SFTP config in non-interactive mode saves an incorrect password

patchmonkey · April 13, 2025, 11:39pm

What is the problem you are having with rclone?

I am using GoMFT which uses rclone under the hood, but I am able to replicate this problem using the same rclone commands directly. When I create a configuration for rclone as a one-liner in non-interactive mode for an sftp server, rclone will not connect to the sftp remote. If I edit the rclone configuration interactively and paste the same password I added in the one-liner, the resulting config WILL connect to the sftp server. I have also tried similar commands using a key file for SFTP and using a SMB connection with similar failures, but I have not attempted to interactively alter the configurations in the same way I did for the SFTP/password connection.

Run the command 'rclone version' and share the full output of the command.

16db3a91f446:/app# rclone --version
rclone v1.69.1
- os/version: alpine 3.19.7 (64 bit)
- os/kernel: 6.8.12-7-pve (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.24.0
- go/linking: static
- go/tags: none
16db3a91f446:/app#

Which cloud storage system are you using? (eg Google Drive)

SFTP, (Also seen on SMB)

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

16db3a91f446:/app# rclone config create testSource sftp -vv --config /tmp/gomft-rclone-test-930754844/rclone_test.conf --non-interactive host 
redacted user redacted port 22 pass redacted

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

16db3a91f446:/app# rclone config redacted --config /tmp/gomft-rclone-test-930754844/rclone_test.conf
[testSource]
type = sftp
host = XXX
user = XXX
port = 22
pass = XXX
### Double check the config for sensitive info before posting publicly

A log from the command that you were trying to run with the `-vv` flag

16db3a91f446:/app# rclone config create testSource sftp -vv --config /tmp/gomft-rclone-test-930754844/rclone_test.conf --non-interactive host 
redacted user redacted port 22 pass redacted
2025/04/13 19:30:10 DEBUG : rclone: Version "v1.69.1" starting with parameters ["rclone" "config" "create" "testSource" "sftp" "-vv" "--config" "/tmp/gomft-rclone-test-930754844/rclone_test.conf" "--non-interactive" "host" "redacted" "user" "redacted" "port" "22" "pass" "redacted"]
2025/04/13 19:30:10 DEBUG : Using config file from "/tmp/gomft-rclone-test-930754844/rclone_test.conf"
2025/04/13 19:30:10 DEBUG : Saving config "host" in section "testSource" of the config file
2025/04/13 19:30:10 DEBUG : Saving config "user" in section "testSource" of the config file
2025/04/13 19:30:10 DEBUG : Saving config "port" in section "testSource" of the config file
2025/04/13 19:30:10 DEBUG : Saving config "pass" in section "testSource" of the config file
2025/04/13 19:30:10 DEBUG : testSource: config in: state="", result=""
2025/04/13 19:30:10 DEBUG : testSource: config out: out=<nil>, err=<nil>
{
        "State": "",
        "Option": null,
        "Error": "",
        "Result": ""
}
2025/04/13 19:30:10 DEBUG : rclone: Version "v1.69.1" finishing with parameters ["rclone" "config" "create" "testSource" "sftp" "-vv" "--config" "/tmp/gomft-rclone-test-930754844/rclone_test.conf" "--non-interactive" "host" redacted" "user" "redacted" "port" "22" "pass" "redacted"]
16db3a91f446:/app#

asdffdsa · April 13, 2025, 11:52pm

welcome to the forum,

what is the password?

patchmonkey · April 14, 2025, 12:48am

30 Characters of random numbers and letters with some capitalized. No symbols or spaces or anything weird.

if I cat out the config file that gets created, the password appears in plain text and appears to be the same that I entered as a command param, but connecting with that still fails. If I open that configuration file with rclone config and interactively edit the remote hitting enter for all the defaults except password, which I re-paste twice, then the connection works (and is now encrypted in the config file).

It seems to have to do with the --obscure vs the --no-obscure flag. The command that GoMFT runs (and that I ran manaully didn't chose either and failed. If I add the --no-obscure flag to the configuration command, it fails. If I run the same configuration command with --obscure the initial lsd command works without issue. So maybe either --no-obscure is broken, or it's expecting a pre-obscured password value?

patchmonkey · April 19, 2025, 5:04pm

Is this a possible bug? Should I file an issue on the github repo?