Kevin Till <kevin.till AT zmanda DOT com> writes:
> In the Amanda client .ssh/authorized_keys file, try to use ip address instead
> of
> fqdn name in the from field, e.g:
>
> from="192.26.10.10",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/lib/amanda/amandad
> -auth=ssh amdump" ssh-rsa key....
> please list the complete output of "amcheck $config".
Actually, that change *prevents* ssh from working.
The reason I don't think it's an ssh problem is that the ssh aspects
of this are evidently working. Amandad is being executed on the client!
The client and server in these tests are the same machine, "dimanche":
######################################################################
amanda@dimanche:~$ ps ax | grep amandad
30496 pts/5 S+ 0:00 grep amandad
amanda@dimanche:~$ ssh dimanche
######################################################################
(and while we're just standing here, with no output from amandad, I run
ps ax | grep amandad in another terminal):
######################################################################
amanda@dimanche:~/coolheads$ ps ax | grep amandad
30511 pts/7 Ss+ 0:00 /home/amanda/libexec/amandad -auth=ssh amdump
30523 pts/4 S+ 0:00 grep amandad
amanda@dimanche:~/coolheads$
######################################################################
So, I conclude ssh is working fine.
Now I run amcheck coolheads (coolheads is the config):
######################################################################
amanda@dimanche:~$ amcheck -c coolheads
Amanda Backup Client Hosts Check
--------------------------------
Host key verification failed.
WARNING: dimanche.coolheads.com: selfcheck request failed: EOF on read from
dimanche.coolheads.com
Client check: 1 host checked in 0.137 seconds, 1 problem found
(brought to you by Amanda 2.5.1)
amanda@dimanche:~$
######################################################################
...and that's the ENTIRE output of amcheck -c !
Here's what's in
/tmp/amanda/server/coolheads/amcheck.20060922163043.debug as a result
of the above amcheck -c:
######################################################################
amcheck: debug 1 pid 30690 ruid 1003 euid 0: start at Fri Sep 22 16:30:43 2006
amcheck: debug 1 pid 30690 ruid 1003 euid 1003: rename at Fri Sep 22 16:30:43
2006
security_getdriver(name=ssh) returns 0xa7ede260
security_handleinit(handle=0x8062120, driver=0xa7ede260 (SSH))
security_streaminit(stream=0x80625c0, driver=0xa7ede260 (SSH))
security_stream_seterr(0x80625c0, SOCKET_EOF)
security_seterror(handle=0x8062120, driver=0xa7ede260 (SSH) error=EOF on read
from dimanche.coolheads.com)
security_close(handle=0x8062120, driver=0xa7ede260 (SSH))
security_stream_close(0x80625c0)
amcheck: pid 30690 finish time Fri Sep 22 16:30:44 2006
######################################################################
Here's what's in /tmp/amanda/amandad/amandad.20060922160958.debug:
######################################################################
amandad: debug 1 pid 29780 ruid 1003 euid 0: start at Fri Sep 22 16:09:58 2006
security_getdriver(name=ssh) returns 0xa7f69260
amandad: version 2.5.1
amandad: build: VERSION="Amanda-2.5.1"
amandad: BUILT_DATE="Fri Sep 22 16:04:49 EDT 2006"
amandad: BUILT_MACH="Linux dimanche 2.6.16-2-686 #1 Fri Aug 18 19:01:49
UTC 2006 i686 GNU/Linux"
amandad: CC="gcc"
amandad: CONFIGURE_COMMAND="'./configure' '--prefix=/home/amanda'
'--exec-prefix=/home/amanda' '--sysconfdir=/home/amanda'
'--localstatedir=/home/amanda/state' '--datadir=/home/amanda/share'
'--sysconfdir=/home' '--sharedstatedir=/home/amanda/com'
'--localstatedir=/home/amanda/var' '--libdir=/home/amanda/lib'
'--includedir=/home/amanda/include' '--oldincludedir=/home/amanda/include'
'--mandir=/home/amanda/man' '--infodir=/home/amanda/info' '--with-user=amanda'
'--with-group=disk' '--with-ssh-security'"
amandad: paths: bindir="/home/amanda/bin" sbindir="/home/amanda/sbin"
amandad: libexecdir="/home/amanda/libexec"
amandad: mandir="/home/amanda/man" AMANDA_TMPDIR="/tmp/amanda"
amandad: AMANDA_DBGDIR="/tmp/amanda" CONFIG_DIR="/home/amanda"
amandad: DEV_PREFIX="/dev/" RDEV_PREFIX="/dev/" DUMP=UNDEF
amandad: RESTORE=UNDEF VDUMP=UNDEF VRESTORE=UNDEF XFSDUMP=UNDEF
amandad: XFSRESTORE=UNDEF VXDUMP=UNDEF VXRESTORE=UNDEF
amandad: SAMBA_CLIENT="/usr/bin/smbclient" GNUTAR="/bin/tar"
amandad: COMPRESS_PATH="/bin/gzip" UNCOMPRESS_PATH="/bin/gzip"
amandad: LPRCMD="/usr/bin/lpr" MAILER="/usr/bin/Mail"
amandad: listed_incr_dir="/home/amanda/var/amanda/gnutar-lists"
amandad: defs: DEFAULT_SERVER="dimanche" DEFAULT_CONFIG="DailySet1"
amandad: DEFAULT_TAPE_SERVER="dimanche" HAVE_MMAP HAVE_SYSVSHM
amandad: LOCKING=POSIX_FCNTL SETPGRP_VOID DEBUG_CODE
amandad: AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY USE_AMANDAHOSTS
amandad: CLIENT_LOGIN="amanda" FORCE_USERID HAVE_GZIP
amandad: COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast"
amandad: COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc"
######################################################################
...and that's all !
Here's what's in /home/amanda/coolheads/amanda.conf:
######################################################################
org "Coolheads Consulting"
mailto "srn vtn root"
dumpuser "amanda"
inparallel 4
netusage 6000 Kbps
dumpcycle 25
runspercycle 0
tapecycle 100 tapes
bumpsize 200 Mb
bumpdays 1
bumpmult 4
etimeout -8000
runtapes 2
tapetype Eliant-820-112m
#tapetype Eliant-820-160m
tpchanger "chg-multi" # the tape-changer glue script
changerfile "chg-multi.conf" # the tape-changer config file
labelstr "^CH[0-9][0-9]*$" # label constraint regex: all tapes must match
holdingdisk hd1 {
comment "main holding disk"
directory "/nobackup/AMANDASPOOL" # where the holding disk is
use -2000 M
chunksize 0
}
reserve 30 # percent
logdir "/home/amanda/LOG"
infofile "/home/amanda/INFO"
indexdir "/home/amanda/INDEX"
tapelist "/home/amanda/tapelist"
define tapetype Eliant-820-112m {
comment "Exabyte Eliant 820 8mm drive with 112 meter tapes"
length 4194304 kbytes
filemark 48 kbytes # Assuming it's the same as for EXB-8500
}
define dumptype default {
comment "global definitions"
program "GNUTAR"
compress client fast
index yes
ssh_keys "/home/amanda/.ssh/id_rsa"
auth "ssh"
}
define dumptype dimancheSlash {
default
comment "root (i.e., 'slash') filesystem for dimanche"
exclude list "/home/amanda/coolheads/dimancheSlash-excludes"
}
define interface local {
comment "a local disk"
use 1000 kbps
}
define interface eth0 {
comment "100 Mbps ethernet"
use 400 kbps
}
######################################################################
Nothing at all appears in /home/amanda/LOG, /home/amanda/INFO, or
/home/amanda/INDEX.
Now, when I run amdump coolheads instead of amcheck -c coolheads, here's
what turns up in /home/amanda/LOG/log.20060922.0:
######################################################################
DISK planner dimanche.coolheads.com /
START planner date 20060922
INFO planner Adding new disk dimanche.coolheads.com:/.
START driver date 20060922
WARNING driver WARNING: directory /nobackup/AMANDASPOOL/20060922170424 is not
writable
STATS driver startup time 0.062
ERROR planner Request to dimanche.coolheads.com failed: EOF on read from
dimanche.coolheads.com
FINISH planner date 20060922 time 0.151
WARNING driver WARNING: got empty schedule from planner
ERROR taper no-tape [No writable valid tape found]
WARNING taper slot 2: read label `CH0058', date `20060801'
WARNING taper label CH0058 match labelstr but it not listed in the tapelist
file.
WARNING taper slot 1: read label `CH0059', date `20060801'
WARNING taper label CH0059 match labelstr but it not listed in the tapelist
file.
WARNING taper changer problem: 1 /dev/nst0
FINISH driver date 20060922 time 16.937
######################################################################
(I don't understand why /nobackup/AMANDASPOOL/20060922170424 is "not
writable"; the fact is that it doesn't exist. But I'm not sure that's
relevant to my problem, here.)
If I change /home/amanda/.ssh/authorized_keys so it says:
from="dimanche.coolheads.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="echo
glorp" ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAt7U07t0k+Oun36tm5ULZHMyZsTM0o9gh/c1MLOXSEvGIbdHYHktP08x2YERKQLGTlJWMuVqwZc5if/0BGiJ4SHjSjRSok4mIpa9kngF+KKD1M6EAIvT9YYLhDAm4g8whuEnc/ah74i5XnLc4PhSvV13BNPA8w2gFg71IXEqksI7r7xsWFrbjLQaxsOZmmM+ZZr/11lBjVk/sYE7nwc6G33BneFqNSPDpORvu6UCnZsK7miKm6NyMyTEOs5aW5tIy0dMqjAVZa6zE6NhQMatlTGqTEco2nLzVowW15ViDFpg4Y7lzSIWOrSVl+z4kcORkGdEKbdliUUI5UgMEYyUVyQ==
amanda@dimanche
(i.e., so the command is "echo glorp"), here's what happens:
######################################################################
amanda@dimanche:~$ ssh dimanche
glorp
Connection to dimanche closed.
amanda@dimanche:~$
######################################################################
Now that sure looks like ssh is working, right?
-- Steve
Steven R. Newcomb, Consultant
Coolheads Consulting
Co-editor, Topic Maps International Standard (ISO/IEC 13250)
Co-editor, draft Topic Maps -- Reference Model (ISO/IEC 13250-5)
srn AT coolheads DOT com
http://www.coolheads.com
direct: +1 540 951 9773
main: +1 540 951 9774
fax: +1 540 951 9775
208 Highview Drive
Blacksburg, Virginia 24060 USA
(Confidential to all US government personnel to whom this private
letter is not addressed and who are reading it in the absence of a
specific search warrant: You are violating the law and you are
co-conspiring to subvert the Constitution that you are sworn to
defend. You can either refuse to commit this crime, or you can expect
to suffer criminal sanctions in the future, when the current
administration of the United States of America has been replaced by
one that respects the rule of law. I do not envy you for having to
make this difficult choice, but I urge you to make it wisely.)
|
