How To:Set up transport encryption with SSH: Difference between revisions

From wiki.zmanda.com
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
* To use ssh:
* Configure Amanda with --with-ssh-security, it will install dumper/amcheck non-suid.<br/>
1. configure Amanda with --with-ssh-security, it will install dumper/amcheck non-suid.<br/>
* Set "auth ssh" in the dumptype<br/>
2. set "auth ssh" in the dumptype<br/>
* Both server and client must be configured exactly the same amanda username and location of amandad binaries needs to be the same or you can use amandad_path and client_username to specify path to amandad binary and client user name in dumptype definition in [[amanda.conf]] respectively.
3. both server and client must be configured exactly the same
* Run ssh-keygen to generate ssh keys
# amanda username needs to be the same
# ssh-keygen -t rsa
# location of amandad binaries needs to be the same
It will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub files.
# a sourceforge RFE bug to request the above restrictions configurable.
Copy ~amanda_user/.ssh/id_rsa.pub to the client machine through a secure channel and append it to amanda_user/.ssh/authorized_keys
4. ssh-keygen -t rsa
Example for secure channel for copying files:
  it will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub
copy id_rsa.pub to a floppy or flash drive and hand carry to the client machine.
  copy ~amanda_user/.ssh/id_rsa.pub to the client machine through a secure channel(*) and append it to ~amanda_user/.ssh/authorized_keys
# chmod 600 ~amanda_user/.ssh/authorized_keys
  chmod 600 ~amanda_user/.ssh/authorized_keys
5. Run ssh-add  
5. ssh-add  
   {will prompt for the passphrase}
   {will prompt for the passphrase}
   {it will add the RSA identities to the authentication agent}
   {it will add the RSA identities to the authentication agent}
6. run amdump as you normally do.
6. Run amdump to do backups
 
(*) for example: copy id_rsa.pub to a floppy or flash drive and hand carry to the client machine.
 
*Note that only the backup(i.e: amdump/amcheck ) is updated with the new security API. amrecover/amrestore has not been changed to take advantage of it, thus will not use "auth ssh".
<br/> <br/>

Revision as of 01:05, 15 June 2006

  • Configure Amanda with --with-ssh-security, it will install dumper/amcheck non-suid.
  • Set "auth ssh" in the dumptype
  • Both server and client must be configured exactly the same amanda username and location of amandad binaries needs to be the same or you can use amandad_path and client_username to specify path to amandad binary and client user name in dumptype definition in amanda.conf respectively.
  • Run ssh-keygen to generate ssh keys
# ssh-keygen -t rsa

It will create ~amanda_user/.ssh/id_rsa and ~amanda_user/.ssh/id_rsa.pub files. Copy ~amanda_user/.ssh/id_rsa.pub to the client machine through a secure channel and append it to amanda_user/.ssh/authorized_keys Example for secure channel for copying files: copy id_rsa.pub to a floppy or flash drive and hand carry to the client machine. 

# chmod 600 ~amanda_user/.ssh/authorized_keys

5. Run ssh-add 

  {will prompt for the passphrase}
  {it will add the RSA identities to the authentication agent}

6. Run amdump to do backups

Retrieved from ‘http://wiki.zmanda.com/index.php?title=How_To:Set_up_transport_encryption_with_SSH&oldid=3150