How To:Set up transport encryption with SSH: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
mNo edit summary |
||
Line 3: | Line 3: | ||
2. set "auth ssh" in the dumptype<br/> | 2. set "auth ssh" in the dumptype<br/> | ||
3. both server and client must be configured exactly the same | 3. both server and client must be configured exactly the same | ||
#username needs to be the same | # amanda username needs to be the same | ||
# location of amandad binaries needs to be the same | # location of amandad binaries needs to be the same | ||
# a sourceforge RFE bug to request the above restrictions configurable. | # a sourceforge RFE bug to request the above restrictions configurable. | ||
Line 15: | Line 15: | ||
6. run amdump as you normally do. | 6. run amdump as you normally do. | ||
*Note that only the backup(i.e: amdump/amcheck ) is | *Note that only the backup(i.e: amdump/amcheck ) is updated with the new security API. amrecover/amrestore has not been changed to take advantage of it, thus will not use "auth ssh". | ||
<br/> <br/> | <br/> <br/> |
Revision as of 18:39, 31 March 2006
- To use ssh:
1. configure Amanda with --with-ssh-security, it will install dumper/amcheck non-suid.
2. set "auth ssh" in the dumptype
3. both server and client must be configured exactly the same
- amanda username needs to be the same
- location of amandad binaries needs to be the same
- a sourceforge RFE bug to request the above restrictions configurable.
4. ssh-keygen -t rsa
it will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub copy ~amanda_user/.ssh/id_rsa.pub to the client machine and append it to ~amanda_user/.ssh/authorized_keys chmod 600 ~amanda_user/.ssh/authorized_keys
5. ssh-add
{will prompt for the passphrase} {it will add the RSA identities to the authentication agent}
6. run amdump as you normally do.
- Note that only the backup(i.e: amdump/amcheck ) is updated with the new security API. amrecover/amrestore has not been changed to take advantage of it, thus will not use "auth ssh".