Debian

重複 scp (ssh) 使用 IP 地址,而不是域?

  • March 17, 2019

我想使用 duplicity 創建加密的遠端備份。SSH 密鑰已就位並可以正常工作:

sudo -u ssh-user -p 41111 domain.myfritz.net

在遠端主機上打開一個終端。登錄是無密碼的,因為我創建這些登錄是為了通過腳本進行連接。

還:

sudo -u ssh-user duplicity -v 5 --encrypt-key=*keyid* /path/to/local scp://123.456.789.012:41111//path/to/backup

像魅力一樣工作!但:

sudo -u ssh-user duplicity -v 5 --encrypt-key=*keyid* /path/to/local scp://domain.myfritz.net:41111//path/to/backup

失敗。順便說一句,我當然也用過 ssh-user@domain.myfritz.netssh-user@123.456.789.012,總是結合 sudo -u,沒有區別。

使用 -v 5 會顯示(使用帶有 IP 的命令時不會這樣!):

Using temporary directory /tmp/duplicity-H9igFH-tempdir
Backend error detail: Traceback (most recent call last):
 File "/usr/bin/duplicity", line 1553, in <module>
   with_tempdir(main)
 File "/usr/bin/duplicity", line 1547, in with_tempdir
   fn()
 File "/usr/bin/duplicity", line 1382, in main
   action = commandline.ProcessCommandLine(sys.argv[1:])
 File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py", line 1126, in ProcessCommandLine
   backup, local_pathname = set_backend(args[0], args[1])
 File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py", line 1015, in set_backend
   globals.backend = backend.get_backend(bend)
 File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 223, in get_backend
   obj = get_backend_object(url_string)
 File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 209, in get_backend_object
   return factory(pu)
 File "/usr/lib/python2.7/dist-packages/duplicity/backends/ssh_paramiko_backend.py", line 235, in __init__
   self.config['port'], e))
BackendException: ssh connection to ssh-user@domain.myfritz.net:41111 failed: [Errno 13] Permission denied

我試圖理解(!)並使用:–scp-command ssh; pexpect+scp; 更改了我的 ssh_config 以接受所有主機密鑰;–ssh-option “-op 41111” 和其他為了避免埠問題和 paramiko,因為這似乎是一個問題。但這並沒有幫助…… myfritz.net 是我的路由器(Fritz!Box)製造商提供的 DDNS 服務,並且執行良好 - 從我的本地機器進行膩子登錄和 ssh 登錄沒有任何問題。ping 域和 IP 幾乎同時返回。有人可以幫忙嗎?我當然可以編寫一個 ping 遠端伺服器並使用該 IP 的腳本,但這看起來很奇怪。

本地:OpenSSH_7.4p1 Debian-10+deb9u6,OpenSSL 1.0.2r 2019 年 2 月 26 日 duplicity 0.7.11

遠端(domain.myfritz.net):OpenSSH_7.4p1 Raspbian-10+deb9u5,OpenSSL 1.0.2q 2018 年 11 月 20 日

謝謝閱讀!

編輯由 BarsMonster 回答:

感謝您的回答!雖然 ping 會返回正確的 IP 地址,但我手動將 IP 地址添加到 /etc/hosts(test.test.de 現在連結到正確的 IP)。現在ssh-connection成功了,但是又出現了一個新問題:

ssh: Connected (version 2.0, client OpenSSH_7.4p1)
ssh: Authentication (publickey) successful!
Main action: inc
================================================================================
duplicity 0.7.11 (December 31, 2016)
Args: /usr/bin/duplicity -v 5 --encrypt-key=REDACTED /REDACTED scp://ssh-user@test.test.de:41111/REDACTED    Linux odroidhc2 4.14.94-odroidxu4 #14 SMP PREEMPT Fri Feb 8 11:14:13 CET 2019 armv7l
/usr/bin/python 2.7.13 (default, Sep 26 2018, 18:42:22)
[GCC 6.3.0 20170516]
================================================================================
Using temporary directory /tmp/duplicity-L7N_bX-tempdir
Temp has 1046974464 available, backup will use approx 272629760.
Synchronizing remote metadata to local cache...
PASSPHRASE variable not set, asking user.
GnuPG passphrase for decryption:

出現 GnuPG 解密提示,我輸入密碼。GPG 拋出錯誤:

GPG error detail: Traceback (most recent call last):
 File "/usr/bin/duplicity", line 1553, in <module>
   with_tempdir(main)
 File "/usr/bin/duplicity", line 1547, in with_tempdir
   fn()
 File "/usr/bin/duplicity", line 1398, in main
   do_backup(action)
 File "/usr/bin/duplicity", line 1419, in do_backup
   sync_archive(decrypt)
 File "/usr/bin/duplicity", line 1206, in sync_archive
   copy_to_local(fn)
 File "/usr/bin/duplicity", line 1151, in copy_to_local
   gpg.GzipWriteFile(src_iter, tdp.name, size=sys.maxsize)
 File "/usr/lib/python2.7/dist-packages/duplicity/gpg.py", line 421, in GzipWriteFile
   new_block = block_iter.next()
 File "/usr/bin/duplicity", line 1131, in next
   self.fileobj.close()
 File "/usr/lib/python2.7/dist-packages/duplicity/dup_temp.py", line 226, in close
   assert not self.fileobj.close()
 File "/usr/lib/python2.7/dist-packages/duplicity/gpg.py", line 279, in close
   self.gpg_failed()
 File "/usr/lib/python2.7/dist-packages/duplicity/gpg.py", line 246, in gpg_failed
   raise GPGError(msg)
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: encrypted with 3072-bit RSA key, ID REDACTED, created 2019-03-16
"My Name <name@gmail.com>"
gpg: decryption failed: No secret key
===== End GnuPG log =====

當我通過 IP (scp://123.456.789.012//…) 連接時,它可以工作。沒有提示密碼和 gpg/duplicity 正確“掌握”情況。見下文:

ssh: Connected (version 2.0, client OpenSSH_7.4p1)
ssh: Authentication (publickey) successful!
Main action: inc
================================================================================
duplicity 0.7.11 (December 31, 2016)
Args: /usr/bin/duplicity -v 5 --encrypt-key=REDACTED /REDACTED scp://ssh-user@123.456.789.012:41111/REDACTED
Linux odroidhc2 4.14.94-odroidxu4 #14 SMP PREEMPT Fri Feb 8 11:14:13 CET 2019 armv7l
/usr/bin/python 2.7.13 (default, Sep 26 2018, 18:42:22)
[GCC 6.3.0 20170516]
================================================================================
Using temporary directory /tmp/duplicity-rmi2v3-tempdir
Temp has 1046974464 available, backup will use approx 272629760.
Local and Remote metadata are synchronized, no sync needed.
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED    Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED    Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Processing local manifest /REDACTED
Found 1 volumes in manifest
Added incremental Backupset (start_time: Sat Mar 16 13:05:52 2019 / end_time: Sat Mar 16 13:14:34 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:14:34 2019 / end_time: Sat Mar 16 13:18:29 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:18:29 2019 / end_time: Sat Mar 16 13:20:33 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:20:33 2019 / end_time: Sat Mar 16 13:27:07 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:27:07 2019 / end_time: Sat Mar 16 13:28:15 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:28:15 2019 / end_time: Sat Mar 16 13:28:47 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:28:47 2019 / end_time: Sat Mar 16 13:29:03 2019)
Added incremental Backupset (start_time: Sat Mar 16 13:29:03 2019 / end_time: Sat Mar 16 17:28:58 2019)
Added incremental Backupset (start_time: Sat Mar 16 17:28:58 2019 / end_time: Sat Mar 16 17:43:03 2019)
Added incremental Backupset (start_time: Sat Mar 16 17:43:03 2019 / end_time: Sat Mar 16 17:45:53 2019)
Last full backup date: Sat Mar 16 13:05:52 2019
Processing local manifest REDACTED
Found 1 volumes in manifest
Fatal Error: Backup source directory has changed.
Current directory: /REDACTED
Previous directory: REDACTED

Aborting because you may have accidentally tried to backup two different data sets to the same remote location, or using the same archive directory.  If this is not a mistake, use the --allow-source-mismatch switch to avoid seeing this message

最後的警告實際上是正確的。我在遠端伺服器上使用 duplicity 來加密一個小的測試文件夾。我的目標是加密完整的遠端備份(已經到位,由 rsync 完成)並使用重複性添加加密的新數據。

唯一的解釋可能是您期望的已解析(記憶體)域名和 IP 地址不匹配。因此,當您按域連接時 - 您將訪問另一台伺服器。

請仔細檢查 ping 域是否為您提供了您期望的伺服器,並且此 IP 地址與您知道工作的 IP 地址匹配。如果您的路由器設置中有埠轉發 - 您還需要仔細檢查(即您是在家庭網路之外還是在內部網路)。

如果這沒有顯示問題 -

  1. 嘗試添加/etc/hosts 條目,將某個測試域解析為您的目標IP,並嘗試連接到該測試域。2) 嘗試為您的目標域 domain.myfritz.net 添加 /etc/hosts 條目以解析為您的目標 IP。如果這有幫助 - 那麼它肯定與解析器有關。3) 調查網路內部(使用 NAT 後面的目標伺服器的本地 IP)和從外部連接(例如使用蜂窩網路)時的行為差異,以驗證 NAT 和埠轉發是否按預期工作。

引用自:https://serverfault.com/questions/958592