Yoyo/Backing Up Other Systems: Difference between revisions

From wiki.zmanda.com
Jump to navigation Jump to search
(Created page with 'So just backing up "localhost" isn't enough for you? Amanda has you covered! = Background = Amanda is old for open-source software. In Amanda's infancy, spam was still canned …')
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
So just backing up "localhost" isn't enough for you?  Amanda has you covered!
所以只是备份“localhost”已经无法满足你了吧?Amanda有你所需要的一切!


= Background =
= 背景 =
Amanda is old for open-source software.  In Amanda's infancy, spam was still canned meat, malware was a sequined T-shirt, hair was huge, and folks blithely used 'rsh' and 'telnet' across the Internet.  Oh, and the US still considered crypto software to be a "munition".  Amanda's client/server authentication thus consisted of a username and some basic checks of DNS records.  Not so hot in these days of cryptographic side-channel attacks and trojan'd network hardware!
Amanda是开源软件中的老资格了。在Amanda的初期,垃圾邮件、恶意软件是稀有而且时髦的,那时人们愉快地用'rsh''telnet'在互联网上冲浪。哦,美国人仍然认为加密软件只是“军需品”。Amanda的客户机/服务器认证因此只包括用户名和一些DNS记录的基本检查。没有像现在这样,要对付没有间断的加密信道攻击和种植了木马的网络硬件!


Sadly, most of the guides and default configurations for Amanda still use these ancient authentication mechanisms - bsd, bsdudp, and bsdtcp.  For the record, just don't ever use bsd or bsdudp: they are based on UDP, which is difficult to debug, and they are invariably misconfigured.  If your network is well-secured, you can get away with bsdtcp, but this page won't show you how to do it.
可悲的是,手册和Amanda的默认配置仍然使用这些最古老的认证机制 - BSD,bsdudp和bsdtcp。为了记录在案,只要别使用BSD或bsdudp:它们基于UDP,很难调试,而且他们总是被错误的配置。如果你的网络有良好的保证,你可以摆脱bsdtcp,但此网页将不会告诉你如何去做。


This page will use SSH authentication, which is a little bit troublesome to set up, but works quite well once it's running.
此网页将教你使用SSH认证,这是一个较麻烦的设置,但一旦它开始运行则会工作得很好。


= Configuration =
= 配置 =
Authentication is configured in the dumptypes, so we'll add a new dumptype for this remote system.  Add the following to your {{man|5|amanda.conf}}:
认证在dumptypes中配置,所以我们将为这个远程系统添加一个新的dumptype。将以下内容添加到 {{man|5|amanda.conf}}: <pre>
<pre>
define dumptype simple-gnutar-remote {
define dumptype simple-gnutar-remote {
     auth "ssh"
     auth "ssh"
Line 17: Line 16:
     program "GNUTAR"
     program "GNUTAR"
}  
}  
</pre>
</pre>在disklist中, 我们为将要备份的主机命名"euclid.amanda.org". 你的第二个系统的名称是不同的,所以在这样替换它:
over in the disklist, we'll be backing up a host named "euclid.amanda.org". Your second system's name is different, so substitute it here.
  euclid.amanda.org /etc simple-gnutar-remote
euclid.amanda.org /etc simple-gnutar-remote


== SSH Setup ==
== SSH 设置 ==
You've now told Amanda to SSH to euclid.amanda.org, and to use the ssh keys in <tt>/etc/amanda/MyConfig/ssh-key</tt>.  We should create those keys, and with no passphrase, as Amanda does not know how to enter a passphrase.
你已经告诉Amanda使用SSH连接euclid.amanda.org, 同时使用<tt>/etc/amanda/MyConfig/ssh-key</tt>中的SSH密钥。我们要创建这些没有密码的密钥,因为阿曼达不知道如何输入密钥。<pre>
<pre>
amanda@knuth ~ $ ssh-keygen -f /etc/amanda/MyConfig/ssh-key
amanda@knuth ~ $ ssh-keygen -f /etc/amanda/MyConfig/ssh-key
Generating public/private rsa key pair.
Generating public/private rsa key pair.
Line 31: Line 28:
Your public key has been saved in /etc/amanda/MyConfig/ssh-key.pub.
Your public key has been saved in /etc/amanda/MyConfig/ssh-key.pub.
...
...
</pre>
</pre>这里有两个步骤. 首先,我们需要确保SSH不会尝试向Amanda询问验证欧几里德的主机密钥。这是很容易的(小心使用完全合格的主机名,像这样): <pre>
There are two more steps. First, we need to make sure that SSH does not try to ask Amanda to verify euclid's host key.  That's easy enough (be careful to use the fully-qualified hostname here):
<pre>
amanda@knuth ~ $ ssh [email protected]
amanda@knuth ~ $ ssh [email protected]
The authenticity of host 'euclid.amanda.org (2001:470:1f11:826::1)' can't be established.
The authenticity of host 'euclid.amanda.org (2001:470:1f11:826::1)' can't be established.
Line 40: Line 35:
Warning: Permanently added 'euclid.amanda.org,2001:470:1f11:826::1' (RSA) to the list of known hosts.
Warning: Permanently added 'euclid.amanda.org,2001:470:1f11:826::1' (RSA) to the list of known hosts.
Password:  
Password:  
</pre>
</pre> (在密码提示符处使用control-c) 其次,我们需要获得欧几里德公钥。正如Amanda在欧几里德之上(注意,这里是复制<tt>.pub</tt>文件!):
(just hit control-c at the password prompt) Second, we need to get the public key over to euclid.  As amanda on euclid (noting that this is copying the <tt>.pub</tt> file!):
  amanda@euclid ~ $ scp knuth:/etc/amanda/MyConfig/ssh-key.pub /tmp
  amanda@euclid ~ $ scp knuth:/etc/amanda/MyConfig/ssh-key.pub /tmp
  Password:  
  Password:  
  ssh-key.pub        100%  394    0.4KB/s  00:00
  ssh-key.pub        100%  394    0.4KB/s  00:00
(if 'amanda' doesn't have a password, surely you can find another way to get the file there!) And add that file to <tt>authorized_keys</tt>.
(如果'Amanda'没有密码,你一定可以找到另一种方式来获取文件!!)并且添加文件到<tt>authorized_keys</tt>.
  amanda@euclid ~ $ cat /tmp/ssh-key.pub >> ~/.ssh/authorized_keys
  amanda@euclid ~ $ cat /tmp/ssh-key.pub >> ~/.ssh/authorized_keys  
Test this by SSH'ing from knuth:
从knuth处测试这个SSH连接:
  amanda@knuth ~ $ ssh -i /etc/amanda/MyConfig/ssh-key euclid
  amanda@knuth ~ $ ssh -i /etc/amanda/MyConfig/ssh-key euclid
  Last login: Sat Jan 1 12:32:27 CST 2011 from euclid.amanda.org on ssh
  Last login: Sat Jan 1 12:32:27 CST 2011 from euclid.amanda.org on ssh
  amanda@euclid ~ $  
  amanda@euclid ~ $


= Check and Run =
= 检查和运行 =
Just like before, run an {{man|8|amcheck}} and, if things look good, run an {{man|8|amdump}} directly or wait for the next scheduled run.
就像之前,运行{{man|8|amcheck}},如果看起来正常,运行 {{man|8|amdump}},直接或等待下一个计划运行。


= More Information =
= 更多信息 =
The {{man|7|amanda-auth}} manpage has details on all of the authentication methods available.  The [[How Tos#Communication|Communication How Tos]] will probably also be useful.  If you're using the bsd* authentications, then [[Troubleshooting]] is probably a page you will consult often.
{{man|7|amanda-auth}}手册页面中有身份验证方法的所有细节。[[How Tos#Communication|交流:如何做]] 中的内容也会有所帮助。如果你使用的BSD*认证,那么[[Troubleshooting|疑难解答]]可能是一个你会经常咨询的页面。

Latest revision as of 18:24, 3 January 2011

所以只是备份“localhost”已经无法满足你了吧?Amanda有你所需要的一切!

背景

Amanda是开源软件中的老资格了。在Amanda的初期,垃圾邮件、恶意软件是稀有而且时髦的,那时人们愉快地用'rsh'和'telnet'在互联网上冲浪。哦,美国人仍然认为加密软件只是“军需品”。Amanda的客户机/服务器认证因此只包括用户名和一些DNS记录的基本检查。没有像现在这样,要对付没有间断的加密信道攻击和种植了木马的网络硬件!

可悲的是,手册和Amanda的默认配置仍然使用这些最古老的认证机制 - BSD,bsdudp和bsdtcp。为了记录在案,只要别使用BSD或bsdudp:它们基于UDP,很难调试,而且他们总是被错误的配置。如果你的网络有良好的保证,你可以摆脱bsdtcp,但此网页将不会告诉你如何去做。

此网页将教你使用SSH认证,这是一个较麻烦的设置,但一旦它开始运行则会工作得很好。

配置

认证在dumptypes中配置,所以我们将为这个远程系统添加一个新的dumptype。将以下内容添加到 amanda.conf(5): 

define dumptype simple-gnutar-remote {
    auth "ssh"
    ssh_keys "/etc/amanda/MyConfig/ssh-key"
    compress none
    program "GNUTAR"
}

在disklist中, 我们为将要备份的主机命名"euclid.amanda.org". 你的第二个系统的名称是不同的,所以在这样替换它: 

 euclid.amanda.org /etc simple-gnutar-remote

SSH 设置

你已经告诉Amanda使用SSH连接euclid.amanda.org, 同时使用/etc/amanda/MyConfig/ssh-key中的SSH密钥。我们要创建这些没有密码的密钥,因为阿曼达不知道如何输入密钥。

amanda@knuth ~ $ ssh-keygen -f /etc/amanda/MyConfig/ssh-key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /etc/amanda/MyConfig/ssh-key.
Your public key has been saved in /etc/amanda/MyConfig/ssh-key.pub.
...

这里有两个步骤. 首先,我们需要确保SSH不会尝试向Amanda询问验证欧几里德的主机密钥。这是很容易的(小心使用完全合格的主机名,像这样): 

amanda@knuth ~ $ ssh [email protected]
The authenticity of host 'euclid.amanda.org (2001:470:1f11:826::1)' can't be established.
RSA key fingerprint is e6:a6:0a:8d:ca:6e:43:54:da:cb:1f:de:73:4e:39:5f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'euclid.amanda.org,2001:470:1f11:826::1' (RSA) to the list of known hosts.
Password:

(在密码提示符处使用control-c) 其次,我们需要获得欧几里德公钥。正如Amanda在欧几里德之上(注意,这里是复制.pub文件!): 

amanda@euclid ~ $ scp knuth:/etc/amanda/MyConfig/ssh-key.pub /tmp
Password: 
ssh-key.pub        100%  394     0.4KB/s   00:00

(如果'Amanda'没有密码,你一定可以找到另一种方式来获取文件!!)并且添加文件到authorized_keys. 

amanda@euclid ~ $ cat /tmp/ssh-key.pub >> ~/.ssh/authorized_keys

从knuth处测试这个SSH连接: 

amanda@knuth ~ $ ssh -i /etc/amanda/MyConfig/ssh-key euclid
Last login: Sat Jan 1 12:32:27 CST 2011 from euclid.amanda.org on ssh
amanda@euclid ~ $

检查和运行

就像之前,运行amcheck(8),如果看起来正常,运行 amdump(8),直接或等待下一个计划运行。

更多信息

amanda-auth(7)手册页面中有身份验证方法的所有细节。交流:如何做 中的内容也会有所帮助。如果你使用的BSD*认证,那么疑难解答可能是一个你会经常咨询的页面。

Retrieved from ‘http://wiki.zmanda.com/index.php?title=Yoyo/Backing_Up_Other_Systems&oldid=7993