How To:Set up transport encryption with SSH: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
* | ===Backup process [[amdump]]=== | ||
* | * You must create an ssh key for the Amanda server. In this example, the key is put in the id_rsa_amdump file (Run as backup user - amandabackup): | ||
* | $ ssh-keygen -t rsa | ||
* | Enter file in which to save the key (/home/amandabackup/.ssh/id_rsa)? /home/amandabackup/.ssh/id_rsa_amdump | ||
* You must set the ssh_keys option in all DLE for that host: | |||
ssh_keys "/home/amandabackup/.ssh/id_rsa_amdump" | |||
* You mush append the /home/amandabackup/.ssh/id_rsa_amdump.pub file to the .ssh/authorized_keys file of all Amanda clients. | |||
* For security reasons, you must prepend the line with the following: | |||
from="<Amanda_server_fqdn_name>",no-port-forwarding,no-X11-forwarding, | |||
no-agent-forwarding,command="<absolute path to amandad> -auth=ssh amdump" | |||
This will limit that key to connect only from Amanda server and only be able to execute amandad. | |||
* If your server username and client username are different, you must add the client_username option in dumptype definition for all DLEs in the client: | |||
client_username "client_backup_username" | |||
* If your server amandad path and client amandad path are different, you must set the amandad_path option in all DLE for that hosts: | |||
amandad_path "client/amandad/path" | |||
===Recovery process [[amrecover]]=== | |||
* Create a ssh key for root on all clients that can use [[amrecover]]. In this example, the key is put in the /root/.ssh/id_rsa_amrecover file: | |||
Log in as root: | |||
# ssh-keygen -t rsa | |||
Enter file in which to save the key (/root/.ssh/id_rsa)? /root/.ssh/id_rsa_amrecover | |||
* You must set the ssh_keys option in the ''/etc/amanda/amanda_client.conf'' file | |||
ssh_keys "/root/.ssh/id_rsa_amrecover" | |||
* You mush append all client /home/root/.ssh/id_rsa_amrecover.pub file to the /home/amandabackup/.ssh/authorized_keys of the server. | |||
* For security reasons, you must prefix all lines with the following: | |||
from="aclient_fqdn_name",no-port-forwarding,no-X11-forwarding, | |||
no-agent-forwarding,command="/path/to/amandad -auth=ssh amindexd amidxtaped" | |||
This will limit every client key to connect from the client and only be able to execute amandad. |
Revision as of 00:55, 20 June 2006
Backup process amdump
- You must create an ssh key for the Amanda server. In this example, the key is put in the id_rsa_amdump file (Run as backup user - amandabackup):
$ ssh-keygen -t rsa Enter file in which to save the key (/home/amandabackup/.ssh/id_rsa)? /home/amandabackup/.ssh/id_rsa_amdump
- You must set the ssh_keys option in all DLE for that host:
ssh_keys "/home/amandabackup/.ssh/id_rsa_amdump"
- You mush append the /home/amandabackup/.ssh/id_rsa_amdump.pub file to the .ssh/authorized_keys file of all Amanda clients.
- For security reasons, you must prepend the line with the following:
from="<Amanda_server_fqdn_name>",no-port-forwarding,no-X11-forwarding, no-agent-forwarding,command="<absolute path to amandad> -auth=ssh amdump"
This will limit that key to connect only from Amanda server and only be able to execute amandad.
- If your server username and client username are different, you must add the client_username option in dumptype definition for all DLEs in the client:
client_username "client_backup_username"
- If your server amandad path and client amandad path are different, you must set the amandad_path option in all DLE for that hosts:
amandad_path "client/amandad/path"
Recovery process amrecover
- Create a ssh key for root on all clients that can use amrecover. In this example, the key is put in the /root/.ssh/id_rsa_amrecover file:
Log in as root:
# ssh-keygen -t rsa Enter file in which to save the key (/root/.ssh/id_rsa)? /root/.ssh/id_rsa_amrecover
- You must set the ssh_keys option in the /etc/amanda/amanda_client.conf file
ssh_keys "/root/.ssh/id_rsa_amrecover"
- You mush append all client /home/root/.ssh/id_rsa_amrecover.pub file to the /home/amandabackup/.ssh/authorized_keys of the server.
- For security reasons, you must prefix all lines with the following:
from="aclient_fqdn_name",no-port-forwarding,no-X11-forwarding, no-agent-forwarding,command="/path/to/amandad -auth=ssh amindexd amidxtaped"
This will limit every client key to connect from the client and only be able to execute amandad.