Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion src/build/config/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2424,6 +2424,14 @@ option:
command: repo-type
depend: repo-sftp-host

repo-sftp-identity-agent:
section: global
group: repo
type: string
required: false
command: repo-type
depend: repo-sftp-host

repo-sftp-known-host:
section: global
group: repo
Expand All @@ -2439,7 +2447,8 @@ option:
repo-sftp-private-key-file:
section: global
group: repo
type: string
type: list
required: false
command: repo-type
depend: repo-sftp-host

Expand All @@ -2460,6 +2469,14 @@ option:
command: repo-type
depend: repo-sftp-host

repo-sftp-use-ssh-agent:
section: global
group: repo
type: boolean
default: true
command: repo-type
depend: repo-sftp-host

repo-storage-verify-tls:
section: global
group: repo
Expand Down
29 changes: 26 additions & 3 deletions src/build/help/help.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1126,6 +1126,15 @@
<example>pg-backup</example>
</config-key>

<config-key id="repo-sftp-identity-agent" name="SFTP Identity Agent">
<summary>SFTP identity agent.</summary>

<text> <p>Specifies the UNIX-domain socket used to communicate with the authentication agent. This option overrides the SSH_AUTH_SOCK environment variable and can be used to select a specific agent. Arguments to <setting>repo-sftp-identity-agent</setting> may use tilde syntax to refer to a user's home directory. This option is not valid for versions of libssh2 prior to 1.9</p>
</text>

<example>/var/lib/postgresql/.ssh/pgbackrest_ssh_identity_agent_socket</example>
</config-key>

<config-key id="repo-sftp-known-host" name="SFTP Known Hosts File">
<summary>SFTP known hosts file.</summary>

Expand All @@ -1140,7 +1149,9 @@
<summary>SFTP private key file.</summary>

<text>
<p>SFTP private key file used for authentication.</p>
<p>SFTP private key file used for authentication. The <setting>{[dash]}-repo-sftp-private-key-file</setting> option can be passed multiple times to specify more than one private key file.</p>
<p><b>NOTE</b>: If <setting>{[dash]}-repo-sftp-public-key-file</setting> is not specified, the public key path will be generated by appending <quote>.pub</quote> to the private key path and paired with it's private key for authentication. If it is specified, then it will be paired with each private key to attempt authentication.</p>
<p><b>NOTE</b>: libssh2 versions before 1.9.0 expect a PEM format keypair, ssh-keygen -m PEM -t rsa -P <quote></quote> will generate a PEM keypair without a passphrase.</p>
</text>

<example>~/.ssh/id_ed25519</example>
Expand All @@ -1150,7 +1161,7 @@
<summary>SFTP private key passphrase.</summary>

<text>
<p>Passphrase used to access the private key. This is an optional feature when creating an SSH public/private key pair.</p>
<p>Passphrase used to access the private key. This is an optional feature when creating an SSH public/private key pair. If specified, it will be used with each key.</p>
</text>

<example>BeSureToGenerateAndUseASecurePassphrase</example>
Expand All @@ -1160,12 +1171,24 @@
<summary>SFTP public key file.</summary>

<text>
<p>SFTP public key file used for authentication. Optional if compiled against OpenSSL, required if compiled against a different library.</p>
<p>SFTP public key file used for authentication. Optional if compiled against OpenSSL, required if compiled against a different library. If a public key file is specified, it will be paired with each private key file during authentication.</p>
<p><b>NOTE</b>: libssh2 versions before 1.9.0 expect a PEM format keypair, ssh-keygen -m PEM -t rsa -P <quote></quote> will generate a PEM keypair without a passphrase.</p>
</text>

<example>~/.ssh/id_ed25519.pub</example>
</config-key>

<config-key id="repo-sftp-use-ssh-agent" name="SFTP Use SSH Agent">
<summary>SFTP use ssh agent.</summary>

<text>
<p>When enabled, if not already authenticated via a private key file, an attempt will be made to authenticate via ssh-agent. The default agent is read from the SSH_AUTH_SOCK environment variable. The default agent may be overridden by using the <setting>repo-sftp-identity-agent</setting> setting if compiled against libssh2 version 1.9 or greater.</p>
</text>

<default>y</default>
<example>n</example>
</config-key>

<config-key id="repo-storage-ca-file" name="Repository Storage CA File">
<summary>Repository storage CA file.</summary>

Expand Down
4 changes: 3 additions & 1 deletion src/config/config.auto.h
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ Option constants
#define CFGOPT_TYPE "type"
#define CFGOPT_VERBOSE "verbose"

#define CFG_OPTION_TOTAL 179
#define CFG_OPTION_TOTAL 181

/***********************************************************************************************************************************
Option value constants
Expand Down Expand Up @@ -524,10 +524,12 @@ typedef enum
cfgOptRepoSftpHostKeyHashType,
cfgOptRepoSftpHostPort,
cfgOptRepoSftpHostUser,
cfgOptRepoSftpIdentityAgent,
cfgOptRepoSftpKnownHost,
cfgOptRepoSftpPrivateKeyFile,
cfgOptRepoSftpPrivateKeyPassphrase,
cfgOptRepoSftpPublicKeyFile,
cfgOptRepoSftpUseSshAgent,
cfgOptRepoStorageCaFile,
cfgOptRepoStorageCaPath,
cfgOptRepoStorageHost,
Expand Down
Loading