I’m trying to backup my files with SFTP.
I understand that to automate the process, I have to use SSH key in order for Restic to log in to my sftp passwordless.
I created my keys, and i’m able to connect to my remote server from my source server using the command : ssh user@myremoteserver without having to provide a password anymore, which mean that my SSH public key is trusted. (And I can find it in ~/.ssh/authorized_keys)
But when I try to backup my files with restic, it keeps asking for the sftp password, and I don’t understand why.
The command i’m using is the following : sudo restic -r sftp:user@myremoteserver:BACKUPS backup apps --password-file=restic-password and it results in "user@myremoteserver’s password: " prompt.
On my source server, if I try to use sftp user@myremoteserver it also prompt for password, but if I leave it blank it will end up connecting with ssh, but will not using restic : “user@myremoteserver’s password: subprocess ssh: Permission denied, please try again.”
I guess that’s a matter of personal taste but whatever user does the backup, they must have an ssh key that works.
Depending on the target server you’re using, I can also highly recommend checking out rest-server which is very fast and offers a feature where you can set it to “add only” mode which is a basic barrier for malware messing with your backup.
After switching to my new laptop, I’m facing a similiar issue with my automated backup script but I’m not running restic as root. I don’t find the issue so hopefully you can give me a hint.
I can connect to my server passwordless using sftp -P 23 user@server (so ssh key pairs are set up properly on my server)
However, if I run RESTIC_PASSWORD_COMMAND=$PASSWORD_COMMAND restic -r sftp:user@server:/restic-repo snapshots, I’ll get asked for the ssh password that I got from my storage provider.
I already confirmed that the script is also run by the user whose public ssh key is stored at the server.
That command by default connects to port 22 as restic internally just starts ssh to open the connection. Does your ssh config also set the correct port?