amanda-auth-ssl man page

amanda-auth-ssl ā€” SSL Communication/Authentication methods between Amanda server and client


This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted.

Each amanda client/server must have its own certificate signed by the amanda CA certificate.

Compilation and General Information

Amanda must be configure with --with-ssl-security

Server/Client Configuration

In amanda.conf and amanda-client.conf.


The directoty where amanda store all the certificates. A good value is ~/amanda-ssl.


Check the peer hostname match the certificate host name.


Check the fingerprint of the certificate is the same as the fingerprint we already have for that host.


Do the bsd check, dns name of peer IP is the hostname we connect to.

Filesystem Layout for Certificates

$SSL_DIR/CA/crt.pem                   # CA certificate that signed
                                        all certificates.
$SSL_DIR/CA/private/key.pem           # CA private key
                                        (on server only)
$SSL_DIR/me/crt.pem                   # public certificate of the host
$SSL_DIR/me/private/key.pem           # private key of the host
$SSL_DIR/me/fingerprint               # fingerprint of my certificate
$SSL_DIR/remote/HOSTNAME/fingerprint  # fingerprint of the HOSTNAME

On the HOSTNAME host, $SSL_DIR/remote/HOSTNAME is a symbolic link to ../me.

Program to Help Configuration

The amssl program is a tool to manage the certificate.

See Also

amanda(8), amanda.conf(5), amanda-client.conf(5), disklist(5), amdump(8), amrecover(8), amssl(8), amanda-auth(7)

The Amanda Wiki: :


Jean-Louis Martineau <>

Zmanda, Inc. (

Dustin J. Mitchell <>

Zmanda, Inc. (

Paul Yeatman <>

Zmanda, Inc. (

Referenced By

amanda(8), amanda-auth(7), amssl(8).

12/01/2017 Amanda 3.5.1 Miscellanea