You are not logged in.
- Topics: Active | Unanswered
#1 2018-03-29 06:34:55
- zenlord
- Member
- From: Belgium
- Registered: 2006-05-24
- Posts: 1,221
- Website
multiple SSH keys in different formats for the same (Borg) server?
Hi,
I have a vServer and a StorageBox subscription over at Hetzner.de. Whereas I have full control over the vServer, the storagebox only has a limited shell (no SSH access, but SFTP/sshfs works and Borg server is running on the host).
To connect to the Borg service over port 23, I have to use an SSH key in this format:
# cat authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQ7OT+Le2/c0aUWJK98NEndq8iDtQs28OcwiHT2N06L7wkrbd5qpkyjGJ5FvyffXctEikjJkEBvRufAYHn98kQs503GOmbXXN4ifzD+Si68ghhR4bFWXvmSVOMH0e8QaeT2u7Vq7YhdjhCjku9TatqJfYUg7h0I+HlovjpTFF5ZiJjJnPU/IXp5LUw+wwsn0dK6ji/Hz5IQwBQXt7R2lBj8lbq7o7Ai2ch+ZWAuZL1i8Q67rwduPlgtRh5tNJDnD/zsSbQHSAqgE4NmVaKFdL3fdgOtQYpd36VQhW6gyVwSnNTK+rB2J3WMVi8XXTn/Wl5lUCavEJdtHzGMACNsNHv <uname>@<host>This key is added to the authorized_keys -file on the storagebox and my QNAP device is using this key to connect with Borg to the vServer and is currently creating the initial backup.
I now would like to mount the Borg repository on the storagebox to allow read-only access to the users (the backups are encrypted, so mounting over sshfs is the only way to provide such transparent access to the backupped data). This time however, the Hetzner wiki tells me to store the public key in a different format in the authorized_keys file. It looks like this:
# cat authorized_keys
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpzahuz9N58FSqqsEQk+a2pt5NlsDNB9UVqn3MJ
bBkrbu1SwTmfQCnyCSXH6d1XNcoFa6WSr6gFoDpk37XZf6xla+EpncW5ClH5ad2j4wXrFv
zl9P+V7rf6gna9wSk66dvHmaiVsz0UfqYI3oM95PZEbOhA29wLuDjM7IAQO9QoNJahHq2X
Q3/ghkadvXFuzW2cetimL1sAbGZI2GLfFsbzc68dFwEedGUWGtzsCr8yg0eopvnRIVsJkw
+TnUGb17KyqQlz2xh5PK8gt2FDcpySvtg770eOHb5152xrpfQjITJT/7/H9irndT+3Cxlo
hhoHX28J/7xYwKtPpjW/lL
---- END SSH2 PUBLIC KEY ----... and I can login with SFTP and SCP using this key from my vServer to the storagebox.
mounting the repo with borgfs (a module built on fuse.sshfs) does NOT work. Before using Borg, I was able to use fuse.sshfs to remotely mount a specific directory on the storagebox, and I suspect there's an issue with my key-management (which I'm not very experienced with).
Any useful insights? F.e. is it generally allowed to cat both keys (in different formats) in the same authorized_keys-file? Thx!
Last edited by zenlord (2018-03-29 06:39:17)
Offline
#2 2018-04-02 10:45:03
- Condor
- Member
- Registered: 2017-12-01
- Posts: 54
Re: multiple SSH keys in different formats for the same (Borg) server?
Any useful insights? F.e. is it generally allowed to cat both keys (in different formats) in the same authorized_keys-file?
The Hetzner Wiki mentions the case of both using SCP/SFTP and Borg backup with keys. In short: Yes, both keys must be added to the authorized_keys file.
Refer to Use Borg and SFTP / SCP in parallel with keyfile in their wiki.
Offline
#3 2018-04-02 10:57:45
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,418
Re: multiple SSH keys in different formats for the same (Borg) server?
At least in this guide they simply append it so...
https://wiki.hetzner.de/index.php/Backu … SH_Keys/en
If in doubt it might be better to ask in the Hetzner forums. I used Hetzner in the past (and still have domains there) but currently have no server with them so I can't test it myself.
Offline