January 21, 20233 yr https://hub.docker.com/r/nold360/borgserver Quote Debian based container image, running openssh-daemon only accessable by user named "borg" using SSH-Publickey Auth & "borgbackup" as client. Backup-Repositoriees, client's SSH-Keys & SSHd's Hostkeys will be stored in persistent storage. For every ssh-key added, a own borg-repository will be created.
January 21, 20233 yr Many Thanks for the Thread, Template and your Work! For the Fixing of this too! Greetings! Revan335
January 23, 20233 yr In the Template is Used ID but User ID do you mean? And PUID and PGID for User and Group. Not GPID. https://docs.linuxserver.io/general/understanding-puid-and-pgid Edited January 23, 20233 yr by Revan335
January 28, 20233 yr Author On 1/23/2023 at 8:04 PM, Revan335 said: In the Template is Used ID but User ID do you mean? And PUID and PGID for User and Group. Not GPID. https://docs.linuxserver.io/general/understanding-puid-and-pgid Thanks for the tip. Fixed
December 11, 20232 yr Hello, I setup passwordless login to my unraid server from laptop. I set path in Borgserver container: `ERROR: No SSH-Pubkey file found in /sshkeys` Regards.
December 11, 20232 yr 1 hour ago, Revan335 said: You need to create the SSH Keys that he not found. I create ssh keys in my laptop and transfer then to unRAID with `ssh copy-id`. So now I have to also create keys from unRAID terminal? Regards.
December 11, 20232 yr You must create the Key Pair from the Device that will Access to the Server. For example the Client/PC make your Backup to the Borg Server Docker on Unraid. You create the Key Pair on the Client and Copy the Public key to the Borg Server in the SSH Key Folder. Than Reboot the Docker and he create a Folder with the Name of the SSH Key in the other Backup Folder. Than you can Access/Backup your Client. A Documentary for the Create is in the linked Thread. From mgutt. rsync-server. The First is this Thread. The Second is the Thread from mgutt and his rsync-server with a Documentary for the Key Pair Creation. Edited December 11, 20232 yr by Revan335
December 12, 20232 yr 14 hours ago, Revan335 said: You must create the Key Pair from the Device that will Access to the Server. For example the Client/PC make your Backup to the Borg Server Docker on Unraid. You create the Key Pair on the Client and Copy the Public key to the Borg Server in the SSH Key Folder. Than Reboot the Docker and he create a Folder with the Name of the SSH Key in the other Backup Folder. Than you can Access/Backup your Client. A Documentary for the Create is in the linked Thread. From mgutt. rsync-server. The First is this Thread. The Second is the Thread from mgutt and his rsync-server with a Documentary for the Key Pair Creation. Hi, I copy key from my laptop (called matebook.pub) to /mnt/user/borg/sshkeys/clients/ and it still shows me that there's no key: ERROR: No SSH-Pubkey file found in /sshkeys I change owner like for /backup folder and also don't see that key. Regards.
December 12, 20232 yr Do you Restart the Docker? Can you access the Docker/Server via terminal from your Client? I renamed the keys to matebook in the Docker ssh key folder. But that is maybe Cosmetic.
January 21, 20242 yr Thanks for the contribution, it's working fine! A bit of trouble at first with ssh keys in the script but nothing you can't fix with a couple of BORG variables 😄 Any plans for upgrade? borg version in the container is 1.1.16 and is unsupported. Could you upgrade to last stable 1.2.7? Thanks
January 21, 20242 yr On 12/12/2023 at 11:48 AM, MarianKoniuszko said: Hi, I copy key from my laptop (called matebook.pub) to /mnt/user/borg/sshkeys/clients/ and it still shows me that there's no key: ERROR: No SSH-Pubkey file found in /sshkeys I change owner like for /backup folder and also don't see that key. Regards. I think the problem is your bind mount. You must remove the "clients" part and left only "/mnt/user/borg/sshkeys/". You must still put your keys in the clients folder but the container path must point to the parent.
January 21, 20242 yr 2 hours ago, ChuskyX said: Any plans for upgrade? borg version in the container is 1.1.16 and is unsupported. Could you upgrade to last stable 1.2.7? 😱 Your right. Strange, in the Docker Hub in the first Post are Posts Versions/Releases with 1.2.x Name/Tag. For example https://hub.docker.com/layers/nold360/borgserver/1.2.2/images/sha256-b1eb29720204e61b925d64632bbd4ea4f0738c2b2c2154888d481d5b914ca683?context=explore Is this correct or a wrong Name? Maybe can @Balya bring Light in the Darkness? Edited January 21, 20242 yr by Revan335
January 21, 20242 yr 4 hours ago, Revan335 said: 😱 Your right. Strange, in the Docker Hub in the first Post are Posts Versions/Releases with 1.2.x Name/Tag. For example https://hub.docker.com/layers/nold360/borgserver/1.2.2/images/sha256-b1eb29720204e61b925d64632bbd4ea4f0738c2b2c2154888d481d5b914ca683?context=explore Is this correct or a wrong Name? Maybe can @Balya bring Light in the Darkness? I'm using the tag "latest" so it could be expected to have the last Borg version. Thinking about it, Borg have a lot of compatility issues between versions, you need to convert repositories, change scripts, etc.. Maybe the latest tag points to the legacy version and only users aware of the implications of an upgrade, must use the 1.2 tag. Most users don't read the change logs prior upgrading containers and this might be needed to have reliable backups.
April 11, 20242 yr Can someone tell me what I'm doing wrong? Docker is set to port 22:2222 Logs look ok Can't SSH into the docker container on 2222
April 11, 20242 yr In answer to the above the correct command is SSH [email protected] -p 2222 Edited April 11, 20242 yr by kiwijunglist
April 11, 20242 yr Hmm still can't get things to work I ran the borgmatic (client) container, and loaded a console in the container Then I created a ssh key pair Then I copied the .pub file into borgserver container, and restarted borgserver container. When I try to SSH into borgserver container from borgmatic container, I get the following error: Permission denied (publickey) Edited April 11, 20242 yr by kiwijunglist
April 11, 20242 yr that error means you are trying to use a ssh password. You have to setup borgmatic to use the key. The ssh parameter is "-i keyfile". I don't use borgmatic, so i don't know where to put it. I run borg directly from command line, and I use the env variable BORG_RSH to put the key, something like export BORG_RSH=' -i path/to/keyfile' Edited April 11, 20242 yr by ChuskyX
April 13, 20242 yr Thanks, I got it working. I now have borgmatic docker connecting to borg-server docker. This is the config.yaml I had to use for borgmatic docker. source_directories: - /mnt/user/somethingtobackuplocation repositories: - path: ssh://[email protected]:2222/backup/borg label: backupserver ssh_command: ssh -i /root/.ssh/borg -p 2222 I am now trying to get vorta-docker to work... I keep geting "invalid user" error in the borg-server docker log file. Edited April 13, 20242 yr by kiwijunglist
April 13, 20242 yr OMG I WANT ABOUT 4 HOURS OF MY LIFE BACK! 😞 Debian based container image, running openssh-daemon only accessable by user named "borg" using SSH-Publickey Auth & "borgbackup" as client. So you can use different SSH key pairs for multiple repos, but the username for ssh connection is always called "borg".
January 1, 20251 yr How do I actually make a backup with the default settings? I've followed every issue here and I got to the point where the logs showed the connection from the client was accepted, but the client gives an error that it doesn't have permission to write to '/backup' or '/backup/borg' like kiwijunglist outlines below: On 4/13/2024 at 1:29 AM, kiwijunglist said: Thanks, I got it working. I now have borgmatic docker connecting to borg-server docker. This is the config.yaml I had to use for borgmatic docker. source_directories: - /mnt/user/somethingtobackuplocation repositories: - path: ssh://[email protected]:2222/backup/borg label: backupserver ssh_command: ssh -i /root/.ssh/borg -p 2222 I am now trying to get vorta-docker to work... I keep geting "invalid user" error in the borg-server docker log file. I did some digging and found that my authorized_keys file in ~/.ssh/ starts with restrict,command="cd /backup/id_rsa.pub; borg serve --restrict-to-path /backup/id_rsa.pub " which seems to limit the clients access (via the -restrict-to-path argument) to only the id_rsa.pub file. I changed the --restrict-to-path argument to allow access to the entire /backup directory and I was finally able to make a backup. The backup finished with warnings that some cert files changed during the process, however, and the authorized_keys file reverts back to the original on an update or container stop/start. Did I set something up wrong to restrict access to the /backup directory? Am I backing up to the wrong target directory? Edited January 2, 20251 yr by bigggtuna punctuation
March 7, 20251 yr Hi can i please have some advice on the Tailscale settings? Specifically: What do these do? If i disable Tailscale SSH, how does borg communicate across-sites? Thanks. Edited March 7, 20251 yr by Derek_
March 11, 20251 yr On 3/7/2025 at 8:25 AM, Derek_ said: Hi can i please have some advice on the Tailscale settings? Specifically: What do these do? If i disable Tailscale SSH, how does borg communicate across-sites? Thanks. You don't need tailscale ssh is you already have ssh client and server to communicate with. Tailscale ssh is used to provide ssh access with tailscale credentials and/or get access to the terminal if you don't have another ssh server running. Userspace networking is a fallback measure if your container can't create the tailscale tunnel the standard way. Tailscale serve i guess is to use the serve command inside the container: to allow inbound connections to your container to share folders and files.
March 12, 20251 yr 10 hours ago, ChuskyX said: You don't need tailscale ssh is you already have ssh client and server to communicate with. Tailscale ssh is used to provide ssh access with tailscale credentials and/or get access to the terminal if you don't have another ssh server running. Userspace networking is a fallback measure if your container can't create the tailscale tunnel the standard way. Tailscale serve i guess is to use the serve command inside the container: to allow inbound connections to your container to share folders and files. Thanks very much for those descriptions. I do want to use Tailscale tunneling, i'm not confident to expose SSH to the interwebs and i've used Tailscale successfully with Duplicacy. It's just that i'm not happy with Duplicacy for server to server backup. It's done well for client to server backup. I guess there's less to transmit. For Tailscale Serve, i'm not sure - wouldn't that have to be a 'yes' to allow Borg to communicate back and forth? Thank you
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.