Archivist / SSH

Bonjour,
J’essaie d’utliser Archivist pour faire des backup réguliers sur un autre disque dur.
Mais je bloque pour avoir accès au nouveau DD qui ne me servira qu’a stocker mes futurs backup.
Les 2 DD sont dans ma freebox delta avec chacun un Yunohost.
J’ai accès en SSh aux 2 DD.
Et je bloque sur cette erreur :

root@domain:/var/www/archivist# nice -n10 /var/www/archivist/archivist.sh
Fri Jan  3 09:05:03 PM UTC 2025 > Build list of files to backup
> Password has been changed.
md5sum: na: No such file or directory
Fri Jan  3 09:05:03 PM UTC 2025 > Compress backups

Fri Jan  3 09:05:03 PM UTC 2025 > Backup YunoHost core and apps
conf_ynh_settingsFri Jan  3 09:05:03 PM UTC 2025 > Backup hooks used: conf_ldap

Fri Jan  3 09:05:03 PM UTC 2025 >> Make a temporary backup for ynh_core_backup
Fri Jan  3 09:05:12 PM UTC 2025 >>> This backup is the same than the previous one

Fri Jan  3 09:05:12 PM UTC 2025 >> Make a temporary backup for archivist_backup
Fri Jan  3 09:05:15 PM UTC 2025 >>> This backup is the same than the previous one
Fri Jan  3 09:05:15 PM UTC 2025 > Clean old backup files

Fri Jan  3 09:05:15 PM UTC 2025 -> Build the list of files for the recipient rsync ssh example
> Copy backups files in /home/olivier/archivist/.
Bad owner or permissions on /root/.ssh/config
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(231) [sender=3.2.7]

Merci

Je n’utilise pas Archivist mais vu le message d’erreur as-tu vérifié que les droits sont bien en 644 et que root en est le propriétaire?

J’ai constaté l’absence de ce fichier “config”
Je l’ai créé pour essayé, avec les droits 644.
Mais toujours la même erreur.

C’est quand même étonnant que ça retourne une erreur concernant /root/.ssh/config si ce fichier n’existe pas :face_with_diagonal_mouth: . C’est apparemment ça qui empêche la connexion rsync en SSH. N’aurais-tu pas confondu le client SSH et le serveur SSH pour rechercher ce fichier?
Si tu as un doute, supprime le fichier crée et si tu pouvais poster les droits côté client et serveur avec la commande suivante :

namei -l /root/.ssh/*
root@domain:~# namei -l /root/.ssh/*
f: /root/.ssh/authorized_keys
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root authorized_keys
f: /root/.ssh/id_ed25519
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root id_ed25519
f: /root/.ssh/id_ed25519.pub
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw-r--r-- root root id_ed25519.pub
f: /root/.ssh/id_rsa
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root id_rsa
f: /root/.ssh/id_rsa.pub
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw-r--r-- root root id_rsa.pub
f: /root/.ssh/known_hosts
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root known_hosts
f: /root/.ssh/known_hosts.old
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw-r--r-- root root known_hosts.old

Voilà, merci !

En fait je n’ai pas compris les “droits côté serveur / client”.
Là j’ai fait cette commande en étant logué sur mon serveur via un terminal.

SSH fonctionne en mode client/serveur et le fichier config qui est facultatif se trouve sur le client. Désolé je ne peux pas t’apporter beaucoup plus d’infos n’utilisant pas Archivist mais ici c’est visiblement un problème au niveau de ta configuration SSH.

Pour bien comprendre parce que j’ai le doute, tu as 2 serveurs Yunohost chacun sur un DD et tu souhaites sauvegarder sur un 3e disque ou bien tu souhaites sauvegarder un Yunohost sur le 2ème disque ou se trouve un yunohost?

Alors en fait /etc/ssh/ssh_config c’est la configuration client, et /etc/ssh/sshd_config (notez le d) celle du serveur. Sur un serveur il devrait y avoir les deux.

/root/.ssh/config ne semble pas critique… c’est curieux que son absence pose problème.
Est-ce qu’une connexion rsync “à la main” entre les deux serveurs fonctionne ?

Oui, cela fonctionne, je me suis envoyé un fichier grâce à cette commande :
rsync -avz -e ssh /home/olivier/rsync/ olivier@domainbackup:/home/olivier/

Ok, étonnant qu’il affiche une erreur dans ce cas… on pourrait creuser le code d’archivist pour voir ce qu’il fait à l’exécution côté ssh/rsync :thinking:

Effectivement c’est étonnant car d’une part le fichier /root/.ssh/config n’existerait pas donc j’ai un peu de mal à comprendre. les droits en tout cas ont l’air correct.
Pour pouvoir déboguer, il faudrait aussi faire un namei -l /root/.ssh/* sur le serveur accueillant les sauvegardes.
Lancer le script /var/www/archivist/archivist.sh manuellement avec bash -x permettrait également d’avoir un peu plus de détail.

root@domain.backup:~# namei -l /root/.ssh/*
f: /root/.ssh/authorized_keys
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root authorized_keys
f: /root/.ssh/id_ed25519
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root id_ed25519
f: /root/.ssh/id_ed25519.pub
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw-r–r-- root root id_ed25519.pub
f: /root/.ssh/id_rsa
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root id_rsa
f: /root/.ssh/id_rsa.pub
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw-r–r-- root root id_rsa.pub
f: /root/.ssh/known_hosts
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw------- root root known_hosts
f: /root/.ssh/known_hosts.old
drwxr-xr-x root root /
drwx------ root root root
drwx------ root root .ssh
-rw-r–r-- root root known_hosts.old

root@domain:/var/www/archivist# bash -x /var/www/archivist/archivist.sh
+++ realpath /var/www/archivist/archivist.sh
++ dirname /var/www/archivist/archivist.sh
+ script_dir=/var/www/archivist
+ config_file=/var/www/archivist/Backup_list.conf
+ compression_modes=/var/www/archivist/compression_modes
++ cut -d= -f2
++ grep -m1 '^backup_dir=' /var/www/archivist/Backup_list.conf
+ backup_dir=/home/yunohost.app/archivist/backup
+ backup_dir=/home/yunohost.app/archivist/backup
++ cut -d= -f2
++ grep -m1 '^enc_backup_dir=' /var/www/archivist/Backup_list.conf
+ enc_backup_dir=/home/yunohost.app/archivist/encrypted_backup
+ enc_backup_dir=/home/yunohost.app/archivist/encrypted_backup
++ cut -d= -f2
++ grep -m1 '^encrypt=' /var/www/archivist/Backup_list.conf
+ encrypt=false
++ cut -d= -f2
++ grep -m1 '^cryptpass=' /var/www/archivist/Backup_list.conf
+ cryptpass=na
+ cryptpass=na
++ cut -d= -f2
++ grep -m1 '^max_size=' /var/www/archivist/Backup_list.conf
+ max_size=50000
++ cut -d= -f2
++ grep -m1 '^ynh_compression_mode=' /var/www/archivist/Backup_list.conf
+ ynh_compression_mode=gzip
++ cut -d= -f2
++ grep -m1 '^files_compression_mode=' /var/www/archivist/Backup_list.conf
+ files_compression_mode=gzip
+ '[' -e /var/www/archivist/compression_modes ']'
++ cut -d= -f2
++ grep -m1 '^ynh_compression_mode=' /var/www/archivist/compression_modes
+ previous_ynh_compression_mode=gzip
++ cut -d= -f2
++ grep -m1 '^files_compression_mode=' /var/www/archivist/compression_modes
+ previous_files_compression_mode=gzip
+ ynh_force_backup=0
+ '[' gzip == gzip ']'
+ ynh_compression_suffix=tar.gz
+ echo ynh_compression_mode=gzip
+ '[' gzip '!=' gzip ']'
+ files_force_backup=0
+ '[' gzip == gzip ']'
+ files_compression_suffix=tar.gz
+ echo files_compression_mode=gzip
+ '[' gzip '!=' gzip ']'
+ timestamp_echo '> Build list of files to backup'
++ date
+ echo -e 'Sun Jan  5 04:04:34 AM UTC 2025 > Build list of files to backup'
Sun Jan  5 04:04:34 AM UTC 2025 > Build list of files to backup
++ cut -d= -f2
++ grep '^exclude_backup=' /var/www/archivist/Backup_list.conf
+ read backup
+ echo ''
+ read backup
++ cut -d= -f2
++ grep '^file_to_backup=' /var/www/archivist/Backup_list.conf
+ read backup
+ '[' -n '' ']'
+ read backup
+ enc_backup_list=/home/yunohost.app/archivist/backup/enc_backup_list
+ sudo md5sum --status --check na.md5
+ '[' -e na.md5 ']'
+ echo '> Password has been changed.'
> Password has been changed.
+ sudo md5sum na
md5sum: na: No such file or directory
+ '[' false == true ']'
+ timestamp_echo '> Compress backups'
++ date
+ echo -e 'Sun Jan  5 04:04:34 AM UTC 2025 > Compress backups'
Sun Jan  5 04:04:34 AM UTC 2025 > Compress backups
+ pre_backup=0
+ read backup
+ echo ''

+ '[' 0 -eq 1 ']'
+ timestamp_echo '> Backup YunoHost core and apps'
++ date
+ echo -e 'Sun Jan  5 04:04:34 AM UTC 2025 > Backup YunoHost core and apps'
Sun Jan  5 04:04:34 AM UTC 2025 > Backup YunoHost core and apps
++ cut -d= -f2
++ grep -m1 '^ynh_core_backup=' /var/www/archivist/Backup_list.conf
+ ynh_core_backup=true
+ '[' true == true ']'
+ exec_pre_post_backup ynh_core_pre_backup /var/www/archivist/Backup_list.conf
+ local exec_command=ynh_core_pre_backup
+ local local_config_file=/var/www/archivist/Backup_list.conf
++ cut -d= -f2
++ grep -m1 '^ynh_core_pre_backup=' /var/www/archivist/Backup_list.conf
+ local line_to_exec=
+ eval
+ mkdir -p /home/yunohost.app/archivist/backup/ynh_backup
+ print_encrypted_name /home/yunohost.app/archivist/backup/ynh_backup add
+ local backup=/home/yunohost.app/archivist/backup/ynh_backup
+ local mode=add
+ backup=/ynh_backup
+ '[' false == true ']'
+ backup_name=ynh_core_backup
+ backup_hooks=($(ls /usr/share/yunohost/hooks/backup/ | grep --extended-regexp --invert-match "home|multimedia" | cut --delimiter=- --fields=2))
++ cut --delimiter=- --fields=2
++ grep --extended-regexp --invert-match 'home|multimedia'
++ ls /usr/share/yunohost/hooks/backup/
+ timestamp_echo '> Backup hooks used: conf_ldap' conf_ynh_settings conf_ynh_certs data_mail conf_manually_modified_files
++ date
+ echo -e 'conf_ynh_settingsSun Jan  5 04:04:34 AM UTC 2025 > Backup hooks used: conf_ldap'
conf_ynh_settingsSun Jan  5 04:04:34 AM UTC 2025 > Backup hooks used: conf_ldap
+ backup_command='sudo yunohost backup create --system conf_ldap conf_ynh_settings conf_ynh_certs data_mail conf_manually_modified_files'
+ backup_checksum 'sudo yunohost backup create --system conf_ldap conf_ynh_settings conf_ynh_certs data_mail conf_manually_modified_files'
+ local 'backup_cmd=sudo yunohost backup create --system conf_ldap conf_ynh_settings conf_ynh_certs data_mail conf_manually_modified_files'
+ local temp_backup_dir=/home/yunohost.app/archivist/backup/ynh_backup/temp
+ echo ''

+ timestamp_echo '>> Make a temporary backup for ynh_core_backup'
++ date
+ echo -e 'Sun Jan  5 04:04:34 AM UTC 2025 >> Make a temporary backup for ynh_core_backup'
Sun Jan  5 04:04:34 AM UTC 2025 >> Make a temporary backup for ynh_core_backup
+ sudo rm -rf /home/yunohost.app/archivist/backup/ynh_backup/temp
+ sudo yunohost backup create --system conf_ldap conf_ynh_settings conf_ynh_certs data_mail conf_manually_modified_files --methods copy --output-directory /home/yunohost.app/archivist/backup/ynh_backup/temp --name ynh_core_backup.temp
+ sudo rm /home/yunohost.app/archivist/backup/ynh_backup/temp/info.json
++ cut '-d ' -f1
++ md5sum
++ sudo find /home/yunohost.app/archivist/backup/ynh_backup/temp -type f -exec md5sum '{}' ';'
+ local new_checksum=9c2feb96aadf703ef06a593161ee3c92
+ sudo rm -rf /home/yunohost.app/archivist/backup/ynh_backup/temp
++ cat /home/yunohost.app/archivist/backup/ynh_backup/ynh_core_backup.md5
+ local old_checksum=9c2feb96aadf703ef06a593161ee3c92
+ '[' 9c2feb96aadf703ef06a593161ee3c92 == 9c2feb96aadf703ef06a593161ee3c92 ']'
+ '[' 0 -eq 0 ']'
+ timestamp_echo '>>> This backup is the same than the previous one'
++ date
+ echo -e 'Sun Jan  5 04:04:42 AM UTC 2025 >>> This backup is the same than the previous one'
Sun Jan  5 04:04:42 AM UTC 2025 >>> This backup is the same than the previous one
+ return 1
+ echo /ynh_backup/ynh_core_backup.tar.gz
+ exec_pre_post_backup ynh_core_post_backup /var/www/archivist/Backup_list.conf
+ local exec_command=ynh_core_post_backup
+ local local_config_file=/var/www/archivist/Backup_list.conf
++ cut -d= -f2
++ grep -m1 '^ynh_core_post_backup=' /var/www/archivist/Backup_list.conf
+ local line_to_exec=
+ eval
+ pre_backup=0
++ cut -d= -f2
++ grep '^ynh_app_backup=' /var/www/archivist/Backup_list.conf
+ read app
+ '[' -n '' ']'
+ read app
+ '[' 0 -eq 1 ']'
+ timestamp_echo '> Clean old backup files'
++ date
+ echo -e 'Sun Jan  5 04:04:42 AM UTC 2025 > Clean old backup files'
Sun Jan  5 04:04:42 AM UTC 2025 > Clean old backup files
++ sudo find /home/yunohost.app/archivist/backup -name '*.tar*'
+ read backup
+ backup=/ynh_backup/ynh_core_backup.tar.gz
+ grep --quiet '/ynh_backup/ynh_core_backup.tar.gz$' /home/yunohost.app/archivist/backup/backup_list
+ read backup
+ sudo find /home/yunohost.app/archivist/backup -type d -empty -delete -exec echo 'Delete empty directory '\''{}'\''' ';'
+ '[' false == true ']'
+ config_file_per_recipient=/var/www/archivist/recipient_config.conf
+ backup_list_per_recipient=/var/www/archivist/files_to_backup.list
++ cut -d: -f1
++ grep --line-number '^> recipient name=' /var/www/archivist/Backup_list.conf
+ read recipient
+ '[' -n 123 ']'
+ tail --lines=+123 /var/www/archivist/Backup_list.conf
++ cut -d: -f1
++ grep --line-number --max-count=1 '^> recipient name='
++ tail --lines=+2 /var/www/archivist/recipient_config.conf
+ next_recipient=
+ '[' -n '' ']'
++ get_option_value '> recipient name'
++ cut -d= -f2
++ grep -m1 '^> recipient name=' /var/www/archivist/recipient_config.conf
+ timestamp_echo '-> Build the list of files for the recipient rsync ssh example' '\n'
++ date
+ echo -e '\nSun Jan  5 04:04:42 AM UTC 2025 -> Build the list of files for the recipient rsync ssh example'

Sun Jan  5 04:04:42 AM UTC 2025 -> Build the list of files for the recipient rsync ssh example
++ get_option_value encrypt
++ cut -d= -f2
++ grep -m1 '^encrypt=' /var/www/archivist/recipient_config.conf
+ recipient_encrypt=false
+ recipient_encrypt=false
++ get_option_value encrypt
++ cut -d= -f2
++ grep -m1 '^encrypt=' /var/www/archivist/recipient_config.conf
+ '[' -z false ']'
+ '[' false == true ']'
+ grep --quiet '^include backup=' /var/www/archivist/recipient_config.conf
+ include_files '.*'
+ '[' false == true ']'
+ grep '.*.*.tar*' /home/yunohost.app/archivist/backup/backup_list
++ cut -d= -f2
++ grep '^exclude backup=' /var/www/archivist/recipient_config.conf
+ read exclude
+ delete_option 'exclude backup'
++ grep -m1 '^exclude backup=' /var/www/archivist/recipient_config.conf
+ local line_to_remove=
+ sed --in-place '\|^$|d' /var/www/archivist/recipient_config.conf
+ '[' -n '' ']'
+ read exclude
+ '[' false == true ']'
+ source_path=/home/yunohost.app/archivist/backup
+ echo 'backup source=/home/yunohost.app/archivist/backup'
++ get_option_value type
++ cut -d= -f2
++ grep -m1 '^type=' /var/www/archivist/recipient_config.conf
+ type=rsync_ssh
+ delete_option type
++ grep -m1 '^type=' /var/www/archivist/recipient_config.conf
+ local line_to_remove=type=rsync_ssh
+ sed --in-place '\|^type=rsync_ssh$|d' /var/www/archivist/recipient_config.conf
+ sed --in-place '/^#/d' /var/www/archivist/recipient_config.conf
+ exec_pre_post_backup pre_backup /var/www/archivist/recipient_config.conf
+ local exec_command=pre_backup
+ local local_config_file=/var/www/archivist/recipient_config.conf
++ cut -d= -f2
++ grep -m1 '^pre_backup=' /var/www/archivist/recipient_config.conf
+ local line_to_exec=
+ eval
+ /var/www/archivist/senders/rsync_ssh.sender.sh
> Copy backups files in /home/olivier/archivist/.
Bad owner or permissions on /root/.ssh/config
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(231) [sender=3.2.7]
+ exec_pre_post_backup post_backup /var/www/archivist/recipient_config.conf
+ local exec_command=post_backup
+ local local_config_file=/var/www/archivist/recipient_config.conf
++ cut -d= -f2
++ grep -m1 '^post_backup=' /var/www/archivist/recipient_config.conf
+ local line_to_exec=
+ eval
+ read recipient
````Preformatted text`

Peux-tu relancer le script et juste après relancer le script sur lequel il échoue?

bash -x /var/www/archivist/archivist.sh

puis :

bash -x /var/www/archivist/senders/rsync_ssh.sender.sh

Donne juste le retour de ce second script en espérant qu’il soit un peu plus bavard sur l’origine de l’erreur.
Les permissions sont correctes côté backup. Par contre je n’arrive toujours pas à comprendre où il trouve ce /root/.ssh/config vu que tu n’en as ni sur le serveur nominal ni sur le backup.

root@domain:/var/www/archivist# bash -x /var/www/archivist/senders/rsync_ssh.sender.sh
+++ realpath /var/www/archivist/senders/rsync_ssh.sender.sh
++ dirname /var/www/archivist/senders/rsync_ssh.sender.sh
+ script_dir=/var/www/archivist/senders
+ config=/var/www/archivist/senders/../recipient_config.conf
+ files_list=/var/www/archivist/senders/../files_to_backup.list
++ get_option_value '> recipient name'
++ cut -d= -f2
++ grep -m1 '^> recipient name=' /var/www/archivist/senders/../recipient_config.conf
+ recipient_name='rsync ssh example'
++ get_option_value 'destination directory'
++ cut -d= -f2
++ grep -m1 '^destination directory=' /var/www/archivist/senders/../recipient_config.conf
+ dest_directory=/home/olivier/archivist/
++ get_option_value 'backup source'
++ cut -d= -f2
++ grep -m1 '^backup source=' /var/www/archivist/senders/../recipient_config.conf
+ backup_source=/home/yunohost.app/archivist/backup
++ get_option_value ssh_host
++ cut -d= -f2
++ grep -m1 '^ssh_host=' /var/www/archivist/senders/../recipient_config.conf
+ ssh_host=xxx.xxx.x.xx
++ get_option_value ssh_user
++ cut -d= -f2
++ grep -m1 '^ssh_user=' /var/www/archivist/senders/../recipient_config.conf
+ ssh_user=olivier
++ get_option_value ssh_port
++ cut -d= -f2
++ grep -m1 '^ssh_port=' /var/www/archivist/senders/../recipient_config.conf
+ ssh_port=22
+ ssh_port=22
++ get_option_value ssh_key
++ cut -d= -f2
++ grep -m1 '^ssh_key=' /var/www/archivist/senders/../recipient_config.conf
+ ssh_key=/home/user/.ssh/id_ed25519
++ get_option_value ssh_pwd
++ cut -d= -f2
++ grep -m1 '^ssh_pwd=' /var/www/archivist/senders/../recipient_config.conf
+ ssh_pwd='mdp'
++ get_option_value ssh_options
++ cut -d= -f2
++ grep -m1 '^ssh_options=' /var/www/archivist/senders/../recipient_config.conf
+ ssh_options=
+ ssh_options='-p 22 '
+ '[' -n /home/olivier/.ssh/id_ed25519 ']'
+ ssh_options='-p 22  -i /home/olivier/.ssh/id_ed25519'
+ ssh_command=ssh
+ sudo find /home/yunohost.app/archivist/backup -type f
+ sed --in-place 's|^/home/yunohost.app/archivist/backup||' /var/www/archivist/senders/../liste
+ comm -23 /dev/fd/63 /dev/fd/62
++ sort /var/www/archivist/senders/../files_to_backup.list
++ sort /var/www/archivist/senders/../liste
+ echo '> Copy backups files in /home/user/archivist/.'
> Copy backups files in /home/user/archivist/.
+ sudo rsync --archive --copy-links --verbose --human-readable --stats --itemize-changes --delete-excluded --prune-empty-dirs --exclude-from=/var/www/archivist/senders/../exclude_list /home/yunohost.app/archivist/backup/ '--rsh=ssh -p 22  -i /home/user/.ssh/id_ed25519' olivier@xxx.xxx.x.xx:/home/user/archivist/
Bad owner or permissions on /root/.ssh/config
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(231) [sender=3.2.7]
++ get_option_value encrypt
++ cut -d= -f2
++ grep -m1 '^encrypt=' /var/www/archivist/senders/../recipient_config.conf

Je ne vois rien de plus, on a pas plus d’infos malheureusement :frowning_face:
Tu peux toujours essayer de Ping @Maniack_Crudelis mais je vois qu’il n’est plus actif sur le forum depuis quelques mois .

Tu peux également essayer de lancer la commande sudo rsync… et voir si elle passe ( mais je suppose que oui vu que tu as déjà fait 1 test manuel). Attention à bien lancer la commande de la bonne arborescence ou à défaut de supprimer l’option --exclude-from. Mais je doute que ça nous apporte plus d’infos :face_with_diagonal_mouth:

H.S. : ATTENTION, tu as laissé une info à anonymiser en lançant le dernier script.

The problem here doesn’t seem to be on archivist which only uses a simple rsync command with ssh, but on ssh itself.

/root/.ssh/config is the client part config file for ssh.
Why is there an issue, I don’t know.

But, don’t forget that Archivist runs with the user root from its cron task. So when you try to run rsync manually, you have to run it with the user root to reproduce the issue.
Otherwise, ssh will look for a config file under your own user directory.