sshtools module

class sshtools.SSH(*args, **kwargs)[source]

Bases: MountControl

This is a backend for the mount API mount.MountControl. This will mount the remote path with sshfs, prepare the remote path and check that everything is set up correctly for Back In Time to run snapshots through SSH.

This class will only mount the remote path. The real takeSnapshot process will use rsync over ssh. Other commands run remote over ssh.

Parameters:

  • cfg (config.Config) – current config (handled by inherited mount.MountControl)

  • user (str) – User name on remote host

  • host (str) – Name or IP Address of remote host

  • port (int) – Port used by SSHd on remote host

  • path (str) – remote path where snapshots are stored. Can be either relative from remote users homedir or an absolute path

  • cipher (str) – Cipher used to encrypt the network transfer

  • private_key_file (str) – Private key which is able to log on with Public/Private Key-Method on remote host

  • nice (bool) – use nice -n 19 to run commands with low CPU priority on remote host

  • ionice (bool) – use ionice -c2 -n7 to run commands with low IO priority on remote host

  • nocache (bool) – use nocache to deactivate RAM caching of files on remote host

  • password (str) – password to unlock the private key

  • profile_id (str) – profile ID that should be used (handled by inherited mount.MountControl)

  • hash_id (str) – crc32 hash used to identify identical mountpoints (handled by inherited mount.MountControl)

  • tmp_mount (bool) – if True mount to a temporary destination (handled by inherited mount.MountControl)

  • parent (QWidget) – parent widget for QDialogs or None if there is no parent (handled by inherited mount.MountControl)

  • symlink (bool) – if True set symlink to mountpoint (handled by inherited mount.MountControl)

  • mode (str) – one of local, local_encfs, ssh or ssh_encfs (handled by inherited mount.MountControl)

  • hash_collision (int) – global value used to prevent hash collisions on mountpoints (handled by inherited mount.MountControl)

Note

All Arguments are optional. Default values will be fetched from config.Config. But after changing Settings we need to test the new values before storing them into config.Config. This is why all values will be added as arguments.

_mount()[source]

Backend mount method. This will call sshfs to mount the remote path.

Raises:

exceptions.MountException – if mount wasn’t successful

benchmarkCipher(size=40)[source]

Rudimental benchmark to compare transfer speed of all available ciphers.

Parameters:

size (int) – size of the testfile in MiB

checkCipher()[source]

Try to login to remote host with the chosen cipher. This should make sure both localhost and the remote host support the chosen cipher.

Raises:

exceptions.MountException – if login with the cipher failed

checkKnownHosts()[source]

Check if the remote host is in current users known_hosts file.

Raises:

exceptions.KnownHost – if the remote host wasn’t found in known_hosts file

checkLogin()[source]

Try to login to remote host with public/private-key-method (passwordless).

Raises:

exceptions.NoPubKeyLogin – if login failed

checkPingHost()[source]

Check if the remote host is online. Other than methods name may let suppose this does not use Ping (ICMP) but try to open a connection to the configured port on the remote host. In this way it will even work on remote hosts which have ICMP disabled.

If connection failed it will retry five times before failing.

Raises:

exceptions.MountException – if connection failed most probably because remote host is offline

checkRemoteCommands(retry=False)[source]

Try out all relevant commands used by Back In Time on the remote host to make sure snapshots will be successful with the remote host. This will also check that hard-links are supported on the remote host. This check can be disabled with config.Config.sshCheckCommands()

Parameters:

retry (bool) – retry to run the commands if it failed because the command string was to long

Raises:

exceptions.MountException – if a command is not supported on remote host or if hard-links are not supported

checkRemoteFolder()[source]

Check the remote path. If the remote path doesn’t exist this will create it. If it already exist this will check, that it is a folder and has correct permissions.

Raises:

exceptions.MountException – if remote path couldn’t be created or doesn’t have correct permissions.

preMountCheck(first_run=False)[source]

Check that everything is prepared and ready for successfully mount the remote path. Default is to run a light version of checks which will only make sure the remote host is online, sshfs is installed and the remote folder is available.

After changing settings this should be run with first_run = True to run a full check with all tests.

Parameters:

first_run (bool) – run a full test with all checks

Raises:

exceptions.MountException – if one test failed an we can not mount the remote path

randomId(size=6, chars='ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')[source]

Create a random string.

Parameters:

  • size (int) – length of the string

  • chars (str) – characters used as basis for the random string

Returns:

random string with length size

Return type:

str

startSshAgent()[source]

Start a new ssh-agent if it is not already running.

Raises:

exceptions.MountException – if starting ssh-agent failed

unlockSshAgent(force=False)[source]

Unlock the private key in ssh-agent which will provide it for all other commands. The password to unlock the key will be provided by backintime-askpass.

Parameters:

force (bool) – force to unlock the key by removing it first and add it again to make sure, the given values are correct

Raises:

exceptions.MountException – if unlock failed

sshtools.sshCopyId(pubkey, user, host, port='22', askPass='backintime-askpass', cipher=None)[source]

Copy SSH public key pubkey to remote host.

Parameters:

  • pubkey (str) – path to the public key file

  • user (str) – remote user

  • host (str) – remote host

  • port (str) – ssh port on remote host

  • askPass (str) – program used to pipe password into ssh

  • cipher (str) – cipher used for ssh

Returns:

True if successful

Return type:

bool

sshtools.sshHostKey(host, port='22')[source]

Get the remote host key from host.

Parameters:

  • host (str) – host name or IP address

  • port (str) – port number of remote ssh-server

Returns:

three item tuple with (fingerprint, hashed host key,

key type)

Return type:

tuple

sshtools.sshKeyFingerprint(path)[source]

Get the hex fingerprint from a given ssh key.

Parameters:

path (str) – full path to key file

Returns:

hex fingerprint from key

Return type:

str

sshtools.sshKeyGen(keyfile)[source]

Generate a new ssh-key pair (private and public key) in keyfile and keyfile.pub

Parameters:

keyfile (str) – path for private key file

Returns:

True if successful; False if keyfile already exist

or if there was an error

Return type:

bool

sshtools.writeKnownHostsFile(key)[source]

Write host key key into ~/.ssh/known_hosts.

Parameters:

key (str) – host key