[solved] sftp backup is not working -> Saved settings, but remote backup returned...

Started by bjoern.anger, August 06, 2025, 08:31:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 06, 2025, 08:31:43 AM Last Edit: August 06, 2025, 02:48:59 PM by bjoern.anger
Hi there,
I'm having an issue with the SFTP-backup-Plugin.

OPNsense has Version 25.7.1_1
sFTP plugin hat Version  1.1_2
Backup destination is an openSSH-Server running on WindowsServer 2025.

After successfully setting up the connection and authentication, I only receive the message "Saved settings, but remote backup returned no files." when I click the "Setup/test sftp" button.

I've set up a cron job to perform a backup regularly. The job starts, connects and communicates to the backupserver, but ultimately does nothing helpful.

I don't find any error messages on neither the OPNsense or on the backup destination.

How can I figure out, what's wrong?
I would appreciate some help.
August 06, 2025, 09:41:46 AM #1
Couple things I can think of:
Does the ssh login user have R/W access to the directory?
Try removing "restrict" at the beginning of the pubkey stored on the server as a test. I've found it sometimes causes unintentional effects.
August 06, 2025, 01:18:38 PM #2
Hi,

I can login using putty and create & delete files and folders. So yes, the user has R/W.

There is no "restict" in the pub-key.

Thanks for your hints.
August 06, 2025, 02:48:10 PM #3
Problem solved!

It looks like the file and/or folder permissions did not match.
The trick was/is to create the required folder via WinSCP. Then the backup works.

I would assume that there is a "problem" with the rights assignment or management. Perhaps the sftp server called up by the openSSH server under Windows has its own or at least a strange rights management. And the OPNsense cannot cope with this.

Anyone who can describe this in more detail is welcome to comment.
August 06, 2025, 04:20:42 PM #4
my guess is that when you create the directory from an ssh connection, the permissions are by default inherited by the signed-in user. So when then the subsequent connections match user and permissions. But that is not the case when created from the server side with that os (Windows in this case) has not been made aware of those permissions that need to be granted to the user connecting in the future.
It could be straight forward to verify the theory. Create a new directory as you did before alongside i.e the same level as before and compare users and permissions on each. You can remove this new test directory after without affecting the now working set.
Print
Go Up Pages1
User actions