Lee, Raymond wrote:

-----Original Message-----

From: owner-amanda-users AT amanda DOT org [mailto:owner-amanda-users AT amanda DOT org] On Behalf Of Chris Hoogendyk

Sent: Friday, April 06, 2007 1:28 PM
To: AMANDA users
Subject: amrecover using invalid ssh options on Solaris?

My amanda 2.5.1p3 installation on Solaris 9 has been doing backups smoothly for several weeks using ssh authentication.

I can also do amrecover on the backup server, where I have sizeable spool capacity, and then move files from there across the network using scp.

However, in trying to configure ssh authentication and use amrecover on the clients, I get:

pilot:/var/tmp# /usr/local/sbin/amrecover command-line: line 0: Bad configuration option: PreferredAuthentications AMRECOVER Version 2.5.1p3. Contacting server on mormyrid.bio.mor.nsm ...

    [request failed: error sending REQ: write error to : Broken pipe]

A google search indicates that the first error line is an error from ssh. The man pages on Solaris 9 ssh have no indication of an option "PreferredAuthentications". Just for comparison, I ducked into an OpenBSD machine that I have and did a man page on ssh. There is has this option. It is OpenSSH_3.9 with OpenSSL 0.9.7d. If I ask for the version on Solaris 9 (which is based on OpenSSH), I get SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.

Chris,

Search for PreferredAuthentications in {amanda_source}/common-src/ssh-security.c

I don't know C, but maybe you can edit that and recompile?  Or maybe the 
authors only intended Amanda to be compatible with OpenSSH.

Ray

Thanks!

   /*
    * Arguments to ssh.  This should also be configurable
    */

and just removed the last option and did a `make && make install`.

So, it seems that amrecover is opening a connection with SSH and then trying to contact the amanda server on that connection and getting a broken pipe error because the SSH connection attempt failed.

I have followed the instructions from http://wiki.zmanda.com/index.php/Configuring_SSH_authenticatio n, and I have set up the amanda_client.conf on the client with the lines:

    conf "daily"            # your config name

    index_server "mormyrid.bio.mor.nsm"     # your amindexd server
    tape_server  "mormyrid.bio.mor.nsm"     # your amidxtaped server
    tapedev      "LIB-162A5"                # your tape device

# auth - authentication scheme to use between server and client. # Valid values are "bsd", "krb4", "krb5" and "ssh".

    #                 Default: [auth "bsd"]
    auth "ssh"

ssh_keys "/.ssh/id_rsa_amrecover" # your ssh keys file if you use ssh auth

So, is this an amanda bug? Is there a workaround or patch? Or have I done something wrong in my setup? If so, what should I be looking for? I don't want to have to run around to all my Solaris 9 servers and install and configure OpenSSH. Not only would it be a lot of work, but it would complicate my configurations. Sun SSH is working just fine in all other respects. Switching to OpenSSH would have a cascade effect. Sun built tcp-wrappers into their system configuration, as well as various other security items, and if I installed OpenSSH, I would also have to install tcp-wrappers and replicate all the security work on all of my servers.

TIA


---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center

~~~~~~~~~~ - University of Massachusetts, Amherst

<hoogendyk AT bio.umass DOT edu>

---------------

Erdös 4

---------------

Chris Hoogendyk

-
  O__  ---- Systems Administrator
 c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center

<hoogendyk AT bio.umass DOT edu>

Erdös 4