This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted.
Each amanda client/server must have its own certificate signed by the amanda CA certificate.
Compilation and General Information
Amanda must be configure with --with-ssl-security
In amanda.conf and amanda-client.conf.
The directoty where amanda store all the certificates. A good value is ~/amanda-ssl.
Check the peer hostname match the certificate host name.
Check the fingerprint of the certificate is the same as the fingerprint we already have for that host.
Do the bsd check, dns name of peer IP is the hostname we connect to.
Filesystem Layout for Certificates
$SSL_DIR/CA/crt.pem # CA certificate that signed all certificates. $SSL_DIR/CA/private/key.pem # CA private key (on server only) $SSL_DIR/me/crt.pem # public certificate of the host $SSL_DIR/me/private/key.pem # private key of the host $SSL_DIR/me/fingerprint # fingerprint of my certificate $SSL_DIR/remote/HOSTNAME/fingerprint # fingerprint of the HOSTNAME certificate
On the HOSTNAME host, $SSL_DIR/remote/HOSTNAME is a symbolic link to ../me.
Program to Help Configuration
The amssl program is a tool to manage the certificate.
amanda(8), amanda.conf(5), amanda-client.conf(5), disklist(5), amdump(8), amrecover(8), amssl(8), amanda-auth(7)
The Amanda Wiki: : http://wiki.zmanda.com/
Jean-Louis Martineau <email@example.com>
Dustin J. Mitchell <firstname.lastname@example.org>
Paul Yeatman <email@example.com>
amanda(8), amanda-auth(7), amssl(8).