> > Amanda Backup Client Hosts Check > > -------------------------------- > > Host key verification failed. > > WARNING: dimanche.coolheads.com: selfcheck request failed: EOF on read from > > dimanche.coolheads.com > > Client check: 1 host checked in 0.137 seconds, 1 problem found > > does dimanche.coolheads.com (the fqdn version) in the server's > .ssh/known_hosts file?
Well, that didn't work, but it gave me an idea that did work. I'm writing it here in case others can use this information and avoid some of the tedium I've just experienced. Kevin, you were right all along: there was a bug in my ssh configuration. It's just unfortunate that none of the cheap ways of debugging the ssh problem -- ways that I already knew -- worked. So, here was the debugging strategy that actually worked: (1) Stop the client's sshd. This will not interrupt current ssh sessions. (If the client is remote, don't end your own ssh session until you've restarted sshd with it!) (2) sshd -d ...and watch the output as you run amcheck on the server. "-d" means "non-forking debug mode". It discloses everything it's hearing, and everything it's doing about it. It's downright chatty, in fact. (3) (Don't forget to restart sshd!) >From the sshd debug output, I learned that I was sending a good host key, but the name of the host wasn't the same as the name of the host on the key. The amanda server was identifying its host to the amanda client as "localhost", which made sense because, in this particular case, both client and server were running on the same machine. With the knowledge of how amanda server was identifying its host to the client, it was easy to set up the client's authorized_keys file with a key associated with both of its hostnames. The whole thing makes perfect sense. It even makes sense that ssh (as opposed to sshd) is so unhelpful about communicating what's wrong (after all, it's not supposed to help the gate-crashers), and that amcheck has nothing to say about the problem other than that the client sent an EOT and that was all. After all, what else would amcheck know? But if other Amanda users have problems making auth="ssh" work, I suggest they be informed about the sshd -d method of debugging an ssh configuration. By the way, I had to use the same technique on 2 of my 5 clients: one because of the "localhost" thing, and the other because that was the only way to discover that only at that particular client, the server process was seen as running on a host identified only as an IP address, and not as any sort of hostname or fqhn. -- Steve Steven R. Newcomb, Consultant Coolheads Consulting Co-editor, Topic Maps International Standard (ISO/IEC 13250) Co-editor, draft Topic Maps -- Reference Model (ISO/IEC 13250-5) [EMAIL PROTECTED] http://www.coolheads.com direct: +1 540 951 9773 main: +1 540 951 9774 fax: +1 540 951 9775 208 Highview Drive Blacksburg, Virginia 24060 USA (Confidential to all US government personnel to whom this private letter is not addressed and who are reading it in the absence of a specific search warrant: You are violating the law and you are co-conspiring to subvert the Constitution that you are sworn to defend. You can either refuse to commit this crime, or you can expect to suffer criminal sanctions in the future, when the current administration of the United States of America has been replaced by one that respects the rule of law. I do not envy you for having to make this difficult choice, but I urge you to make it wisely.)