How To:Set up transport encryption with SSH: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
4. ssh-keygen -t rsa | 4. ssh-keygen -t rsa | ||
it will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub | it will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub | ||
copy ~amanda_user/.ssh/id_rsa.pub to the client machine and append it to ~amanda_user/.ssh/authorized_keys | copy ~amanda_user/.ssh/id_rsa.pub to the client machine through a secure channel(*) and append it to ~amanda_user/.ssh/authorized_keys | ||
chmod 600 ~amanda_user/.ssh/authorized_keys | chmod 600 ~amanda_user/.ssh/authorized_keys | ||
5. ssh-add | 5. ssh-add | ||
| Line 14: | Line 14: | ||
{it will add the RSA identities to the authentication agent} | {it will add the RSA identities to the authentication agent} | ||
6. run amdump as you normally do. | 6. run amdump as you normally do. | ||
(*) for example: copy id_rsa.pub to a floppy or flash drive and hand carry to the client machine. | |||
*Note that only the backup(i.e: amdump/amcheck ) is updated with the new security API. amrecover/amrestore has not been changed to take advantage of it, thus will not use "auth ssh". | *Note that only the backup(i.e: amdump/amcheck ) is updated with the new security API. amrecover/amrestore has not been changed to take advantage of it, thus will not use "auth ssh". | ||
<br/> <br/> | <br/> <br/> | ||
Revision as of 20:53, 3 April 2006
- To use ssh:
1. configure Amanda with --with-ssh-security, it will install dumper/amcheck non-suid.
2. set "auth ssh" in the dumptype
3. both server and client must be configured exactly the same
- amanda username needs to be the same
- location of amandad binaries needs to be the same
- a sourceforge RFE bug to request the above restrictions configurable.
4. ssh-keygen -t rsa
it will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub copy ~amanda_user/.ssh/id_rsa.pub to the client machine through a secure channel(*) and append it to ~amanda_user/.ssh/authorized_keys chmod 600 ~amanda_user/.ssh/authorized_keys
5. ssh-add
{will prompt for the passphrase}
{it will add the RSA identities to the authentication agent}
6. run amdump as you normally do.
(*) for example: copy id_rsa.pub to a floppy or flash drive and hand carry to the client machine.
- Note that only the backup(i.e: amdump/amcheck ) is updated with the new security API. amrecover/amrestore has not been changed to take advantage of it, thus will not use "auth ssh".