This article explains the steps to enable SSH authentication for Linux clients in the 4.x and 5.x versions.
Amanda Enterprise uses "bsdtcp" as the default authentication mechanism for all backup objects. However it is possible to use the SSH authentication method with Linux clients, if you prefer to have data encrypted between server and client during transport.
Please be aware that the restores done from ZMC to the Linux client are not performed with SSH but as unencrypted data via TCP.
Configuring Zmanda server to use SSH authentication
In order to enable SSH authentication for Linux clients, certain configuration changes are required on both the server and the clients.Client side configuration
The first step to enable SSH authentication is to set a password for the 'amandabackup' user on the Linux client
passwd amandabackup
In some distributions, the location of amanda utilities such as 'amandad' will be under /usr/libexec/amanda instead of /usr/lib64/amanda.
You can verify this using the find command
find /usr -iname amandad
If the path is under /usr/libexec, we need to create a soft link using the command below.
ln -s /usr/libexec/amanda /usr/lib64/amanda
Server side configuration
All changes on the Zmanda server should be done as the 'amandabackup' user. Use this command to switch the user.
su amandabackup
In order to configure all Linux clients to use SSH, we need to edit the zmc_user_dumptypes file. This file is located at /etc/zmanda/aee5/zmc_user_dumptypes in 5.x versions and /etc/zmanda/aee4/zmc_user_dumptypes in 4.x versions.
Open this file and uncomment the line starting with "zmc_ssh_auth" shown in the code block below
define dumptype zmc_nixglobal_base {
zmc_global_base
client_encrypt "/usr/sbin/amcryptsimple"
client_decrypt_option "-d"
# zmc_ssh_auth # uncomment this line to enable SSH authentication for all *nix DLEs
# adding things here will affect all non-Windows ZMC DLEs
}
The file should look like this after the edits
Configuring SSH public key authentication between the Zmanda server and Linux clients
The SSH keys will be present in the amandabackup user's home directory /var/lib/amanda. Copy both the private and public keys created for use by amdump to standard SSH public key names using the commands below.
cp -p /var/lib/amanda/.ssh/id_rsa_amdump /var/lib/amanda/.ssh/id_rsa
cp -p /var/lib/amanda/.ssh/id_rsa_amdump.pub /var/lib/amanda/.ssh/id_rsa.pub
Then use the ssh-copy-id command to copy the keys to the Linux client.
ssh-copy-id -i ~/.ssh/id_rsa.pub amandabackup@ip_address_of_client
Once the keys are copied, confirm that you can run a command on the remote system as the amandabackup user via SSH
ssh amandabackup@ip_address_of_client 'ls'
The successful result will return a listing of the amandabackup user's home directory on the client host without issuing a password.
Performing Host check to validate the changes
Login to ZMC and check if you are able to do a successful hostcheck on all the Linux sources.
If you are facing any issues, please reach out to Zmanda support at support@zmanda.com