Man page - amanda-auth-ssl(7)
Packages contains this manual
- amlabel(8)
- amaespipe(8)
- amanda-match(7)
- amsamba(8)
- amcleanup(8)
- amrecover(8)
- amstar(8)
- amanda-client.conf(5)
- amanda.conf(5)
- amtoc(8)
- amcheckdb(8)
- amanda-archive-format(5)
- amanda-auth(7)
- amflush(8)
- amoverview(8)
- amgpgcrypt(8)
- amcrypt(8)
- amvault(8)
- amservice(8)
- amcrypt-ossl(8)
- amserverconfig(8)
- amarchiver(8)
- amanda-interactivity(7)
- amzfs-snapshot(8)
- amanda-security.conf(5)
- amssl(8)
- activate-devpay(1)
- amdump_client(8)
- amoldrecover(8)
- amanda-rest-server(8)
- amdevcheck(8)
- amanda-applications(7)
- amreindex(8)
- disklist(5)
- amsuntar(8)
- amtape(8)
- amzfs-sendrecv(8)
- script-email(8)
- amcryptsimple(8)
- amcleanupdisk(8)
- amreport(8)
- ambackup(8)
- amcrypt-ossl-asym(8)
- amanda-compatibility(7)
- amraw(8)
- amanda-command-file(5)
- amadmin(8)
- tapelist(5)
- amaddclient(8)
- amdump(8)
- amanda-devices(7)
- amanda(8)
- amplot(8)
- amrmtape(8)
- amanda-taperscan(7)
- amfetchdump(8)
- amanda-auth-ssl(7)
- amanda-changers(7)
- amtapetype(8)
- amcheck(8)
- ambsdtar(8)
- amstatus(8)
- amcheckdump(8)
- amanda-scripts(7)
- amrestore(8)
- ampgsql(8)
- amgetconf(8)
- amgtar(8)
apt-get install amanda-common
Manual
AMANDA-AUTH-SSL
NAMEDESCRIPTION
COMPILATION AND GENERAL INFORMATION
SERVER/CLIENT CONFIGURATION
FILESYSTEM LAYOUT FOR CERTIFICATES
PROGRAM TO HELP CONFIGURATION
SEE ALSO
AUTHORS
NAME
amanda-auth-ssl - SSL Communication/Authentication methods between Amanda server and client
DESCRIPTION
This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted.
Each amanda client/server must have its own certificate signed by the amanda CA certificate.
COMPILATION AND GENERAL INFORMATION
Amanda must be configure with --with-ssl-security
SERVER/CLIENT CONFIGURATION
In amanda.conf and amanda-client.conf .
ssl-dir
The directoty where amanda store all the certificates. A good value is ˜/amanda-ssl .
ssl-check-certificate-host
Check the peer hostname match the certificate host name.
ssl-check-fingerprint
Check the fingerprint of the certificate is the same as the fingerprint we already have for that host.
ssl-check-host
Do the bsd check, dns name of peer IP is the hostname we connect to.
FILESYSTEM LAYOUT FOR CERTIFICATES
$SSL_DIR/CA/crt.pem
# CA certificate that signed
all certificates.
$SSL_DIR/CA/private/key.pem # CA private key
(on server only)
$SSL_DIR/me/crt.pem # public certificate of the host
$SSL_DIR/me/private/key.pem # private key of the host
$SSL_DIR/me/fingerprint # fingerprint of my certificate
$SSL_DIR/remote/HOSTNAME/fingerprint # fingerprint of the
HOSTNAME
certificate
On the HOSTNAME host, $SSL_DIR/remote/HOSTNAME is a symbolic link to ../me .
PROGRAM TO HELP CONFIGURATION
The amssl program is a tool to manage the certificate.
SEE ALSO
amanda (8), amanda.conf (5), amanda-client.conf (5), disklist (5), amdump (8), amrecover (8), amssl (8), amanda-auth (7)
The Amanda Wiki: : http://wiki.zmanda.com/
AUTHORS
Jean-Louis Martineau <martineau@zmanda.com>
Zmanda, Inc. (http://www.zmanda.com)
Dustin J. Mitchell <dustin@zmanda.com>
Zmanda, Inc. (http://www.zmanda.com)
Paul Yeatman <pyeatman@zmanda.com>
Zmanda, Inc. (http://www.zmanda.com)