My plan is for Debian 11, current is 9, to make ssh authentication the default. I will not disable bsd authentication, only harder to setup.
In attach is the Readme.Debian that I have created. Kind regards Jose M Calhariz On Mon, Feb 25, 2019 at 07:48:03AM +0100, Stefan G. Weichinger wrote: > Am 25.02.19 um 00:08 schrieb Jose M Calhariz: > > On Thu, Feb 21, 2019 at 04:50:25PM +0100, Stefan G. Weichinger > > wrote: > >> > >> does anyone see estimates fail on a updated Debian 9.8 amanda > >> client server? > >> > >> update: seems that my new docker daemon on the client closes the > >> iptables for amanda > >> > >> does anyone have a snippet for me? > >> > >> I read > >> https://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda > >> and loaded that module without success so far. > >> > >> connection is coming in, estimate starts, but results seem not > >> get back to the tape server > >> > >> > > > > I would start using ssh authentication instead of old bsd. Is what > > I use in my setups and most probably would work with your docker > > daemon. > > > > I have written documentation on how to setup it and would like > > beta tester to read it. > > good suggestion, thanks! Will try that asap. > > And sure, show us the howto > > > > -- -- Se vives de acordo com as leis da natureza, nunca seras pobre; se vives de acordo com as opinioes alheias, nunca seras rico. -- Seneca
Notes on making amanda-client work on a Debian system To get indexing (or specifically amrecover) to work right two things need to be done: 1. If you're using tcpd, make sure to edit the server's /etc/hosts.allow and allow all client machines into the daemon amandad 2. Edit the server(s) ~backup/.amandahosts and add an entry like: "<client_hostname> root" As always: for more complex setups consult the manpages and available documentation in /usr/share/doc/amanda-common ;-) - - - - - To make a client work using SSH transport do: Copy the contents of id_rsa_amanda.pub from backup@amanda-server into ~backup/.ssh/authorized_keys mkdir -p ~backup/.ssh echo -n 'from="XXX.XXX.XXX.XXX",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/lib/amanda/amandad -auth=ssh amdump" ' >> ~backup/.ssh/authorized_keys cat id_rsa_amanda.pub >> ~backup/.ssh/authorized_keys Edit the autorized_keys to replace XXX.XXX.XXX.XXX with the IP of the backup server. Change the shell of the backup account to /bin/bash. chsh -s /bin/bash backup Test in the server that "amcheck $CONF -c $CLIENT" works -- Jose M Calhariz <calha...@debian.org>, Fri, 14 Jul 2017 11:53:08 +0100
signature.asc
Description: PGP signature