How To:Set up transport encryption with SSH: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (Blank passphrase etc.) |
||
Line 1: | Line 1: | ||
===Backup process [[amdump]]=== | ===Backup process [[amdump]]=== | ||
* You must create an ssh key for the Amanda server. In this example, the key is put in the id_rsa_amdump file (Run as backup user - amandabackup): | * You must create an ssh key for the Amanda server, and make sure you just hit enter when asked for a key passphrase. In this example, the key is put in the id_rsa_amdump file (Run as backup user - amandabackup): | ||
$ ssh-keygen -t rsa | $ ssh-keygen -t rsa -C "SSH Key for Amanda Backups" | ||
Enter file in which to save the key (/home/amandabackup/.ssh/id_rsa)? /home/amandabackup/.ssh/id_rsa_amdump | Enter file in which to save the key (/home/amandabackup/.ssh/id_rsa)? /home/amandabackup/.ssh/id_rsa_amdump | ||
Line 7: | Line 7: | ||
ssh_keys "/home/amandabackup/.ssh/id_rsa_amdump" | ssh_keys "/home/amandabackup/.ssh/id_rsa_amdump" | ||
* You mush append the /home/amandabackup/.ssh/id_rsa_amdump.pub file to the .ssh/authorized_keys file of all Amanda clients. | * You mush append the /home/amandabackup/.ssh/id_rsa_amdump.pub file to the .ssh/authorized_keys (if unsure, check /etc/ssh/sshd_config for what your authorized_keys file is set to) file of all Amanda clients. | ||
* For security reasons, you must prepend the line with the following: | * For security reasons, you must prepend the line with the following: |
Revision as of 22:16, 10 August 2006
Backup process amdump
- You must create an ssh key for the Amanda server, and make sure you just hit enter when asked for a key passphrase. In this example, the key is put in the id_rsa_amdump file (Run as backup user - amandabackup):
$ ssh-keygen -t rsa -C "SSH Key for Amanda Backups" Enter file in which to save the key (/home/amandabackup/.ssh/id_rsa)? /home/amandabackup/.ssh/id_rsa_amdump
- You must set the ssh_keys option in all DLE for that host:
ssh_keys "/home/amandabackup/.ssh/id_rsa_amdump"
- You mush append the /home/amandabackup/.ssh/id_rsa_amdump.pub file to the .ssh/authorized_keys (if unsure, check /etc/ssh/sshd_config for what your authorized_keys file is set to) file of all Amanda clients.
- For security reasons, you must prepend the line with the following:
from="<Amanda_server_fqdn_name>",no-port-forwarding,no-X11-forwarding, no-agent-forwarding,command="<absolute path to amandad> -auth=ssh amdump"
This will limit that key to connect only from Amanda server and only be able to execute amandad.
- If your server username and client username are different, you must add the client_username option in dumptype definition for all DLEs in the client:
client_username "client_backup_username"
- If your server amandad path and client amandad path are different, you must set the amandad_path option in all DLE for that hosts:
amandad_path "client/amandad/path"
Recovery process amrecover
- Create a ssh key for root on all clients that can use amrecover. In this example, the key is put in the /root/.ssh/id_rsa_amrecover file:
Log in as root:
# ssh-keygen -t rsa Enter file in which to save the key (/root/.ssh/id_rsa)? /root/.ssh/id_rsa_amrecover
- You must set the ssh_keys option in the /etc/amanda/amanda_client.conf file
ssh_keys "/root/.ssh/id_rsa_amrecover"
- You mush append all client /home/root/.ssh/id_rsa_amrecover.pub file to the /home/amandabackup/.ssh/authorized_keys of the server.
- For security reasons, you must prefix all lines with the following:
from="aclient_fqdn_name",no-port-forwarding,no-X11-forwarding, no-agent-forwarding,command="/path/to/amandad -auth=ssh amindexd amidxtaped"
This will limit every client key to connect from the client and only be able to execute amandad.