| AMANDA-AUTH-SSL(7) | Miscellanea | AMANDA-AUTH-SSL(7) |
NAME¶
amanda-auth-ssl - SSL Communication/Authentication methods between Amanda server and clientDESCRIPTION¶
This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted.Each amanda client/server must have its own certificate signed by the amanda CA certificate.
COMPILATION AND GENERAL INFORMATION¶
Amanda must be configure with --with-ssl-securitySERVER/CLIENT CONFIGURATION¶
In amanda.conf and amanda-client.conf.ssl-dir
The directoty where amanda store all the certificates. A
good value is ~/amanda-ssl.
ssl-check-certificate-host
Check the peer hostname match the certificate host
name.
ssl-check-fingerprint
Check the fingerprint of the certificate is the same as
the fingerprint we already have for that host.
ssl-check-host
Do the bsd check, dns name of peer IP is the hostname we
connect to.
FILESYSTEM LAYOUT FOR CERTIFICATES¶
$SSL_DIR/CA/crt.pem # CA certificate that signed
all certificates.
$SSL_DIR/CA/private/key.pem # CA private key
(on server only)
$SSL_DIR/me/crt.pem # public certificate of the host
$SSL_DIR/me/private/key.pem # private key of the host
$SSL_DIR/me/fingerprint # fingerprint of my certificate
$SSL_DIR/remote/HOSTNAME/fingerprint # fingerprint of the HOSTNAME
certificate
On the HOSTNAME host, $SSL_DIR/remote/HOSTNAME is a symbolic link to ../me.
PROGRAM TO HELP CONFIGURATION¶
The amssl program is a tool to manage the certificate.SEE ALSO¶
amanda(8), amanda.conf(5), amanda-client.conf(5), disklist(5), amdump(8), amrecover(8), amssl(8), amanda-auth(7)The Amanda Wiki: : http://wiki.zmanda.com/
AUTHORS¶
Jean-Louis Martineau <martineau@zmanda.com>Zmanda, Inc. (http://www.zmanda.com)
Dustin J. Mitchell <dustin@zmanda.com>
Zmanda, Inc. (http://www.zmanda.com)
Paul Yeatman <pyeatman@zmanda.com>
Zmanda, Inc. (http://www.zmanda.com)
| 12/01/2017 | Amanda 3.5.1 |