Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: amanda over ssh

2006-09-20 19:16:42
Subject: Re: amanda over ssh
From: Kevin Till <kevin.till AT zmanda DOT com>
To: amanda-users AT amanda DOT org
Date: Wed, 20 Sep 2006 15:41:06 -0700 

Steve,


In the Amanda client .ssh/authorized_keys file, try to use ip address instead of
fqdn name in the from field, e.g:
from="192.26.10.10",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/lib/amanda/amandad -auth=ssh amdump" ssh-rsa key.... 


please list the complete output of "amcheck $config".


Kevin Till


Steve Newcomb wrote:

In answer to my request for suggestions as to why Amanda 2.5.1 doesn't
seem to work with auth=ssh on our network, Jean-Louis Martineau
<martineau AT zmanda DOT com> writes:



Anything about ssh in your system log?



Nothing in /var/log/syslog of the client.  However, in
/var/log/auth.log, the following is the typical result of an amcheck
of that client (manche):

Sep 20 11:26:16 manche sshd[9614]: Accepted publickey for amanda from 
192.168.1.2 port 40157 ssh2
Sep 20 11:26:16 manche sshd[9616]: (pam_unix) session opened for user amanda by 
(uid=0)
Sep 20 11:26:25 manche sshd[9616]: (pam_unix) session closed for user amanda

...and that's all.

(I don't know why the above says uid=0.  Everywhere on our network,
including on host "manche", user "amanda" is uid 1003.)



Could you ssh from the server to the client without amanda?



Yes.  No data comes back, which I suppose is normal, given that the
login is locked to amandad on the client, as the instructions suggest.
Anyway, the login evidently succeeds.



Did it create /tmp/amanda/amanda/amandad.*.debug files?



Yes, here's a typical one:

amandad: debug 1 pid 30936 ruid 1003 euid 1003: start at Tue Sep 19 17:15:50 
2006
security_getdriver(name=ssh) returns 0xa7f7c260
amandad: version 2.5.1
amandad: build: VERSION="Amanda-2.5.1"
amandad:        BUILT_DATE="Tue Sep 19 16:43:08 EDT 2006"
amandad:        BUILT_MACH="Linux manche 2.6.16-2-686 #1 Fri Aug 18 19:01:49 UTC 
2006 i686 GNU/Linux"
amandad:        CC="gcc"
amandad:        CONFIGURE_COMMAND="'./configure' '--prefix=/usr/amanda' 
'--sysconfdir=/etc' '--localstatedir=/var/amanda' '--with-user=amanda' 
'--with-group=disk' '--with-config=coolheads' '--with-ssh-security' 
'--with-buffered-dump' '--without-server'"
amandad: paths: bindir="/usr/amanda/bin" sbindir="/usr/amanda/sbin"
amandad:        libexecdir="/usr/amanda/libexec" mandir="/usr/amanda/man"
amandad:        AMANDA_TMPDIR="/tmp/amanda" AMANDA_DBGDIR="/tmp/amanda"
amandad:        CONFIG_DIR="/etc/amanda" DEV_PREFIX="/dev/"
amandad:        RDEV_PREFIX="/dev/" DUMP=UNDEF RESTORE=UNDEF VDUMP=UNDEF
amandad:        VRESTORE=UNDEF XFSDUMP=UNDEF XFSRESTORE=UNDEF VXDUMP=UNDEF
amandad:        VXRESTORE=UNDEF SAMBA_CLIENT="/usr/bin/smbclient"
amandad:        GNUTAR="/bin/tar" COMPRESS_PATH="/bin/gzip"
amandad:        UNCOMPRESS_PATH="/bin/gzip" LPRCMD="/usr/bin/lpr"
amandad:        MAILER="/usr/bin/Mail"
amandad:        listed_incr_dir="/var/amanda/amanda/gnutar-lists"
amandad: defs:  DEFAULT_SERVER="manche" DEFAULT_CONFIG="coolheads"
amandad:        DEFAULT_TAPE_SERVER="manche" HAVE_MMAP HAVE_SYSVSHM
amandad:        LOCKING=POSIX_FCNTL SETPGRP_VOID DEBUG_CODE
amandad:        AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY USE_AMANDAHOSTS
amandad:        CLIENT_LOGIN="amanda" FORCE_USERID HAVE_GZIP
amandad:        COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast"
amandad:        COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc"

...and that's all it says.

I tried compiling it for the client both with and without buffered
dump.  Also, with and without server.  Same result in all cases.


Thanks for the use of your brain, Jean-Louis!


-- Steve

Steven R. Newcomb, Consultant
Coolheads Consulting

Co-editor, Topic Maps International Standard (ISO/IEC 13250)
Co-editor, draft Topic Maps -- Reference Model (ISO/IEC 13250-5)

srn AT coolheads DOT com
http://www.coolheads.com

direct: +1 540 951 9773
main:   +1 540 951 9774
fax:    +1 540 951 9775

208 Highview Drive
Blacksburg, Virginia 24060 USA


(Confidential to all US government personnel to whom this private
letter is not addressed and who are reading it in the absence of a
specific search warrant: You are violating the law and you are
co-conspiring to subvert the Constitution that you are sworn to
defend.  You can either refuse to commit this crime, or you can expect
to suffer criminal sanctions in the future, when the current
administration of the United States of America has been replaced by
one that respects the rule of law.  I do not envy you for having to
make this difficult choice, but I urge you to make it wisely.)




--
Thank you!
Kevin Till

Amanda documentation: http://wiki.zmanda.com
Amanda forums:        http://forums.zmanda.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Release of amanda-2.5.1, Steve Newcomb
Next by Date:  Re: Does a mixed environment of 2.5.1 server with pre-2.5.1 clients work?, Bruce Thompson
Previous by Thread:  Re: amanda over ssh, Steve Newcomb
Next by Thread:  Re: amanda over ssh, Steve Newcomb
Indexes:  [Date] [Thread] [Top] [All Lists]