SearchFAQMemberlist Log in

Backup Central Forums Forum Index » Amanda » Configuring Auth SSH for a client behind a firewall

The time now is Thu May 24, 2012 2:38 am
View previous topic | View next topic
Reply to topic Page 1 of 1
Configuring Auth SSH for a client behind a firewall
Author Message
Debbie O Connell
Guest



Post Configuring Auth SSH for a client behind a firewall 
Hi,

We are trying to setup Amanda for 1 client behind a firewall with Auth SSH for
the first time. The machines behind the firewall are all NATed. The firewall
will not allow us to port redirect port 22. As a result, all the machines behind
the firewall have non-standard SSH port numbers. For example, the machine we're
trying to backup with Amanda uses Port 1026. On the Amanda Server, as User
Amanda, we have create a /home/amanda/.ssh/config . This file contains the
following lines :

Host Name-of-Firewall
Port 1026

Using SSH from the command line,we are able to "ssh name-of-firewall", which
logs us onto the desired Amanda client (behind firewall). We have created the
appropriate keys and authorized_keys file to allow this login to not prompt for
a password. We've configured Amanda for Auth SSH as described in the Amanda
manual (Chapter 17).


Questions:
Does Auth SSH on Amanda honor the ~/.ssh/config file for Amanda on the Server?

Is Amanda totally tunneled through the SSH tunnel?

If the answer to question 1 is 'no' then how can we config Amanda to use auth
SSH to use a non-standard SSH port?
Fri Dec 10, 2010 1:13 pm
Jean-Louis Martineau
Guest



Post Configuring Auth SSH for a client behind a firewall 
Debbie O Connell wrote:
Hi,

We are trying to setup Amanda for 1 client behind a firewall with Auth SSH for
the first time. The machines behind the firewall are all NATed. The firewall
will not allow us to port redirect port 22. As a result, all the machines behind
the firewall have non-standard SSH port numbers. For example, the machine we're
trying to backup with Amanda uses Port 1026. On the Amanda Server, as User
Amanda, we have create a /home/amanda/.ssh/config . This file contains the
following lines :

Host Name-of-Firewall
Port 1026

Using SSH from the command line,we are able to "ssh name-of-firewall", which
logs us onto the desired Amanda client (behind firewall). We have created the
appropriate keys and authorized_keys file to allow this login to not prompt for
a password. We've configured Amanda for Auth SSH as described in the Amanda
manual (Chapter 17).


Questions:
Does Auth SSH on Amanda honor the ~/.ssh/config file for Amanda on the Server?

yes
Is Amanda totally tunneled through the SSH tunnel?

yes

The host name in the Host line must be the exact name amanda use.

Jean-Louis
Fri Dec 10, 2010 1:38 pm
Debbie O Connell
Guest



Post Configuring Auth SSH for a client behind a firewall 
The host name in the Host line must be the exact name amanda use.

* Yes, we have the exact name on the Host line. And we are able to SSH from the
command line using this name.

Is there any special config on the Client side?
There is no eveidence on the client side such as an amandad debug file that the
client is seeing the request.

btw. Both server & client machines are Ubuntu & using Amanda 2.6.1

Thanks,
Debbie


----- Original Message ----
From: Jean-Louis Martineau <martineau < at > zmanda.com>
To: Debbie O Connell <docrtp < at > yahoo.com>
Cc: amanda users list <amanda-users < at > amanda.org>
Sent: Fri, December 10, 2010 4:32:56 PM
Subject: Re: Configuring Auth SSH for a client behind a firewall

Debbie O Connell wrote:
Hi,

We are trying to setup Amanda for 1 client behind a firewall with Auth SSH for
the first time. The machines behind the firewall are all NATed. The firewall
will not allow us to port redirect port 22. As a result, all the machines behind
the firewall have non-standard SSH port numbers. For example, the machine we're
trying to backup with Amanda uses Port 1026. On the Amanda Server, as User
Amanda, we have create a /home/amanda/.ssh/config . This file contains the
following lines :

Host Name-of-Firewall
Port 1026

Using SSH from the command line,we are able to "ssh name-of-firewall", which
logs us onto the desired Amanda client (behind firewall). We have created the
appropriate keys and authorized_keys file to allow this login to not prompt for
a password. We've configured Amanda for Auth SSH as described in the Amanda
manual (Chapter 17).


Questions: Does Auth SSH on Amanda honor the ~/.ssh/config file for Amanda on
the Server?

yes
Is Amanda totally tunneled through the SSH tunnel?

yes

The host name in the Host line must be the exact name amanda use.

Jean-Louis
Fri Dec 10, 2010 7:06 pm
Jean-Louis Martineau
Guest



Post Configuring Auth SSH for a client behind a firewall 
Debbie O Connell wrote:
The host name in the Host line must be the exact name amanda use.

* Yes, we have the exact name on the Host line. And we are able to SSH from the
command line using this name.

Amanda use the canonical name.
Add 'debug_auth 1' in amanda.conf, run amcheck, then look in the
amcheck.*.debug file to find the exact host name amanda use.

Alternatively, you can try the attached patch (for 3.2), it allow to
define the port in the dumptype in the 'client-port' setting.

Jean-Louis
Tue Dec 14, 2010 8:39 am
Display posts from previous:

Backup Central Forums Forum Index » Amanda » Configuring Auth SSH for a client behind a firewall

The time now is Thu May 24, 2012 2:38 am | All times are GMT - 8 Hours
 
Reply to topic Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
  


Magic SEO URL for phpBB