amanda-auth-ssl

Name

amanda-auth-ssl — SSL Communication/Authentication methods between Amanda server and client

DESCRIPTION

This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted.

Each amanda client/server must have its own certificate signed by the amanda CA certificate.

COMPILATION AND GENERAL INFORMATION

Amanda must be configure with --with-ssl-security

SERVER/CLIENT CONFIGURATION

In amanda.conf and amanda-client.conf.

ssl-dir: The directoty where amanda store all the certificates. A good value is ~/amanda-ssl.
ssl-check-certificate-host: Check the peer hostname match the certificate host name.
ssl-check-fingerprint: Check the fingerprint of the certificate is the same as the fingerprint we already have for that host.
ssl-check-host: Do the bsd check, dns name of peer IP is the hostname we connect to.

FILESYSTEM LAYOUT FOR CERTIFICATES

$SSL_DIR/CA/crt.pem                   # CA certificate that signed
                                        all certificates.
$SSL_DIR/CA/private/key.pem           # CA private key
                                        (on server only)
$SSL_DIR/me/crt.pem                   # public certificate of the host
$SSL_DIR/me/private/key.pem           # private key of the host
$SSL_DIR/me/fingerprint               # fingerprint of my certificate
$SSL_DIR/remote/HOSTNAME/fingerprint  # fingerprint of the HOSTNAME
                                        certificate

On the HOSTNAME host, $SSL_DIR/remote/HOSTNAME is a symbolic link to ../me.

PROGRAM TO HELP CONFIGURATION

The amssl program is a tool to manage the certificate.

AUTHORS

This manual page was written by Jean-Louis Martineau <[email protected]> (Zmanda, Inc.), Dustin J. Mitchell <[email protected]> (Zmanda, Inc.) and Paul Yeatman <[email protected]> (Zmanda, Inc.).