Yoyo/Backing Up Other Systems: Difference between revisions
(Created page with 'So just backing up "localhost" isn't enough for you? Amanda has you covered! = Background = Amanda is old for open-source software. In Amanda's infancy, spam was still canned …') |
No edit summary |
||
Line 1: | Line 1: | ||
所以只是备份“localhost”已经无法满足你了吧?Amanda有你所需要的一切! | |||
= | = 背景 = | ||
Amanda是老牌的开源软件。在Amanda的初期,垃圾邮件是肉类罐头,恶意软件是亮片T恤,发型很夸张,并且人们愉快地用'rsh'和'telnet'在互联网上冲浪。哦,美国仍然认为加密软件是“军用品”。Amanda的客户机/服务器认证因此包括用户名和一些DNS记录的基本检查。没有像现在这样,成天的对加密信道进行攻击以及对网络硬件种植木马! | |||
可悲的是,指南和阿曼达的默认配置仍然使用这些最古老的认证机制 - BSD,bsdudp和bsdtcp。为了记录在案,只要别使用BSD或bsdudp:它们基于UDP,很难调试,而且他们总是被错误的配置。如果你的网络有良好的保证,你可以摆脱bsdtcp,但此网页将不会告诉你如何去做。 | |||
此网页将教你使用SSH认证,这是一个有点麻烦的设置,但一旦它开始运行则会工作得很好。 | |||
= | = 配置 = | ||
认证在dumptypes中配置,所以我们将为这个远程系统添加一个新的dumptype。将以下内容添加到 {{man|5|amanda.conf}}: <pre> define dumptype simple-gnutar-remote { auth "ssh" ssh_keys "/etc/amanda/MyConfig/ssh-key" compress none program "GNUTAR" } </pre> over in the disklist, we'll be backing up a host named "euclid.amanda.org". 你的第二个系统的名称是不同的,所以在这里替换它。euclid.amanda.org /etc simple-gnutar-remote | |||
<pre> | |||
define dumptype simple-gnutar-remote { | |||
} | |||
</pre> | |||
over in the disklist, we'll be backing up a host named "euclid.amanda.org". | |||
== SSH | == SSH 设置 == | ||
你已经告诉Amanda使用SSH连接euclid.amanda.org, 同时使用<tt>/etc/amanda/MyConfig/ssh-key</tt>中的SSH密钥。我们要创建这些没有密码的密钥,因为阿曼达不知道如何输入密钥。<pre> amanda@knuth ~ $ ssh-keygen -f /etc/amanda/MyConfig/ssh-key Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /etc/amanda/MyConfig/ssh-key. Your public key has been saved in /etc/amanda/MyConfig/ssh-key.pub. ... </pre> 这里有两个步骤. 首先,我们需要确保SSH不会尝试向Amanda询问验证欧几里德的主机密钥。这是很容易的(小心使用完全合格的主机名,像这样): <pre> amanda@knuth ~ $ ssh [email protected] The authenticity of host 'euclid.amanda.org (2001:470:1f11:826::1)' can't be established. RSA key fingerprint is e6:a6:0a:8d:ca:6e:43:54:da:cb:1f:de:73:4e:39:5f. Are you sure you want to continue connecting (yes/no)?yes Warning: Permanently added 'euclid.amanda.org,2001:470:1f11:826::1' (RSA) to the list of known hosts. Password: </pre> (在密码提示符处使用control-c) 其次,我们需要获得欧几里德公钥。正如Amanda在欧几里德之上(注意,这里是复制<tt>.pub</tt>文件!): amanda@euclid ~ $ scp knuth:/etc/amanda/MyConfig/ssh-key.pub /tmp Password: ssh-key.pub 100% 394 0.4KB/s 00:00 (如果'Amanda'没有密码,你一定可以找到另一种方式来获取文件!!)并且添加文件到<tt>authorized_keys</tt>. amanda@euclid ~ $ cat /tmp/ssh-key.pub >> ~/.ssh/authorized_keys 从knuth处测试这个SSH连接: amanda@knuth ~ $ ssh -i /etc/amanda/MyConfig/ssh-key euclid Last login: Sat Jan 1 12:32:27 CST 2011 from euclid.amanda.org on ssh amanda@euclid ~ $ | |||
<pre> | |||
amanda@knuth ~ $ ssh-keygen -f /etc/amanda/MyConfig/ssh-key | |||
Generating public/private rsa key pair. | |||
Enter passphrase (empty for no passphrase): | |||
Enter same passphrase again: | |||
Your identification has been saved in /etc/amanda/MyConfig/ssh-key. | |||
Your public key has been saved in /etc/amanda/MyConfig/ssh-key.pub. | |||
... | |||
</pre> | |||
<pre> | |||
amanda@knuth ~ $ ssh [email protected] | |||
The authenticity of host 'euclid.amanda.org (2001:470:1f11:826::1)' can't be established. | |||
RSA key fingerprint is e6:a6:0a:8d:ca:6e:43:54:da:cb:1f:de:73:4e:39:5f. | |||
Are you sure you want to continue connecting (yes/no)? yes | |||
Warning: Permanently added 'euclid.amanda.org,2001:470:1f11:826::1' (RSA) to the list of known hosts. | |||
Password: | |||
</pre> | |||
( | |||
( | |||
= | = 检查和运行 = | ||
就像之前,运行{{man|8|amcheck}},如果看起来正常,运行 {{man|8|amdump}},直接或等待下一个计划运行。 | |||
= | = 更多信息 = | ||
{{man|7|amanda-auth}}手册页面中有身份验证方法的所有细节。[[How Tos#Communication| 交流:如何做]] 中的内容也会有所帮助。如果你使用的BSD*认证,那么[[Troubleshooting | 疑难解答]]可能是一个你会经常咨询的页面。 |
Revision as of 18:00, 3 January 2011
所以只是备份“localhost”已经无法满足你了吧?Amanda有你所需要的一切!
背景
Amanda是老牌的开源软件。在Amanda的初期,垃圾邮件是肉类罐头,恶意软件是亮片T恤,发型很夸张,并且人们愉快地用'rsh'和'telnet'在互联网上冲浪。哦,美国仍然认为加密软件是“军用品”。Amanda的客户机/服务器认证因此包括用户名和一些DNS记录的基本检查。没有像现在这样,成天的对加密信道进行攻击以及对网络硬件种植木马!
可悲的是,指南和阿曼达的默认配置仍然使用这些最古老的认证机制 - BSD,bsdudp和bsdtcp。为了记录在案,只要别使用BSD或bsdudp:它们基于UDP,很难调试,而且他们总是被错误的配置。如果你的网络有良好的保证,你可以摆脱bsdtcp,但此网页将不会告诉你如何去做。
此网页将教你使用SSH认证,这是一个有点麻烦的设置,但一旦它开始运行则会工作得很好。
配置
认证在dumptypes中配置,所以我们将为这个远程系统添加一个新的dumptype。将以下内容添加到 amanda.conf(5):
define dumptype simple-gnutar-remote { auth "ssh" ssh_keys "/etc/amanda/MyConfig/ssh-key" compress none program "GNUTAR" }
over in the disklist, we'll be backing up a host named "euclid.amanda.org". 你的第二个系统的名称是不同的,所以在这里替换它。euclid.amanda.org /etc simple-gnutar-remote
SSH 设置
你已经告诉Amanda使用SSH连接euclid.amanda.org, 同时使用/etc/amanda/MyConfig/ssh-key中的SSH密钥。我们要创建这些没有密码的密钥,因为阿曼达不知道如何输入密钥。
amanda@knuth ~ $ ssh-keygen -f /etc/amanda/MyConfig/ssh-key Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /etc/amanda/MyConfig/ssh-key. Your public key has been saved in /etc/amanda/MyConfig/ssh-key.pub. ...
这里有两个步骤. 首先,我们需要确保SSH不会尝试向Amanda询问验证欧几里德的主机密钥。这是很容易的(小心使用完全合格的主机名,像这样):
amanda@knuth ~ $ ssh [email protected] The authenticity of host 'euclid.amanda.org (2001:470:1f11:826::1)' can't be established. RSA key fingerprint is e6:a6:0a:8d:ca:6e:43:54:da:cb:1f:de:73:4e:39:5f. Are you sure you want to continue connecting (yes/no)?yes Warning: Permanently added 'euclid.amanda.org,2001:470:1f11:826::1' (RSA) to the list of known hosts. Password:
(在密码提示符处使用control-c) 其次,我们需要获得欧几里德公钥。正如Amanda在欧几里德之上(注意,这里是复制.pub文件!): amanda@euclid ~ $ scp knuth:/etc/amanda/MyConfig/ssh-key.pub /tmp Password: ssh-key.pub 100% 394 0.4KB/s 00:00 (如果'Amanda'没有密码,你一定可以找到另一种方式来获取文件!!)并且添加文件到authorized_keys. amanda@euclid ~ $ cat /tmp/ssh-key.pub >> ~/.ssh/authorized_keys 从knuth处测试这个SSH连接: amanda@knuth ~ $ ssh -i /etc/amanda/MyConfig/ssh-key euclid Last login: Sat Jan 1 12:32:27 CST 2011 from euclid.amanda.org on ssh amanda@euclid ~ $
检查和运行
就像之前,运行amcheck(8),如果看起来正常,运行 amdump(8),直接或等待下一个计划运行。
更多信息
amanda-auth(7)手册页面中有身份验证方法的所有细节。 交流:如何做 中的内容也会有所帮助。如果你使用的BSD*认证,那么 疑难解答可能是一个你会经常咨询的页面。