Cannot mount Hetzner storage box for backups using SSHFS

jdaviescoates

@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:

@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:

Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.

Ah, OK. I've got that set-up but I've only ever used CIFS and not SSHFS so not sure what you have to do myself sorry.

Ah, but Girish gave instructions above in this very thread!

As @robi said if you don't have ssh-keygen installed, install it.

boydaihungst

For me. It's silly. All the guide is out of date. With new created storage box, there isn't sub dir and ssh pub key is not yet allowed in storage box and storage box's pub isn't in my pc known_hosts, I have to add my pub key to storage and run sshfs command once time to get pub key of storage box. So because of new user without subdirectory, the "remote dir path" after colon should be RELATIVE path or empty "" in this case not "/". uxxxxxx@uxxxxxx.your-storagebox.de: /mnt/local/mount/path -o port=23,IdentifyFile=/home/username/.ssh/id_rsa ....

SansGuidon

Hey folks
I recently struggled a bit with those steps as well, but it was because I had set a passphrase for my SSH keys at creation time and Cloudron does not prompt for that anywhere.
Is that in the plans for the future @girish ?

Thanks !

girish

@SansGuidon how would automatic mounting on boot work if the ssh key had a passphrase? If you put the password in clear text in a config file, it's probably more insecure than having no password at all (especially if you reuse passwords or a part of it...).

SansGuidon

@girish it could be an option to do it manually the first time for security reasons, with login keyring asked once.
I mean I'd like that the option is at least given , and of course not hardcoding the passphrase in the form.

girish

@SansGuidon yeah, maybe. Have to investigate Feel free to open a thread in https://forum.cloudron.io/category/97/feature-requests and we can see how much interest is there.

jdaviescoates

@girish said in Cannot mount Hetzner storage box for backups using SSHFS:

@SansGuidon how would automatic mounting on boot work if the ssh key had a passphrase?

It wouldn't. But I've got the same problem.

I've already got a pair of SSH keys (with a passphrase) that I can successfully use to login to both my Storage Box and my VPS.

But of course this doesn't work for the Backup set-up because it requires a passphrase.

So, how can I create an additional set of non-passphrase keys just for use with the Storage Box?

Thanks!

nebulon

You should be able to follow the docs at https://docs.hetzner.com/storage/storage-box/backup-space-ssh-keys for generating and using new keys.

jdaviescoates

@nebulon thanks but those Hetzner docs just aren't clear nor detailed enough and having read them lots of times I'm still none the wiser.

It says:

Warning: With the default settings, using ssh-keygen will overwrite an existing SSH key! As an alternative, with the parameter -f, you can specify a different file path.

But that just isn't enough detail for me.

It isn't at all clear about how to create/ add an additional pair of ssh-keys whilst keeping the existing ones intact.

nebulon

So you would create a new key pair with ssh-keygen -f ./newkey at least on linux. When prompted for a password, just press enter. Then you have the keypair in the current working directory where you ran that command.

From there you can upload the public portion of the key as mentioned in the hetzner docs and use the private key for your Cloudron configs.

jdaviescoates

@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:

It says:

Warning: With the default settings, using ssh-keygen will overwrite an existing SSH key! As an alternative, with the parameter -f, you can specify a different file path.

But that just isn't enough detail for me.

It isn't at all clear about how to create/ add an additional pair of ssh-keys whilst keeping the existing ones intact.

OK, I had a play around and I've managed to do it:

On my local machine I did this:

ssh-keygen -f /home/josef/.ssh-storage/id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/josef/.ssh-storage/id_rsa
Your public key has been saved in /home/josef/.ssh-storage/id_rsa.pub

Then I copied the public key i.e. ~/.ssh-storage/id_rsa.pub up to my Hetzner Storage Box by doing this:

cat ~/.ssh-storage/id_rsa.pub | ssh -p23 uxxxxxx@uxxxxxx.your-storagebox.de install-ssh-key
uxxxxxx@uxxxxxx.your-storagebox.de's password: 
Key No. 1 (ssh-rsa josef@josef-ThinkPad-T510) was installed in RFC4716 format
Key No. 1 (ssh-rsa josef@josef-ThinkPad-T510) was installed in OpenSSH format

Then I copied the contents of the private key i.e. ~/.ssh-storage/id_rsa into the private key box in the Cloudron backup configuration:

And then it worked - hooray!

jdaviescoates

@nebulon thanks. This was on a new Cloudron that still had default file system backups at /var/backups - now I've got this set-up and working OK I guess I can now completely delete that backups folder?

nebulon

yes you can clear out the /var/backups folder

jdaviescoates

@nebulon thanks, just to be doubly clear can I completely delete that /var/backups folder, or just delete it's contents? thanks!

nebulon

Just purge contents of the folder or delete the folder and recreate it with the same permissions. Other bits of Linux sometimes put logs there.