Configurations
      Back to home
      1. Knowledge Base
      2. Configurations

      Enabling SSH authentication in AE 4.x and 5.x

      This article explains the steps to enable SSH authentication for Linux clients in the 4.x and 5.x versions.

      Amanda Enterprise uses "bsdtcp" as the default authentication mechanism for all backup objects. However it is possible to use the SSH authentication method with Linux clients, if you prefer to have data encrypted between server and client during transport.

      Please be aware that the restores done from ZMC to the Linux client are not performed with SSH but as unencrypted data via TCP. 

      Configuring Zmanda server to use SSH authentication

      In order to enable SSH authentication for Linux clients, certain configuration changes are required on both the server and the clients. 

      Client side configuration

      The first step to enable SSH authentication is to set a password for the 'amandabackup'  user on the Linux client

      passwd amandabackup

      In some distributions, the location of amanda utilities such as 'amandad' will be under /usr/libexec/amanda instead of /usr/lib64/amanda.

      You can verify this using the find command

      find /usr -iname amandad

      If the path is under /usr/libexec, we need to create a soft link using the command below.

      ln -s /usr/libexec/amanda /usr/lib64/amanda

      Server side configuration

      All changes on the Zmanda server should be done as the 'amandabackup' user. Use this command to switch the user.

      su amandabackup

      In order to configure all Linux clients to use SSH, we need to edit the  zmc_user_dumptypes file. This file is located at /etc/zmanda/aee5/zmc_user_dumptypes in 5.x versions and /etc/zmanda/aee4/zmc_user_dumptypes in 4.x versions.

      Open this file and uncomment the line starting with "zmc_ssh_auth"  shown in the code block below

      define dumptype zmc_nixglobal_base {
              zmc_global_base
              client_encrypt "/usr/sbin/amcryptsimple"
              client_decrypt_option "-d"
              # zmc_ssh_auth # uncomment this line to enable SSH authentication for all *nix DLEs
              # adding things here will affect all non-Windows ZMC DLEs
      }

      The file should look like this after the edits

      Configuring SSH public key authentication between the Zmanda server and  Linux clients

      The SSH keys will be present in the amandabackup user's home directory /var/lib/amanda.  Copy both the private and public keys created for use by amdump to standard SSH public key names using the commands below.

      cp -p /var/lib/amanda/.ssh/id_rsa_amdump /var/lib/amanda/.ssh/id_rsa

      cp -p /var/lib/amanda/.ssh/id_rsa_amdump.pub /var/lib/amanda/.ssh/id_rsa.pub

      Then use the ssh-copy-id command to copy the keys to the Linux client.

      ssh-copy-id -i ~/.ssh/id_rsa.pub amandabackup@ip_address_of_client

      Once the keys are copied, confirm that you can run a command on the remote system as the amandabackup user via SSH

      ssh amandabackup@ip_address_of_client 'ls'

      The successful result will return a listing of the amandabackup user's home directory on the  client host without issuing a password.

      Performing Host check to validate the changes

      Login to ZMC and check if you are able to do a successful hostcheck on all the Linux sources.

      If you are facing any issues, please reach out to Zmanda support at support@zmanda.com