SFTP backend does not use local SSH-client's config

[mirko]

Coming from duplicity - which AFAIK also uses paramiko for accessing SFTP endpoints - I expected to be able to log into the SFTP backend the same (or similar) way.

For duplicity using the SFTP backend my URL is rather simple: sftp://bck-host//storage/backup/duplicity.

User, Port, IdentityKeyFile, etc. are supplemented from respective host defined in ~/.ssh/config.

Example ssh-config-file:

Host bck-host
	IdentitiesOnly yes
	Hostname %h
	User bck
	IdentityFile ~/.ssh/id_ed25519_bck
	HashKnownHosts no
	Ciphers [email protected]

While it would be nice for borgstore to also use the local SSH-client's config (I figure paramiko already provides functionality for that), I'd at least like to have the possibility / to know how to pass an IdentityFile for login to the SFTP-server.

Is there (already) a way for doing so?

[mirko]

Since borgstore is using paramiko's SSHClient()-class, implementing reading the local config file(s) appears to be rather straight forward.

Example on stackoverflow: https://stackoverflow.com/a/78088156 (mind, though, ~%s/.ssh/config might not be the only place for SSH client config files).

[mirko]

https://github.com/borgbackup/borgstore/blob/master/src/borgstore/backends/sftp.py#L43 pretty much shows, that there's currently no way for passing key files used as auth method against the SFTP-backend.

[ThomasWaldmann]

I tested the code with an ssh key loaded into the ssh-agent, but I didn't test yet using it with a ssh config.

Initially, I also thought that the username is a required part of the sftp url, but later I removed that (and it automatically uses the current logged-in username then).

Thanks for the stackoverflow link, I'll do some experiments with a ssh config later.

[ThomasWaldmann]

@mirko can you review #38?

[mirko]

Thanks a lot! Commented in #38 (comment)

Also what I learned and is good to know: passing keys via agent works implicitly, regardless!