SSH Backup is driving me crazy!


(Greg Snover) #1

I am trying to switch my backup strategy to SSH (and SFTP) and no matter what I do, I can’t get the backup Module to successfully backup to the server I set up. I have done all the copying of the keys and from the cli of the FreePBX box.

I can ssh to my backup server logged in as root and I am not prompted for a password.

I can ssh to the backup server with a user name (sftpd@x.x.x.x) and am not prompted for a password.

I am specifying the key that I used to set up the SSH keys, but here is what I get:

Saving Backup 2…done!
Intializing Backup 2
Backup Lock acquired!
Running pre-backup hooks…
Adding items…
Bulding manifest…
Creating backup…
Storing backup…
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
lost connection
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
Running post-backup hooks…
Backup successfully completed!

The only thing I have found is that if I su to Asterisk on the FreePBX box, and then try to ssh to the backup server, I am prompted for a Password - I read in one of the other posts that the backup runs as Asterisk.

It doesn’t seem to matter what User Name I use - I assumed that the user name would be used to form the command ssh username@backupserver, but even if I change the name, the error message is the same.

Here are all my blanks:

hostname: x.x.x.x
Port: 22
User Name: sftpd, asterisk, root, bob - doesn’t matter
Key: /home/asterisk/.ssh/id_rsa (and id_rsa.pub for a try)
Path: ~/backups/BDC-CoLo

Does anyone have this working? If so, would you share what worked for you?


(Rob Thomas) #2

The username is critical, and you shouldn’t use ‘~’ paths in the destination.

It sounds to me like you haven’t created the ssh key correctly. Here’s some random documentation on it

_ http://wiki.freepbx.org/display/FPG/Warm+Spare+Setup


(Ernie Dunbar) #3

Yes, but it appears that FreePBX is only set up to copy backups from a live server to a warm backup server. The “Warm Spare Setup” page you link to does exactly this. The backup process is set up on the warm spare, which SSHes into the live server, downloads all the files it needs, and then restores them on the warm spare.

What FTP backups do on the other hand, is in initiate a connection from the live server, copies the files it needs for a restore process to work to the FTP server, and leaves them there.

That’s what I need to do. Except with SSH, because security. Evidently, this won’t happen until someone at FreePBX headquarters realises that’s exactly what we need. Especially for something I like to call “off-site backups”.


(Tony Lewis - https://bit.ly/2SbDAyc) #4

You can use SSH to send a backup to any linux server.


(Ernie Dunbar) #5

Or, more instructionally for those who might land here via Google, one could periodically rsync the directory /var/spool/asterisk/backup/Default_backup with one’s backup server via SSH:

rsync -vaz -e /usr/bin/ssh /var/spool/asterisk/backup/Default_backup/* mrbackup@backup.mydomain.com:/home/serverbackups/FreePBX

Just as an example.

I’m a little unsure about the exact implementation in the FreePBX crontab, but I believe that this would be suitable for a shell script in /etc/cron.monthly. Those nifty options in FreePBX for deleting the backups after a certain number of runs sure would be nice though.


#6

So setup ssh login by key to backup.mydomain.com add those keys to the freepbx ssh backup option to put them on the same machine with your rotation settings honored.


(Ernie Dunbar) #7

I could swear that this was what the thread was about in the first place.

In theory, that’s exactly what should work. But what FreePBX does instead, is it tries to log into backup.mydomain.com to download the configuration to FreePBX, and restore it to this box because obviously, this FreePBX server is the warm backup.

Which is nice in theory and all, but not exactly what I’m trying to do.


#8

I don’t believe it tries to restore the warm spare, unless that is specifically attempted in your postrestore or rpistbackup script neither of which should run in the machine you backup to.

You can selectively restore that tarball , or any of a series of them, at your own convenience.


(France) #9

Hello,

Two years later I land to this topic while trying to backup overs ssh.
As documentation isn’t clear about ssh backup (at least for me), and especially the Application Note, I ask here how to do ssh backup.
How can I setup SSH server as storage only ?
Should I process in two step (local backup then scp to ssh server in crontab) ?

Kind regards,

Vincent


#10

The process is going to be a little different depending on what version of FreePBX you’re using. The documentation you’re looking at is for versions before FreePBX 15. Before dealing with the actual backup files, you’ll want to setup an SSH Server entry from the Servers section, or the Filestore section if you’re on FreePBX 15. Before setting that up, I would first confirm that you can SSH from your PBX to your storage server with an rsa key. Once you know that’s working properly, you can proceed with adding the Server or Filestore. Are you familiar with accessing servers over SSH with keys?


(France) #11

Hello wmoon,

Thank you for your reply.
We are still using FreePBX 14 on both of our PBX.
My ssh access to backup server is configured. I can connect with ssh key from our iPBX with asterisk user account.
Backup through ssh is configured.
I can access to backup server through ssh with public key, but backup fail

This is what I got from backup.log :

May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: Initializing Backup 2^M
May 4, 2020, 11:01 am - Connecting to remote server…^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: Connecting to remote server…^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: PHP Warning: include_once(/etc/asterisk/freepbx.conf): failed to open stream: No such file or directory in Command line code on line 1^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: PHP Warning: include_once(): Failed opening ‘/etc/asterisk/freepbx.conf’ for inclusion (include_path=’.:/usr/share/php:/usr/share/pear’) in Command line code on line 1^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: PHP Notice: Undefined variable: amp_conf in Command line code on line 1^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: sh: 1: /backup.php: not found^M
May 4, 2020, 11:01 am - Verifying received file…^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: Verifying received file…^M
May 4, 2020, 11:01 am - File verification failed.^M
May 4, 2020, 11:01 am - Here are the first few lines of the file as sent by the remote server:^M
May 4, 2020, 11:01 am -^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: File verification failed.^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: Here are the first few lines of the file as sent by the remote server:^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data:^M
May 4, 2020, 11:01 am - id: bb2ac0b8da1f64a3498af147ba43fc10
data: END^M

Kind regards,

Vincent


#12

did you use windose tp create any file you did run it through dos2unix?


#13

Can you tell us what version of the backup module is on your system? If an update is available, try applying it and let us know if you get the same errors. And as you’re testing this, did you make sure to include items in your backup job? Some users have seen errors when testing without any items included in their backups. That could be an older issue, but I wanted to check. Also, do you see any log activity on the SSH server side when the connection is established/attempted? I’m not sure what you’re using for your SSH server, but you’d see some messages in /var/log/secure if it was a FreePBX or CentOS type of system.


(France) #14

Hello,

@dicko : I past file as it. This is exactly what I found in log file.
@wmoon : My module is 14.0.10.10. I think I’m up to date. On server side, I can see inbound authentification from the iPBX. My ssh server is using open-ssh on Debian. Login attempt are logged in auth.log.

Kind regards,

Tiki


#15

The clue is that your log has ^M in it, this is because windows and linux have a different interpretation of “end of line” and is a tell-tail that your file is a “dos” file and not a “unix” file


#16

Can you tell us what you have for your ssh server’s settings from Backup and Restore->Servers->Your SSH Server? Also, does the path you have set there already exist on the Debian server?


(France) #17

Hello wmoon,

Please find a screenshot for my distant ssh server configuration.
Of course, servername, port and server are configured on my FreePBX with correct informations.

Username is the authorized distant user on ssh server. Path is correct and permissions are set.
The behavior expected with this configuration is teleback_freepbx@serverIP:/home/freepbx.
As /home/freepbx is the default path on distant server, I’ve with ./ as Path too.

I can’t understand why backup is trying to open /etc/asterisk/freepbx.conf for inclusion.

Kind regards,

Tiki