sshtools module

class sshtools.SSH(*args, **kwargs)[source]

Bases: mount.MountControl

This is a backend for the mount API mount.MountControl. This will mount the remote path with sshfs, prepair the remote path and check that everything is set up correctly for Back In Time to run snapshots through SSH.

This class will only mount the remote path. The real takeSnapshot process will use rsync over ssh. Other commands run remote over ssh.

  • cfg (config.Config) – current config (handled by inherited mount.MountControl)
  • user (str) – User name on remote host
  • host (str) – Name or IP Address of remote host
  • port (int) – Port used by SSHd on remote host
  • path (str) – remote path where snapshots are stored. Can be either relative from remote users homedir or an absolute path
  • cipher (str) – Cipher used to encrypt the network transfer
  • private_key_file (str) – Private key which is able to log on with Public/Private Key-Method on remote host
  • nice (bool) – use nice -n 19 to run commands with low CPU priority on remote host
  • ionice (bool) – use ionice -c2 -n7 to run commands with low IO priority on remote host
  • nocache (bool) – use nocache to deactivate RAM caching of files on remote host
  • password (str) – password to unlock the private key
  • profile_id (str) – profile ID that should be used (handled by inherited mount.MountControl)
  • hash_id (str) – crc32 hash used to identify identical mountpoints (handled by inherited mount.MountControl)
  • tmp_mount (bool) – if True mount to a temporary destination (handled by inherited mount.MountControl)
  • parent (QWidget) – parent widget for QDialogs or None if there is no parent (handled by inherited mount.MountControl)
  • symlink (bool) – if True set symlink to mountpoint (handled by inherited mount.MountControl)
  • mode (str) – one of local, local_encfs, ssh or ssh_encfs (handled by inherited mount.MountControl)
  • hash_collision (int) – global value used to prevent hash collisions on mountpoints (handled by inherited mount.MountControl)


All Arguments are optional. Default values will be fetched from config.Config. But after changing Settings we need to test the new values before storing them into config.Config. This is why all values will be added as arguments.


Backend mount method. This will call sshfs to mount the remote path.

Raises:exceptions.MountException – if mount wasn’t successful

Rudimental benchmark to compare transfer speed of all available ciphers.

Parameters:size (int) – size of the testfile in MiB

Try to login to remote host with the choosen cipher. This should make sure both localhost and the remote host support the choosen cipher.

Raises:exceptions.MountException – if login with the cipher failed

Check if the remote host is in current users known_hosts file.

Raises:exceptions.KnownHost – if the remote host wasn’t found in known_hosts file

Try to login to remote host with public/private-key-method (passwordless).

Raises:exceptions.NoPubKeyLogin – if login failed

Check if the remote host is online. Other than methods name may let suppose this does not use Ping (ICMP) but try to open a connection to the configured port on the remote host. In this way it will even work on remote hosts which have ICMP disabled.

If connection failed it will retry five times before failing.

Raises:exceptions.MountException – if connection failed most probably because remote host is offline

Try out all relevant commands used by Back In Time on the remote host to make sure snapshots will be successful with the remote host. This will also check that hard-links are supported on the remote host.

This check can be disabled with config.Config.sshCheckCommands()

Parameters:retry (bool) – retry to run the commands if it failed because the command string was to long
Raises:exceptions.MountException – if a command is not supported on remote host or if hard-links are not supported

Check the remote path. If the remote path doesn’t exist this will create it. If it already exist this will check, that it is a folder and has correct permissions.

Raises:exceptions.MountException – if remote path couldn’t be created or doesn’t have correct permissions.

Check that everything is prepaired and ready for successfully mount the remote path. Default is to run a light version of checks which will only make sure the remote host is online, sshfs is installed and the remote folder is available.

After changing settings this should be run with first_run = True to run a full check with all tests.

Parameters:first_run (bool) – run a full test with all checks
Raises:exceptions.MountException – if one test failed an we can not mount the remote path
randomId(size=6, chars='ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')[source]

Create a random string.

  • size (int) – length of the string
  • chars (str) – characters used as basis for the random string

random string with lenght size

Return type:



Start a new ssh-agent if it is not already running.

Raises:exceptions.MountException – if starting ssh-agent failed

Unlock the private key in ssh-agent which will provide it for all other commands. The password to unlock the key will be provided by backintime-askpass.

Parameters:force (bool) – force to unlock the key by removing it first and add it again to make sure, the given values are correct
Raises:exceptions.MountException – if unlock failed
sshtools.sshCopyId(pubkey, user, host, port='22', askPass='backintime-askpass', cipher=None)[source]

Copy SSH public key pubkey to remote host.

  • pubkey (str) – path to the public key file
  • user (str) – remote user
  • host (str) – remote host
  • port (str) – ssh port on remote host
  • askPass (str) – program used to pipe password into ssh
  • cipher (str) – cipher used for ssh

True if successful

Return type:


sshtools.sshHostKey(host, port='22')[source]

Get the remote host key from host.

  • host (str) – host name or IP address
  • port (str) – port number of remote ssh-server

three item tuple with (fingerprint, hashed host key, key type)

Return type:



Get the hex fingerprint from a given ssh key.

Parameters:path (str) – full path to key file
Returns:hex fingerprint from key
Return type:str

Generate a new ssh-key pair (private and public key) in keyfile and

Parameters:keyfile (str) – path for private key file
True if successful; False if keyfile already exist
or if there was an error
Return type:bool

Write host key key into ~/.ssh/known_hosts.

Parameters:key (str) – host key