Cannot mount Hetzner storage box for backups using SSHFS

avatar1024

Hello,

On one instance I've got backups issue when mounting my storage box using CIFS (we tried to debug with @nebulon but we didn't quite get to the bottom of it). One suggested solution was to mount the storage box using SSHFS instead.

Problem is, I cannot get it to work. I have set-up my ssh keys and it seems to work fine as I can login with that key pair from a terminal on my local machine via sftp.

When try connect to it via cloudron I get the following (sadly unhelpful) error message: Failed to mount (failed): Could not determine failure reason.

Things I've tried:

• set-up two type of public keys as per the hetzner doc: https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys
• tried to connect to several remote directories on the same storage box
• tried to connect with either port 22 or 23

SSH is enabled on the Hetzner storage box control panel (which is obvious otherwise I could not connect via sftp from terminal).

Has anyone tried to mount such storage via SSHFS?
Any idea what might be going wrong?

Thanks!

girish

@avatar1024 Had to try it myself to understand it.

• I generated OpenSSH keys using ssh-keygen on my PC.
• SFTP'ed the keys as suggested by - https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys/#uploading-authorized_keys .
• Because, we are using OpenSSH keys, we should use port 23. So, I tested it:

$ ssh -p 23 -i /tmp/storage_rsa xx@xx.your-storagebox.de
The authenticity of host '[xx.your-storagebox.de]:23 ([116.202.54.208]:23)' can't be established.
ED25519 key fingerprint is SHA256:XqONwb1S0zuj5A1CDxpOSuD2hnAArV1A3wKY7Z3sdgM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[xx.your-storagebox.de]:23,[116.202.54.208]:23' (ED25519) to the list of known hosts.
PTY allocation request failed on channel 0

+-------------------------------------------------------------------------------+
| Your authentication works but we do not support interactive logins.           |
| For more information on how to access your Storage Box please check our Docs: |
| https://docs.hetzner.com/robot/storage-box/access/access-ssh-rsync-borg       |
+-------------------------------------------------------------------------------+

Connection to xx.your-storagebox.de closed.

Nice, so the hetzner setup works.

Now, for Cloudron side:

The key part is that the Remote Directory is /home. That took a bit of diving into their docs but I finally found that it was /home from the output at https://docs.hetzner.com/robot/storage-box/access/access-ssh-rsync-borg/#sftp

avatar1024

@girish I mean, what can I say, other than a big THANK YOU. I'm sorry I missed the "/home" as being the root remote directory with sftp and you had to go through the bother of trying it out by yourself. It's weird they don't make it that explicit. I actually went through their docs too and went through the same steps as you did so I knew the set-up was working which is why I resorted to this forum and to you guys as a last resources (I promise I try not to ask you for help until I've exhausted my own resources ).

Now it's successfully switched to SSHFS my fingers are crossed I won't have any more backup issues (still the backup failures with CIFS are a mastery...got exactly the same set-up on two other instances and it never fails - all on the same storage box, same VPS provider, same OS, etc.).

girish

@avatar1024 No worries, it was good to test it out with our mounting code. I found that Hetzner CIFS is SMBv1 (atleast per dmesg output) which is a thing of the past. This is why CIFS mounting is not working/not reliable.

SolarSimon

Trying to connect a hetzner storagebox as Volume. I keep having the the error:
'Failed to mount (inactive): read: Connection reset by peer'

I followed the guidline: https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys/#uploading-authorized_keys

• Hetzner Robot: SSH-Support enabled
• generated the key with oppenssh, uploaded the authorized_keys file.
• SFTP is working

Any idea?

nebulon

@solarsimon are you able to manually mount this using a custom line in /etc/fstab or a sshfs mount command?

For reference in my Cloudron, which also uses Hetzner SSHFS for backups, the Cloudron generates the following systemd mount unit at /etc/systemd/system/mnt-cloudronbackup.mount:

[Unit]
Description=backup


[Mount]
What=u193526@u193526.your-storagebox.de:.
Where=/mnt/cloudronbackup
Options=allow_other,port=23,IdentityFile=/home/yellowtent/platformdata/sshfs/id_rsa_u193526.your-storagebox.de,StrictHostKeyChecking=no,reconnect
Type=fuse.sshfs

[Install]
WantedBy=multi-user.target

SolarSimon

@nebulon said in Cannot mount Hetzner storage box for backups using SSHFS:

using a custom line in /etc/fstab

From the basic knowlege i have, i tried doing that.
I followed some tutorials i found.
(https://ivan.reallusiondesign.com/mount-sshfs-volumes-in-fstab-with-ssh-key/ and https://www.bveml.net/de/news/hetzner-backup-space-inkrementelles-backup-mit-rsnapshot.html)

• I added ssh key to /home/.ssh
• added fstap: sshfs#uxxxxx5@uxxxxxx5.your-storagebox.de:/home /mnt/backup/ fuse IdentityFile=/home/.ssh/id_rsa,uid=0,gid=0,users,idmap=user,noatime,allow_other,_netdev,reconnect,ro 0 0
• restarted the server

I find a folder mnt/backup/ without content. I placed some files in the storeagebox/home. No content in /media/

I'm a basic user coming from windows Trying my best^^

nebulon

@solarsimon what you did seems to be correct from a quick glance. So looks like this is independent of Cloudron as such. Maybe the permissions of the SSH key file is too open? The permissions should be -rw------- so can you for a start try to run chmod 600 /home/.ssh/id_rsa?

Further are there any logs in the system logs while attempting to mount? Once you have the /etc/fstab line, you can use mount /mnt/backup and umount /mnt/backup without having to reboot the server. Logs may be found in journalctl --system

SolarSimon

I made a clean installation of cloudron on a ubuntu hetzner server.
After that I could mount the storage box with the procedure I tried before without problems.

So I dont know what was wrong. But now everything working fine.
Thanks

manngobaum

@girish
I tried this exact same setup. I was able to connect to the storage via SFTP and my SSH key and I copied my private SSH key as instructed to Cloudron.

When I now try to save the backup settings using SSHFS it keeps working and never finishes. The log says

Jan 14 11:40:33 box:shell addMount spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/addmount.sh [Unit]\nDescription=backup\n\nRequires=unbound.service\nAfter=unbound.service\nBefore=docker.service\n\n\n[Mount]\nWhat=uxxxxx@uxxxxx.your-storagebox.de:/\nWhere=/mnt/cloudronbackup\nOptions=allow_other,port=23,IdentityFile=/home/yellowtent/platformdata/sshfs/id_rsa_uxxxxx.your-storagebox.de,StrictHostKeyChecking=no,reconnect\nType=fuse.sshfs\n\n[Install]\nWantedBy=multi-user.target\n\n 10
Jan 14 11:40:44 box:shell addMount (stdout): Failed to mount
Jan 14 11:40:44 box:shell addMount code: 3, signal: null
Jan 14 11:42:04 box:shell removeMount spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/rmmount.sh /mnt/cloudronbackup

Not sure what else I can try.

Edit: magically and waiting one night it works now.

chetbaker

I'm sorry to reopen this, but I've been trying to connect Hetzner volumes and I'm stuck with the key-gen command at the server. I'm pretty sure there's something I'm understanding poorly, but I would like to connect the Volumes with my Cloudron instance, but there's no way I can run key-gen on the Volumes via SSH to get them connected.

XXXXXXXX /home > ssh-keygen
Command not found. Use 'help' to get a list of available commands.
XXXXXXXX /home > help
+-----------------------------------------------------------------------------+
| The following commands are available:                                       |
|   ls                                  list directory content                |
|   tree                                list directory content                |
|   cd                                  change current working directory      |
|   pwd                                 show current working directory        |
|   mkdir                               create new directory                  |
|   rmdir                               delete directory                      |
|   du                                  disk usage of files/directories       |
|   df                                  show disk usage                       |
|   dd                                  read and write files                  |
|   cat                                 output file content                   |
|   touch                               create new file                       |
|   cp                                  copy files/directories                |
|   rm                                  delete files/directories              |
|   unlink                              delete file/directory                 |
|   mv                                  move files/directories                |
|   chmod                               change file/directory permissions     |
|   md5|sha1|sha256|sha512              create hash sum of file               |
|   md5sum|sha1sum|sha256sum|sha512sum  create hash sum of file               |
|   head                                show first lines of file              |
|   tail                                show last lines of file               |
|   grep                                search for specific string in files   |
|   stat                                stat files/directory                  |
|                                                                             |
| Available as server side backend:                                           |
|   borg                                                                      |
|   rsync                                                                     |
|   scp                                                                       |
|   sftp                                                                      |
|   rclone serve restic --stdio                                               |
|                                                                             |
| Please note that this is only a restricted shell which do not               |
| support shell features like redirects or pipes.                             |
|                                                                             |
| You can find more information in our Docs:                                  |
|   https://docs.hetzner.com/robot/storage-box/                               |
+-----------------------------------------------------------------------------+
XXXXXXXX /home >

robi

It doesn't appear that package exists on your server. Install it first.

chetbaker

@robi said in Cannot mount Hetzner storage box for backups using SSHFS:

It doesn't appear that package exists on your server. Install it first.

What I'm showing is the prompt logged on Hetzner Volumes, not a server

robi

@chetbaker Okay, then you can't generate the keys from there. Do it on your server and transfer the keys where you need them.

I'm sure they have a guide for this somewhere.

jdaviescoates

@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:

Hetzner Volumes

Hetzner Cloud Volumes are a very different product to their Storage Boxes.

I don't think you can access them in the same way.

You can definitely use them as a Cloudron Volume though. I think you just have to mount them on your VPS server using fstab first.

chetbaker

@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:

@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:

Hetzner Volumes

Hetzner Cloud Volumes are a very different product to their Storage Boxes.

I don't think you can access them in the same way.

You can definitely use them as a Cloudron Volume though. I think you just have to mount them on your VPS server using fstab first.

Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.

jdaviescoates

@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:

Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.

Ah, OK. I've got that set-up but I've only ever used CIFS and not SSHFS so not sure what you have to do myself sorry.

girish

@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:

Please note that this is only a restricted shell

It says as much that it is a restricted shell. Not sure how to generate keys though, maybe a question for hetzner support.

jdaviescoates

@jdaviescoates said in Cannot mount Hetzner storage box for backups using SSHFS:

@chetbaker said in Cannot mount Hetzner storage box for backups using SSHFS:

Oh I'm sorry, just to clarify, I'm trying to use Storage Boxes as Cloudron Volume.

Ah, OK. I've got that set-up but I've only ever used CIFS and not SSHFS so not sure what you have to do myself sorry.

Ah, but Girish gave instructions above in this very thread!

As @robi said if you don't have ssh-keygen installed, install it.

boydaihungst

For me. It's silly. All the guide is out of date. With new created storage box, there isn't sub dir and ssh pub key is not yet allowed in storage box and storage box's pub isn't in my pc known_hosts, I have to add my pub key to storage and run sshfs command once time to get pub key of storage box. So because of new user without subdirectory, the "remote dir path" after colon should be RELATIVE path or empty "" in this case not "/". uxxxxxx@uxxxxxx.your-storagebox.de: /mnt/local/mount/path -o port=23,IdentifyFile=/home/username/.ssh/id_rsa ....