on boot work if the ssh key had a passphrase? If you put the password in clear text in a config file, it's probably more insecure than having no password at all (especially if you reuse passwords or a part of it...).
-
@girish it could be an option to do it manually the first time for security reasons, with login keyring asked once.
I mean I'd like that the option is at least given
, and of course not hardcoding the passphrase in the form. -
@SansGuidon yeah, maybe. Have to investigate
Feel free to open a thread in https://forum.cloudron.io/category/97/feature-requests and we can see how much interest is there. -
@SansGuidon how would automatic mounting on boot work if the ssh key had a passphrase? If you put the password in clear text in a config file, it's probably more insecure than having no password at all (especially if you reuse passwords or a part of it...).
@girish said in Cannot mount Hetzner storage box for backups using SSHFS:
@SansGuidon how would automatic mounting on boot work if the ssh key had a passphrase?
It wouldn't. But I've got the same problem.
I've already got a pair of SSH keys (with a passphrase) that I can successfully use to login to both my Storage Box and my VPS.
But of course this doesn't work for the Backup set-up because it requires a passphrase.
So, how can I create an additional set of non-passphrase keys just for use with the Storage Box?
Thanks!
-
You should be able to follow the docs at https://docs.hetzner.com/storage/storage-box/backup-space-ssh-keys for generating and using new keys.
@nebulon thanks but those Hetzner docs just aren't clear nor detailed enough and having read them lots of times I'm still none the wiser.
It says:
Warning: With the default settings, using ssh-keygen will overwrite an existing SSH key! As an alternative, with the parameter -f, you can specify a different file path.
But that just isn't enough detail for me.
It isn't at all clear about how to create/ add an additional pair of ssh-keys whilst keeping the existing ones intact.
-
So you would create a new key pair with
ssh-keygen -f ./newkeyat least on linux. When prompted for a password, just press enter. Then you have the keypair in the current working directory where you ran that command.From there you can upload the public portion of the key as mentioned in the hetzner docs and use the private key for your Cloudron configs.
-
@nebulon thanks but those Hetzner docs just aren't clear nor detailed enough and having read them lots of times I'm still none the wiser.
It says:
Warning: With the default settings, using ssh-keygen will overwrite an existing SSH key! As an alternative, with the parameter -f, you can specify a different file path.
But that just isn't enough detail for me.
It isn't at all clear about how to create/ add an additional pair of ssh-keys whilst keeping the existing ones intact.
@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:
It says:
Warning: With the default settings, using ssh-keygen will overwrite an existing SSH key! As an alternative, with the parameter -f, you can specify a different file path.But that just isn't enough detail for me.
It isn't at all clear about how to create/ add an additional pair of ssh-keys whilst keeping the existing ones intact.
OK, I had a play around and I've managed to do it:
On my local machine I did this:
ssh-keygen -f /home/josef/.ssh-storage/id_rsa Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/josef/.ssh-storage/id_rsa Your public key has been saved in /home/josef/.ssh-storage/id_rsa.pubThen I copied the public key i.e.
~/.ssh-storage/id_rsa.pubup to my Hetzner Storage Box by doing this:cat ~/.ssh-storage/id_rsa.pub | ssh -p23 uxxxxxx@uxxxxxx.your-storagebox.de install-ssh-key uxxxxxx@uxxxxxx.your-storagebox.de's password: Key No. 1 (ssh-rsa josef@josef-ThinkPad-T510) was installed in RFC4716 format Key No. 1 (ssh-rsa josef@josef-ThinkPad-T510) was installed in OpenSSH formatThen I copied the contents of the private key i.e.
~/.ssh-storage/id_rsainto the private key box in the Cloudron backup configuration:
And then it worked - hooray!
