How To:Set up transport encryption with SSH
- To use ssh:
1. configure Amanda with --with-ssh-security, it will install dumper/amcheck non-suid.
2. set "auth ssh" in the dumptype
3. both server and client must be configured exactly the same
- amanda username needs to be the same
- location of amandad binaries needs to be the same
- a sourceforge RFE bug to request the above restrictions configurable.
4. ssh-keygen -t rsa
it will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub copy ~amanda_user/.ssh/id_rsa.pub to the client machine through a secure channel(*) and append it to ~amanda_user/.ssh/authorized_keys chmod 600 ~amanda_user/.ssh/authorized_keys
5. ssh-add
{will prompt for the passphrase} {it will add the RSA identities to the authentication agent}
6. run amdump as you normally do.
(*) for example: copy id_rsa.pub to a floppy or flash drive and hand carry to the client machine.
- Note that only the backup(i.e: amdump/amcheck ) is updated with the new security API. amrecover/amrestore has not been changed to take advantage of it, thus will not use "auth ssh".