Hello @isAAAc for your information I migrated last months from one server to another using the backup and restore system and rsync for nextcloud data. I thought I could use also this fallback app, but finally fixed my backup system and used it 
1 Like
Bonjour et merci pour ton travail !
Je rencontre un petit souci de connexion. J’ai bien installé Fallback en mode main sur mon serveur principal et renseigné le domaine de mon serveur de secours.
Sur mon serveur de secours j’ai une instance yuno avec un user et juste Fallback d’installé en mode backup.
J’ai bien reçu la clé SSH que j’ai renseigné sur le serveur de secours sous la forme :
ssh-rsa … root@domain.tld
Et il ne parvient pas à se connecter, j’obtiens ceci comme message dans le mail de récap le matin :
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(235) [sender=3.1.2]
Ais-je mal fait quelque chose ?
Merci d’avance de votre aide.
Bien cordialement
Don’t remember if the fingerprint is already registered by the script somehow.
Could you try to connect manually using the same arguments.
Maybe you’ll have to accept the fingerprint.
Thx for your fast answer.
I tried this command : sudo -u root /opt/yunohost/fallback/send_process/./send_backup.sh (i add the -v option before in the script) and get this :
> Make a temporary backup for system_fallback_bck
>> This backup is the same than the previous one
> Remove the old backup app_list
rm: cannot remove '/opt/yunohost/fallback/send_process/checksum/app_list_fallbac k_bck': No such file or directory
> Remove the old backup config.conf
rm: cannot remove '/opt/yunohost/fallback/send_process/checksum/config.conf_fall back_bck': No such file or directory
> Remove the old backup ip_main_server
rm: cannot remove '/opt/yunohost/fallback/send_process/checksum/ip_main_server_f allback_bck': No such file or directory
> Send the archives on the server backup.ndd.tld
OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Deprecated option "useroaming"
debug1: Connecting to backup.ndd.tld [IPV6] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /opt/yunohost/fallback/send_process/ssh_key type 1
debug1: key_load_public: No such file or directory
debug1: identity file /opt/yunohost/fallback/send_process/ssh_key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debia n-10+deb9u7
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to backup.ndd.tld:22 as 'fallback'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit > compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit > compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:Série_de_chiffres_et_lettres
debug1: Host 'backup.ndd.tld' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-s ha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
Debian GNU/Linux 9 (stretch)
Linux ns.....ip-XXX-XXX-XXX.eu 4.19-ovh-xxxx-std-ipv6-64 #1024349 SMP Fri D ec 13 08:31:53 UTC 2019 x86_64 GNU/Linux
Server : XXXXXX
IPv4 : XXX.XXX.XXX.XXX
IPv6 : XXXX:XXXX:XXXX:XXXX::X
Hostname : nsXXXXXXX.ip-XXX-XXX-XXX.eu
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /opt/yunohost/fallback/send_process/ssh_key
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
fallback@backup.ndd.tld's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
fallback@backup.ndd.tld's password:
rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(644) [send er=3.1.2]I was thinking connecting manually with a ssh command. Not from the script, which is not interactive.
sudo ssh fallback@backup.ndd.tld -i /opt/yunohost/fallback/send_process/ssh_key -v
Sorry i didn’t understood.
i tried and got this :
OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Deprecated option "useroaming"
debug1: Connecting to backup.ndd.tld [IPV6] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /opt/yunohost/fallback/send_process/ssh_key type 1
debug1: key_load_public: No such file or directory
debug1: identity file /opt/yunohost/fallback/send_process/ssh_key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debia n-10+deb9u7
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to backup.ndd.tld:22 as 'fallback'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit > compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit > compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: Host 'backup.ndd.tld' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-s ha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
Debian GNU/Linux 9 (stretch)
Linux nsXXXXXX.ip-XXX-XXX-XXX.eu 4.19-ovh-xxxx-std-ipv6-64 #1024349 SMP Fri D ec 13 08:31:53 UTC 2019 x86_64 GNU/Linux
Server : XXXXXX
IPv4 : XXX.XXX.XXX.XXX
IPv6 : IPV6
Hostname : nsXXXXX.ip-XXX-XXX-XXX.eu
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /opt/yunohost/fallback/send_process/ssh_key
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
fallback@backup.ndd.tld's password:The fingerprint looks ok.
So here, that’s clearly your fallback server that refuse the connection.
Could you confirm that, on your main server, your /opt/yunohost/fallback/send_process/config.conf looks like that at the beginning:
# Fallback server
ssh_user=fallback
ssh_host=backup.ndd.tld
ssh_key=/opt/yunohost/fallback/send_process/ssh_key
ssh_port=22
ssh_options=
And, on your fallback server, the file /home/fallback/.ssh/authorized_keys looks like
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA[ssh key...]
The ssh key shown here should be exactly the same than the key in /opt/yunohost/fallback/send_process/ssh_key.pub on your main server.
Yes but i don’t know why the backup server refuse the connection.
I confirm that the config.conf on main server looks like yours, the authorized_keys on the backup server looks like yours and the two ssh keys are exactly the same but on the both files i have the email at the end of the ssh key (root@ndd.tld).
Maybe that’s the problem ?
Having that at the end is normal.
I was hoping for something easy like that…
Unfortunately we only have the hard way left, which is to have a look to the log /var/log/auth.log
The best way to do it is to keep on eye on it with tail -f and to try to connect via ssh at the same time. You’ll see what the server is telling when you try to reach it from your ssh connection.
Hi
I did what you said.
This is what i had on the log on the main server :
Jan 30 08:53:57 ndd sshd[24323]: Connection from IPV6 port 58024 on IPV6 port 22
Jan 30 08:53:58 ndd sshd[24323]: Invalid user fallback from IPV6 port 58024
Jan 30 08:53:58 ndd sshd[24323]: input_userauth_request: invalid user fallback [preauth]Into the sshd_config file (/etc/ssh/sshd_config on the fallback server), do you have the 4 lines tagged “# Automatically added by fallback” ?
And do you have any AllowUsers instruction into this same config file ?
Yes i have the 4 lines but nothing with AllowUsers
Everything looks in order…
Could you try to connect to ssh with the IPv4 instead of the domain name. And keep an eye on the log to be sure you’re not connecting with IPv6.
Except that, I can’t see anything else interfering…
Thx for your help, seems to be ok with the IPV4. I don’t know why it doesn’t works with the IPV6. Maybe my DNS configuration… I will chekc this later and wait tomorrow to see if the backup will be ok.
I will tell you.
Thx again
Hi !
I change the hostname option in the /home/yunohost.app/fallback/config.conf like that :
ssh_user=fallback
ssh_host=IPV4_of_backup_server
ssh_key=/opt/yunohost/fallback/send_process/ssh_key
ssh_port=22
ssh_options=
But this morning i got this :
ssh: Could not resolve hostname p: No address associated with hostname
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(235) [sender=3.1.2]
There is something else to change ?
Thx a lot
Didn’t think ssh would try to resolve a plain IP 
Anyway, you can keep the domain name here and force the resolution to the IPv4 address into your hosts file.
Ok, i just have to add this in /etc/hosts ?
IPV4_backup_server backup.ndd.tld
Thx
Indeed, it would be enough
Thx ! Seems to be ok.
Wait and see tomorrow
Have a good week-end and thx again !