Kevin Till <[EMAIL PROTECTED]> writes: > In the Amanda client .ssh/authorized_keys file, try to use ip address instead > of > fqdn name in the from field, e.g: > > from="192.26.10.10",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/lib/amanda/amandad > -auth=ssh amdump" ssh-rsa key....
> please list the complete output of "amcheck $config". Actually, that change *prevents* ssh from working. The reason I don't think it's an ssh problem is that the ssh aspects of this are evidently working. Amandad is being executed on the client! The client and server in these tests are the same machine, "dimanche": ###################################################################### [EMAIL PROTECTED]:~$ ps ax | grep amandad 30496 pts/5 S+ 0:00 grep amandad [EMAIL PROTECTED]:~$ ssh dimanche ###################################################################### (and while we're just standing here, with no output from amandad, I run ps ax | grep amandad in another terminal): ###################################################################### [EMAIL PROTECTED]:~/coolheads$ ps ax | grep amandad 30511 pts/7 Ss+ 0:00 /home/amanda/libexec/amandad -auth=ssh amdump 30523 pts/4 S+ 0:00 grep amandad [EMAIL PROTECTED]:~/coolheads$ ###################################################################### So, I conclude ssh is working fine. Now I run amcheck coolheads (coolheads is the config): ###################################################################### [EMAIL PROTECTED]:~$ amcheck -c coolheads Amanda Backup Client Hosts Check -------------------------------- Host key verification failed. WARNING: dimanche.coolheads.com: selfcheck request failed: EOF on read from dimanche.coolheads.com Client check: 1 host checked in 0.137 seconds, 1 problem found (brought to you by Amanda 2.5.1) [EMAIL PROTECTED]:~$ ###################################################################### ...and that's the ENTIRE output of amcheck -c ! Here's what's in /tmp/amanda/server/coolheads/amcheck.20060922163043.debug as a result of the above amcheck -c: ###################################################################### amcheck: debug 1 pid 30690 ruid 1003 euid 0: start at Fri Sep 22 16:30:43 2006 amcheck: debug 1 pid 30690 ruid 1003 euid 1003: rename at Fri Sep 22 16:30:43 2006 security_getdriver(name=ssh) returns 0xa7ede260 security_handleinit(handle=0x8062120, driver=0xa7ede260 (SSH)) security_streaminit(stream=0x80625c0, driver=0xa7ede260 (SSH)) security_stream_seterr(0x80625c0, SOCKET_EOF) security_seterror(handle=0x8062120, driver=0xa7ede260 (SSH) error=EOF on read from dimanche.coolheads.com) security_close(handle=0x8062120, driver=0xa7ede260 (SSH)) security_stream_close(0x80625c0) amcheck: pid 30690 finish time Fri Sep 22 16:30:44 2006 ###################################################################### Here's what's in /tmp/amanda/amandad/amandad.20060922160958.debug: ###################################################################### amandad: debug 1 pid 29780 ruid 1003 euid 0: start at Fri Sep 22 16:09:58 2006 security_getdriver(name=ssh) returns 0xa7f69260 amandad: version 2.5.1 amandad: build: VERSION="Amanda-2.5.1" amandad: BUILT_DATE="Fri Sep 22 16:04:49 EDT 2006" amandad: BUILT_MACH="Linux dimanche 2.6.16-2-686 #1 Fri Aug 18 19:01:49 UTC 2006 i686 GNU/Linux" amandad: CC="gcc" amandad: CONFIGURE_COMMAND="'./configure' '--prefix=/home/amanda' '--exec-prefix=/home/amanda' '--sysconfdir=/home/amanda' '--localstatedir=/home/amanda/state' '--datadir=/home/amanda/share' '--sysconfdir=/home' '--sharedstatedir=/home/amanda/com' '--localstatedir=/home/amanda/var' '--libdir=/home/amanda/lib' '--includedir=/home/amanda/include' '--oldincludedir=/home/amanda/include' '--mandir=/home/amanda/man' '--infodir=/home/amanda/info' '--with-user=amanda' '--with-group=disk' '--with-ssh-security'" amandad: paths: bindir="/home/amanda/bin" sbindir="/home/amanda/sbin" amandad: libexecdir="/home/amanda/libexec" amandad: mandir="/home/amanda/man" AMANDA_TMPDIR="/tmp/amanda" amandad: AMANDA_DBGDIR="/tmp/amanda" CONFIG_DIR="/home/amanda" amandad: DEV_PREFIX="/dev/" RDEV_PREFIX="/dev/" DUMP=UNDEF amandad: RESTORE=UNDEF VDUMP=UNDEF VRESTORE=UNDEF XFSDUMP=UNDEF amandad: XFSRESTORE=UNDEF VXDUMP=UNDEF VXRESTORE=UNDEF amandad: SAMBA_CLIENT="/usr/bin/smbclient" GNUTAR="/bin/tar" amandad: COMPRESS_PATH="/bin/gzip" UNCOMPRESS_PATH="/bin/gzip" amandad: LPRCMD="/usr/bin/lpr" MAILER="/usr/bin/Mail" amandad: listed_incr_dir="/home/amanda/var/amanda/gnutar-lists" amandad: defs: DEFAULT_SERVER="dimanche" DEFAULT_CONFIG="DailySet1" amandad: DEFAULT_TAPE_SERVER="dimanche" HAVE_MMAP HAVE_SYSVSHM amandad: LOCKING=POSIX_FCNTL SETPGRP_VOID DEBUG_CODE amandad: AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY USE_AMANDAHOSTS amandad: CLIENT_LOGIN="amanda" FORCE_USERID HAVE_GZIP amandad: COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast" amandad: COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc" ###################################################################### ...and that's all ! Here's what's in /home/amanda/coolheads/amanda.conf: ###################################################################### org "Coolheads Consulting" mailto "srn vtn root" dumpuser "amanda" inparallel 4 netusage 6000 Kbps dumpcycle 25 runspercycle 0 tapecycle 100 tapes bumpsize 200 Mb bumpdays 1 bumpmult 4 etimeout -8000 runtapes 2 tapetype Eliant-820-112m #tapetype Eliant-820-160m tpchanger "chg-multi" # the tape-changer glue script changerfile "chg-multi.conf" # the tape-changer config file labelstr "^CH[0-9][0-9]*$" # label constraint regex: all tapes must match holdingdisk hd1 { comment "main holding disk" directory "/nobackup/AMANDASPOOL" # where the holding disk is use -2000 M chunksize 0 } reserve 30 # percent logdir "/home/amanda/LOG" infofile "/home/amanda/INFO" indexdir "/home/amanda/INDEX" tapelist "/home/amanda/tapelist" define tapetype Eliant-820-112m { comment "Exabyte Eliant 820 8mm drive with 112 meter tapes" length 4194304 kbytes filemark 48 kbytes # Assuming it's the same as for EXB-8500 } define dumptype default { comment "global definitions" program "GNUTAR" compress client fast index yes ssh_keys "/home/amanda/.ssh/id_rsa" auth "ssh" } define dumptype dimancheSlash { default comment "root (i.e., 'slash') filesystem for dimanche" exclude list "/home/amanda/coolheads/dimancheSlash-excludes" } define interface local { comment "a local disk" use 1000 kbps } define interface eth0 { comment "100 Mbps ethernet" use 400 kbps } ###################################################################### Nothing at all appears in /home/amanda/LOG, /home/amanda/INFO, or /home/amanda/INDEX. Now, when I run amdump coolheads instead of amcheck -c coolheads, here's what turns up in /home/amanda/LOG/log.20060922.0: ###################################################################### DISK planner dimanche.coolheads.com / START planner date 20060922 INFO planner Adding new disk dimanche.coolheads.com:/. START driver date 20060922 WARNING driver WARNING: directory /nobackup/AMANDASPOOL/20060922170424 is not writable STATS driver startup time 0.062 ERROR planner Request to dimanche.coolheads.com failed: EOF on read from dimanche.coolheads.com FINISH planner date 20060922 time 0.151 WARNING driver WARNING: got empty schedule from planner ERROR taper no-tape [No writable valid tape found] WARNING taper slot 2: read label `CH0058', date `20060801' WARNING taper label CH0058 match labelstr but it not listed in the tapelist file. WARNING taper slot 1: read label `CH0059', date `20060801' WARNING taper label CH0059 match labelstr but it not listed in the tapelist file. WARNING taper changer problem: 1 /dev/nst0 FINISH driver date 20060922 time 16.937 ###################################################################### (I don't understand why /nobackup/AMANDASPOOL/20060922170424 is "not writable"; the fact is that it doesn't exist. But I'm not sure that's relevant to my problem, here.) If I change /home/amanda/.ssh/authorized_keys so it says: from="dimanche.coolheads.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="echo glorp" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt7U07t0k+Oun36tm5ULZHMyZsTM0o9gh/c1MLOXSEvGIbdHYHktP08x2YERKQLGTlJWMuVqwZc5if/0BGiJ4SHjSjRSok4mIpa9kngF+KKD1M6EAIvT9YYLhDAm4g8whuEnc/ah74i5XnLc4PhSvV13BNPA8w2gFg71IXEqksI7r7xsWFrbjLQaxsOZmmM+ZZr/11lBjVk/sYE7nwc6G33BneFqNSPDpORvu6UCnZsK7miKm6NyMyTEOs5aW5tIy0dMqjAVZa6zE6NhQMatlTGqTEco2nLzVowW15ViDFpg4Y7lzSIWOrSVl+z4kcORkGdEKbdliUUI5UgMEYyUVyQ== [EMAIL PROTECTED] (i.e., so the command is "echo glorp"), here's what happens: ###################################################################### [EMAIL PROTECTED]:~$ ssh dimanche glorp Connection to dimanche closed. [EMAIL PROTECTED]:~$ ###################################################################### Now that sure looks like ssh is working, right? -- Steve Steven R. Newcomb, Consultant Coolheads Consulting Co-editor, Topic Maps International Standard (ISO/IEC 13250) Co-editor, draft Topic Maps -- Reference Model (ISO/IEC 13250-5) [EMAIL PROTECTED] http://www.coolheads.com direct: +1 540 951 9773 main: +1 540 951 9774 fax: +1 540 951 9775 208 Highview Drive Blacksburg, Virginia 24060 USA (Confidential to all US government personnel to whom this private letter is not addressed and who are reading it in the absence of a specific search warrant: You are violating the law and you are co-conspiring to subvert the Constitution that you are sworn to defend. You can either refuse to commit this crime, or you can expect to suffer criminal sanctions in the future, when the current administration of the United States of America has been replaced by one that respects the rule of law. I do not envy you for having to make this difficult choice, but I urge you to make it wisely.)