ILRI Research Computing

User Tools

Site Tools

You are here: start » backup » amanda » client_installation_debian6
backup:amanda:client_installation_debian6

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
backup:amanda:client_installation_debian6 [2013/06/06 07:56] – [amcheck] aorthbackup:amanda:client_installation_debian6 [2013/07/10 09:19] (current) aorth
Line 26: Line 26:
 The Amanda server will connect to the client as the user ''amandabackup'' using SSH.  To make this process as seamless as possible, we need to configure password-less authentication using SSH keys.  See the [[http://wiki.zmanda.com/index.php/How_To:Set_up_transport_encryption_with_SSH|Amanda wiki on SSH auth]] for more details. The Amanda server will connect to the client as the user ''amandabackup'' using SSH.  To make this process as seamless as possible, we need to configure password-less authentication using SSH keys.  See the [[http://wiki.zmanda.com/index.php/How_To:Set_up_transport_encryption_with_SSH|Amanda wiki on SSH auth]] for more details.
  
-In a nutshell, you need to put the server's amdump SSH public key into the client's ''authorized_keys'' file.  Grab it from HPC at //~amandabackup/.ssh/id_rsa_amdump.pub// and then paste it into the client's //~amandabackup/.ssh/authorized_keys// file:+In a nutshell, you need to put the server's amdump SSH public key into the client's ''authorized_keys'' file.  Grab it from the backup server at //~amandabackup/.ssh/id_rsa_amdump.pub// and then paste it into the client's //~amandabackup/.ssh/authorized_keys// file:
  
 <code>sudo su - amandabackup <code>sudo su - amandabackup
Line 34: Line 34:
  
 For more security, prepend the key entry in //~amandabackup/.ssh/authorized_keys// with: For more security, prepend the key entry in //~amandabackup/.ssh/authorized_keys// with:
-<code>from="192.168.5.3",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/libexec/amanda/amandad -auth=ssh amdump" </code>+<code>from="192.168.5.25",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/libexec/amanda/amandad -auth=ssh amdump" </code>
  
-This limits the use of this key to HPC's IP, as well as the amdump command.+This limits the use of this key to the backup server's IP, as well as the amdump command.
  
 ==== amanda-client.conf ==== ==== amanda-client.conf ====
-Configure the client's ///etc/amanda/amanda-client.conf// to specify the appropriate server, config, tape, and auth settings, ie+Configure the client's ///etc/amanda/amanda-client.conf// to specify the appropriate server, config, tape, etc
-<file>conf "taurustest              # your config name+<file>conf "daily              # your config name
  
-index_server "192.168.5.3     # your amindexd server +index_server "192.168.5.25     # your amindexd server 
-tape_server  "192.168.5.3     # your amidxtaped server+tape_server  "192.168.5.25     # your amidxtaped server
 tapedev      "amrecover_changer"        # your tape device tapedev      "amrecover_changer"        # your tape device
                         # if not set, Use configure or ask server.                         # if not set, Use configure or ask server.
Line 56: Line 56:
 auth "ssh" auth "ssh"
  
-ssh_keys "/var/lib/amanda/.ssh/id_rsa_amrecover                       # your ssh keys file if you use ssh auth</file>+ssh_keys ""                        # your ssh keys file if you use ssh auth</file>
  
-This is used when restoring data on the client (with ''amrecover'').+This is used when restoring data on the client (with ''amrecover'').  ''amrecover'' runs as root, and as such you need to add the client'
  
 ==== Prepare amrecover ==== ==== Prepare amrecover ====
Line 64: Line 64:
 The first time you run amrecover it will try to SSH to the server.  You need to do this manually to accept the server's fingerprint: The first time you run amrecover it will try to SSH to the server.  You need to do this manually to accept the server's fingerprint:
  
-<code>root@odk:~# ssh 192.168.5.3 +<code>root@odk:~# ssh 192.168.5.25 
-The authenticity of host '192.168.5.(192.168.5.3)' can't be established.+The authenticity of host '192.168.5.25 (192.168.5.3)' can't be established.
 RSA key fingerprint is dc:80:d2:a1:da:16:b8:b5:1e:47:15:16:29:4c:be:89. RSA key fingerprint is dc:80:d2:a1:da:16:b8:b5:1e:47:15:16:29:4c:be:89.
 Are you sure you want to continue connecting (yes/no)? yes Are you sure you want to continue connecting (yes/no)? yes
-Warning: Permanently added '192.168.5.3' (RSA) to the list of known hosts. +Warning: Permanently added '192.168.5.25' (RSA) to the list of known hosts. 
-root@192.168.5.3's password:+root@192.168.5.25's password:
  
 root@odk:~# ^C</code> root@odk:~# ^C</code>
Line 84: Line 84:
 192.168.5.8     /home   ssh-user-tar</code> 192.168.5.8     /home   ssh-user-tar</code>
  
-Make sure to use the "ssh" backup types (defined in ///etc/amanda/taurustest/amanda.conf//), as the default ''root-tar'' and ''user-tar'' are for local disks only.+Make sure to use the "ssh" backup types (defined in ///etc/amanda/daily/amanda.conf//), as the default ''root-tar'' and ''user-tar'' are for local disks only.
  
 ==== SSH keys for recovery ==== ==== SSH keys for recovery ====
-In a nutshell, you need to put the client'amrecover SSH public key into the server'''authorized_keys'' file.  Grab it from the client at //~amandabackup/.ssh/id_rsa_amrecover.pub// and then paste it into the server's //~amandabackup/.ssh/authorized_keys// file:+Because ''amrecover'' runs as root, you need to copy root's ''id_rsa.pub'' to the server.  Grab it from the client at and then paste it into the server's //~amandabackup/.ssh/authorized_keys// file:
  
 <code>sudo su - amandabackup <code>sudo su - amandabackup
backup/amanda/client_installation_debian6.1370505415.txt.gz · Last modified: 2013/06/06 07:56 by aorth