Actually, an SSH tunnel is one of the least easy VPNs for this because of
the many different ports AMANDA can use. Unless you have limitations on what
you can install on the boxes, a full VPN (like IPSec, as mentioned in
another post) is probably your best bet. The VPN model of point-to-point
connections suits well because AMANDA's traffic is also shaped like that,
where one of the points is always the server, and the other is a client.
If you're really more comfortable with SSH, you could schedule a tar on each
client, and follow it with an scp to send the data to the backup server,
where it can be written to tape. This would add an extra step to any
restore, but doesn't require a VPN.
> -----Original Message-----
> From: marc.bigler AT day DOT com [mailto:marc.bigler AT day DOT com]
> Sent: Wednesday, February 05, 2003 11:34 AM
> To: Bort, Paul
> Cc: amanda-users AT amanda DOT org; owner-amanda-users AT amanda DOT org
> Subject: RE: Running AMANDA over the Internet
>
>
>
> I think the easiest way would be to use an SSH tunnel. Would
> this be easy
> to implement ? Any examples maybe or pointers on how to
> acheive that ?
>
> Thanks
> Regards
>
>
>
>
>
>
>
>
>
>
> "Bort, Paul" To:
> "'marc.bigler AT day DOT com'" <marc.bigler AT day DOT com>,
> amanda-users AT amanda DOT org
> <[email protected] cc:
>
>
> om> Subject:
> RE: Running AMANDA over the Internet
>
> Sent by:
>
>
> owner-amanda-users@
>
>
> amanda.org
>
>
>
>
>
>
>
>
> 02/05/03 04:20 PM
>
>
>
>
>
>
>
>
>
>
>
>
> Amanda is a backup manager, not a security manager. There are no steps
> taken
> to ensure the security of the backups. Several solutions are
> available,
> though:
>
> - Use the Kerberos support built in to Amanda. I've never
> played with this.
>
>
> - Use tar with a wrapper script on the client that encrypts the backup
> before sending it. You might be able to find samples of this
> in the list
> archives.
>
> - Use an encrypted VPN (CIPE, FreeSWAN, SSHTunnel) between
> servers. This is
> the method I used, because I use the same tunnel for
> monitoring and file
> transfers.
>
> Search the list, think about what method fits your needs.
> Feel free to ask
> more questions. Good Luck.
>
> > -----Original Message-----
> > From: marc.bigler AT day DOT com [mailto:marc.bigler AT day DOT com]
> > Sent: Wednesday, February 05, 2003 9:50 AM
> > To: amanda-users AT amanda DOT org
> > Subject: Running AMANDA over the Internet
> >
> >
> > Hello,
> >
> > Let's take the scenario where I have got an AMANDA server
> > located at one
> > central site and have a few other servers located at various
> > places around
> > the globe which of course all need to be backed up by the
> > centraon site's
> > AMANDA server. My question is now more related about
> security and how
> > secure it is to run backups over the internet. Is AMANA
> > secure by default
> > to run over the internet or are there any optional compiling
> > options or
> > features which I should use to make the clients itself and
> > the dump secure
> > ?
> >
> > Many thanks for your opinion
> >
> > Regards
> >
> >
> >
> >
>
>
>
>
|
