'\" t .\" Title: amanda-auth-ssl .\" Author: Jean-Louis Martineau .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 12/01/2017 .\" Manual: Miscellanea .\" Source: Amanda 3.5.1 .\" Language: English .\" .TH "AMANDA\-AUTH\-SSL" "7" "12/01/2017" "Amanda 3\&.5\&.1" "Miscellanea" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" amanda-auth-ssl \- SSL Communication/Authentication methods between Amanda server and client .SH "DESCRIPTION" .PP This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted\&. .PP Each amanda client/server must have its own certificate signed by the amanda CA certificate\&. .SH "COMPILATION AND GENERAL INFORMATION" .PP Amanda must be configure with \-\-with\-ssl\-security .SH "SERVER/CLIENT CONFIGURATION" .PP In \fBamanda\&.conf\fR and \fBamanda\-client\&.conf\fR\&. .PP \fBssl\-dir\fR .RS 4 The directoty where amanda store all the certificates\&. A good value is \fB~/amanda\-ssl\fR\&. .RE .PP \fBssl\-check\-certificate\-host\fR .RS 4 Check the peer hostname match the certificate host name\&. .RE .PP \fBssl\-check\-fingerprint\fR .RS 4 Check the fingerprint of the certificate is the same as the fingerprint we already have for that host\&. .RE .PP \fBssl\-check\-host\fR .RS 4 Do the bsd check, dns name of peer IP is the hostname we connect to\&. .RE .SH "FILESYSTEM LAYOUT FOR CERTIFICATES" .nf $SSL_DIR/CA/crt\&.pem # CA certificate that signed all certificates\&. $SSL_DIR/CA/private/key\&.pem # CA private key (on server only) $SSL_DIR/me/crt\&.pem # public certificate of the host $SSL_DIR/me/private/key\&.pem # private key of the host $SSL_DIR/me/fingerprint # fingerprint of my certificate $SSL_DIR/remote/HOSTNAME/fingerprint # fingerprint of the HOSTNAME certificate .fi .PP On the \fBHOSTNAME\fR host, \fB$SSL_DIR/remote/HOSTNAME\fR is a symbolic link to \fB\&.\&./me\fR\&. .SH "PROGRAM TO HELP CONFIGURATION" .PP The \fBamssl\fR program is a tool to manage the certificate\&. .SH "SEE ALSO" .PP \fBamanda\fR(8), \fBamanda.conf\fR(5), \fBamanda-client.conf\fR(5), \fBdisklist\fR(5), \fBamdump\fR(8), \fBamrecover\fR(8), \fBamssl\fR(8), \fBamanda-auth\fR(7) .PP The Amanda Wiki: : http://wiki.zmanda.com/ .SH "AUTHORS" .PP \fBJean\-Louis Martineau\fR <\&martineau@zmanda\&.com\&> .RS 4 Zmanda, Inc\&. (http://www\&.zmanda\&.com) .RE .PP \fBDustin J\&. Mitchell\fR <\&dustin@zmanda\&.com\&> .RS 4 Zmanda, Inc\&. (http://www\&.zmanda\&.com) .RE .PP \fBPaul Yeatman\fR <\&pyeatman@zmanda\&.com\&> .RS 4 Zmanda, Inc\&. (http://www\&.zmanda\&.com) .RE