backintime
backintime copied to clipboard
bit-team
ProxyJump with another keyfile
First of all, great tool!
I saw, that in version 1.5 proxy jumps made it into the tool. However, my remote ssh connection works with another keyfile for the ProxyJump. However according to the ssh implementation there is no keyfile used for proxy jumps.
Is there a workaround for that or does this needs to be implemented?
Hello Laurenz,
Thank you for taking the time to report the bug and providing the details. I appreciate your feedback.
I am not sure if I get this correct. I never explicit specified key files myself. BIT runs on hostA, over hostB (the jump host), into hostC (the backup destination). So you talk about the key-file for hostB?
I even wonder why BIT need to manage the key-file for hostC. Should hostB manage the key-file for hostC? I am confused. :D
Is your use case a rare case? I don't want to make the GUI more complex at all. But I also don't say "no". I need to mangle this in my head.
If you have any more details to share, feel free to reach out.
Not sure when we'll find the time to work on it. Please see the projects background information to get an idea about our workflow and priorities:
Best regards, Christian
I think the use case is indeed a niche one. So I'll understand, that there are more important things to do.
After your comment, I just realized BIT uses -J flag for specifying the proxy jump, which is totally fine.
However, it is also possible with -o "ProxyCommand=..", where you could define a second key and thus manage all keys in on one host. But it would not make sense to change it to, because the -J is more convenient.
I think it could be implemented by allowing arbitrary ssh options like the "Paste additional options to rsync" in "Expert Options"
Thank your for reporting back.
I wonder myself if the key-file specified in "Manage profiles" dialog is just to access the jump host or to access the backup host with a jumphost inbetween... (#1931)
EDIT: Let me know if "Add prefix to SSH command..." (Export Options) works for you. Then I will add this special case to the documentation.
I do not think it is possible to do with "Add prefix to SSH command". It would need a new settings, which adds ssh options to the ssh command like "Paste additional options to rsync", which is placed after "rsync" in the command line.
Another way would be to allow using ssh config files. So instead of specifying ssh user@ip -i keyfile, just specify a ssh config name like ssh configuredHostA.
Just for my own learning. Why don't you let the jump host manage its keyfile to access the destination host?
It is a bit more secure, so when the jump server is compromised, it still cannot connect to the remote server.
I had some time to think about it and collect experiences. E.g. we also removed the cipher settings from BIT, to lower maintenance burden and reduce complexity of the UI. Things like this can be configured using the SSH clients config file itself.
It seems to me this is also the case for this specific use case. Am I right?
Closing this ticket based on the comment above. Feel free to reopen if the problem still exists. Thank you for your efforts. If you have any further questions, ideas or encounter any other issues, please don't hesitate to let us know.
Best regards, Christian