Backing Up Other Systems
So just backing up "localhost" isn't enough for you? Amanda has you covered!
Contents
Background
Amanda is old for open-source software. In Amanda's infancy, spam was still canned meat, malware was a sequined T-shirt, hair was huge, and folks blithely used 'rsh' and 'telnet' across the Internet. Oh, and the US still considered crypto software to be a "munition". Amanda's client/server authentication thus consisted of a username and some basic checks of DNS records. Not so hot in these days of cryptographic side-channel attacks and trojan'd network hardware!
Sadly, most of the guides and default configurations for Amanda still use these ancient authentication mechanisms - bsd, bsdudp, and bsdtcp. For the record, just don't ever use bsd or bsdudp: they are based on UDP, which is difficult to debug, and they are invariably misconfigured. If your network is well-secured, you can get away with bsdtcp, but this page won't show you how to do it.
This page will use SSH authentication, which is a little bit troublesome to set up, but works quite well once it's running.
Configuration
Authentication is configured in the dumptypes, so we'll add a new dumptype for this remote system. Add the following to your amanda.conf(5):
over in the disklist, we'll be backing up a host named "euclid.amanda.org". Your second system's name is different, so substitute it here.
SSH Setup
You've now told Amanda to SSH to euclid.amanda.org, and to use the ssh keys in /etc/amanda/MyConfig/ssh-key. We should create those keys, and with no passphrase, as Amanda does not know how to enter a passphrase.
There are two more steps. First, we need to make sure that SSH does not try to ask Amanda to verify euclid's host key. That's easy enough (be careful to use the fully-qualified hostname here):
(just hit control-c at the password prompt) Second, we need to get the public key over to euclid. As amanda on euclid (noting that this is copying the .pub file!):
(if 'amanda' doesn't have a password, surely you can find another way to get the file there!) And add that file to authorized_keys.
Test this by SSH'ing from knuth:
Check and Run
Just like before, run an amcheck(8) and, if things look good, run an amdump(8) directly or wait for the next scheduled run.
More Information
The amanda-auth(7) manpage has details on all of the authentication methods available. The Communication How Tos will probably also be useful. If you're using the bsd* authentications, then Troubleshooting is probably a page you will consult often.
Last updated