3 .\" Author: Jean-Louis Martineau <martineau@zmanda.com>
4 .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
6 .\" Manual: Miscellanea
7 .\" Source: Amanda 3.3.2
10 .TH "AMANDA\-AUTH" "7" "07/25/2012" "Amanda 3\&.3\&.2" "Miscellanea"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 amanda-auth \- Communication/Authentication methods between Amanda server and client
34 Amanda offers 7 methods of communication between Amanda server (sometimes also called the tape server) and clients, each with its own authentication method\&. The desired communication method is specified by the
36 parameter in the amanda\&.conf file (\fBamanda.conf\fR(5)) commonly as a dumptype\&. Valid values to the
45 \fBssh\fR\&. The authentication and communication method is used during the backup process
47 (amdump(8)) as well as the recovery process
50 .SH "COMPILATION AND GENERAL INFORMATION"
52 The communication method and thus type of authentication that will be used by the Amanda server is specified by the
54 parameter in the dumptype for each disklist entry (DLE)\&. The
56 parameter thus may be easily and globally specified in the "global" dumptype\&. If
60 communication method is used\&. See
62 for more information on Amanda configuration and dumptypes, and
64 for more information on disklists\&.
66 On the client side, the Amanda daemon
68 validates the connection depending on the value of the
70 argument passed to it (see Amanda(8))\&. Also, when it comes to recovery, the
72 parameter can be specified in the
73 \fBamanda-client.conf\fR(5)
74 file to specify the communication method to be used by the client to the server\&.
76 When Amanda is being built from source code, desired communication and thus authentication methods (shown as "Authentication") must be specified as configure options at compilation time\&.
79 Authentication Configure option(s)
80 bsd \-\-with\-bsd\-security \-\-with\-amandahosts (pre\-2\&.6)
81 bsdtcp \-\-with\-bsdtcp\-security \-\-with\-amandahosts (pre\-2\&.6)
82 bsdudp \-\-with\-bsdudp\-security \-\-with\-amandahosts (pre\-2\&.6)
83 krb5 \-\-with\-krb5\-security
84 local (always included)
85 rsh \-\-with\-rsh\-security
86 ssh \-\-with\-ssh\-security
89 There are additional configure options for
93 to allow for specifying explicit UDP and TCP port ranges\&.
96 \-\-with\-udpportrange
97 \-\-with\-tcpportrange
98 \-\-with\-low\-tcpportrange
103 below for more information\&.
105 There are additional configure options for Kerberos if you so desire\&. All but the last option are for Kerberos 4\&. Defaults shown in square brackets\&.
108 \-\-with\-server\-principal=ARG server host principal [amanda]
109 \-\-with\-server\-instance=ARG server host instance []
110 \-\-with\-server\-keyfile=ARG server host key file [/\&.amanda]
111 \-\-with\-client\-principal=ARG client host principal [rcmd]
112 \-\-with\-client\-instance=ARG client host instance [HOSTNAME_INSTANCE]
113 \-\-with\-client\-keyfile=ARG client host key file [KEYFILE]
114 \-\-with\-ticket\-lifetime=ARG ticket lifetime [128]
115 \-\-with\-krb5\-security=DIR where libkrb\&.a lives [see below]
118 If configuring with \-\-with\-krb5\-security, the configure script will search under /usr/kerberos/lib, /usr/cygnus/lib, /usr/lib, and /opt/kerberos/lib for the kerberos bits, libkrb\&.a, in this order\&. Kerberos support will not be added if it does not find them\&. If the kerberos bits are found under some other hierarchy, you can specify this via \-\-with\-krb5\-security=DIR where DIR is where the kerberos bits live\&. The configure script will then look in the \*(Aqlib\*(Aq directory under this hierarchy for libkrb\&.a\&.
122 parameter selects a communication/authentication method to use between the client and the backup server\&. These methods are described each in their own section below\&.
125 When Amanda is built, a username is specified with the
127 option\&. Most Amanda processes run under this user\*(Aqs identity, to minimize security risks\&. In binary distributions, this username is usually one of \*(Aqamanda\*(Aq, \*(Aqbackup\*(Aq, or \*(Aqbackup\*(Aq\&. The examples below use \*(Aqbackup\*(Aq since it is unambiguous\&. You may need to adjust accordingly for your system\&.
128 .SS "Authenticated Peer Hostnames"
130 Amanda\*(Aqs authentication mechanisms provide an authenticated hostname of the system on the other end of the connection, which is used to restrict access to only particular hosts\&. The degree of "authentication" performed on this hostname varies with the authentication mechanism, and is discussed below\&.
131 .SH "BSD, BSDUDP, AND BSDTCP COMMUNICATION AND AUTHENTICATION"
133 For additional information including example configurations, see http://wiki\&.zmanda\&.com/index\&.php/Configuring_bsd/bsdudp/bsdtcp_authentication\&.
139 communication methods use either UDP, TCP, or both protocols operating as a network service to authenticate and exchange data between server and clients\&.
141 The authentication proceeds as follows: for a new, incoming connection, Amanda verifies that the source port is in the reserved range (less than 1024), which for UNIX hosts suggests that the remote user has root privileges\&. Amanda then verifies that the reverse DNS for the remote address matches the forward DNS; that is, that the address maps to a hostname which maps back to the same address\&. Finally, the remote system must provide a username that matches the username in \&.amandahosts\&.
143 In addition to compilation and general configuration (see
144 \fBCOMPILATION AND GENERAL INFORMATION\fR
145 above), the authentication method that the client is configured to receive is specified by the
147 parameter in the network service configuration for Amanda\&. The authentication method used by an Amanda client to reach the server during recovery is the authentication method specified by the
149 parameter in the client\*(Aqs Amanda network service configuration or in its amanda\-client\&.conf file (see amanda\-client\&.conf(5))\&.
151 By default, Amanda use the "amanda" service name and associated port set in /etc/services\&. It can be changed by setting the dumptype
153 option to a different port number or a different service name\&. All examples are for the service name "amanda" that uses the default port 10080\&.
154 .SS "\&.amandahosts file"
156 Servers and clients using the bsd, bsdudp, and bsdtcp authentication methods refer to the \&.amandahosts file to control access\&. Amanda should be compiled for this access control if one of these methods will be used and is the default compilation option for Amanda 2\&.6 (use \-\-with\-amandahosts when compiling pre\-2\&.6 versions of Amanda)\&.
158 Amanda looks for the \&.amandahosts file in the Amanda user\*(Aqs home directory, commonly /var/lib/amanda\&.
160 Each authorization is on its own line in the following format
166 \fIservice\&.\&.\&.\fR
171 is ommitted, it defaults to the user running
172 \fBamandad\fR, i\&.e\&. the user listed in the
176 configuration file\&.
178 \fIservice\&.\&.\&.\fR
179 is a space\-delimited list of services the client is authorized to execute:
185 (a shortcut for the previous four services which are required on clients),
187 \fBamidxtaped\fR\&. The last two services are required on a server for clients to connect to it using
190 If service is omitted, it defaults to
191 \fBnoop selfcheck sendsize sendbackup\fR
192 (which is equivalent to
195 Example of the \&.amandahosts file on an Amanda client, where \*(Aqbackup\*(Aq is the Amanda dumpuser\&.
198 \fBamandaserver\&.example\&.com backup amdump\fR
201 Example of the \&.amandahosts file on an Amanda server
204 \fBamandaclient1\&.example\&.com root amindexd amidxtaped\fR
206 .SS "bsd communication and authentication"
208 The authentication is done using \&.amandahosts file in the Amanda user\*(Aqs home directory\&. The protocol between Amanda server and client is UDP\&. The number of disk list entries (DLEs)\-\-number of Amanda clients\-\-is limited by the UDP packet size\&. This authentication protocol will use a different port for each data stream (see PORT USAGE below)
209 .SS "bsdudp communication and authentication"
211 The authentication is done using \&.amandahosts files in the Amanda user\*(Aqs home directory\&. It uses UDP protocol between Amanda server and client for data and hence the number of DLEs is limited by the UDP packet size\&. It uses one TCP port to establish the connection and multiplexes all data streams using one port on the server (see PORT USAGE below)\&.
212 .SS "bsdtcp communication and authentication"
214 The authentication is done using \&.amandahosts files in the backup user\*(Aqs (for example: backup) home directory\&. It uses TCP protocol between Amanda server and client\&. On the client, two reserved ports are used\&. On the server, all data streams are multiplexed to one port (see PORT USAGE below)\&.
215 .SS "USING INETD SERVER"
217 Template for Amanda client inetd service entry
220 \fI service_name\fR \fIsocket_type\fR \fIprotocol\fR \fIwait/nowait\fR \fIamanda_backup_user\fR \fIabsolute_path_to_amandad\fR amandad \fIserver_args\fR
223 Client example of using
225 authorization for inetd server given Amanda user is "backup":
228 \fB amanda dgram udp wait backup /path/to/amandad amandad \-auth=bsd amdump\fR
231 The same could be used for
233 if specifying \-auth=bsdudp instead of \-auth=bsd\&.
235 Client example of using
237 authorization for inetd server given Amanda user is "backup":
240 \fB amanda stream tcp nowait backup /path/to/amandad amandad \-auth=bsdtcp amdump\fR
246 would typically be added at the end of the line as
248 server arguments for an Amanda server\&.
250 Server example of using
252 authorization for inetd server given Amanda user is "backup":
255 \fB amanda stream tcp nowait backup /path/to/amandad amandad \-auth=bsdtcp amdump amindexd amidxtaped\fR
258 For Amanda version 2\&.5\&.0 and earlier, remember that neither
262 are supported and the Amanda daemon
264 accepts no arguments\&. Because of the latter,
266 as of Amanda version 2\&.5\&.1 is not compatible with 2\&.5\&.0 and earlier servers\&. Thus, servers that are 2\&.5\&.0 or earlier must, in addition to the
272 Amanda services as their own network services, amandaidx and amidxtape, respectively (see below)\&.
274 There are no compatibility issues if server and clients are all 2\&.5\&.0 or earlier\&. If your server is 2\&.5\&.1 or later, you can still have clients that are 2\&.5\&.0 and earlier although you must then use
276 communication/authentication with these clients and must also run
280 Amanda services on the server as their own network services, amandaidx and amidxtape, respectively (see below)\&. If you have a server that is 2\&.5\&.0 and earlier, clients of a later version on which you wish to run
284 instead and, again, the server must be running the amandaidx and amidxtape network services\&.
286 Example of amindexd and amidxtaped Amanda daemon services configured as their own network services for a 2\&.5\&.0 or earlier server or a newer server having 2\&.5\&.0 or earlier clients
289 \fB amandaidx stream tcp nowait backup /usr/local/libexec/amanda/current/amindexd amindexd\fR
290 \fB amidxtape stream tcp nowait backup /usr/local/libexec/amanda/current/amidxtaped amidxtaped\fR
292 .SS "USING XINETD SERVER"
294 Template for Amanda client xinetd service file
299 only_from = \fIAmanda server\fR
300 socket_type = \fIsocket type\fR
301 protocol = \fIprotocol\fR
303 user = \fIamanda backup user\fR
304 group = \fIamanda backup user group id\fR
306 server = \fIabsolute path to amandad\fR
307 server_args = \fIamandad server arguments\fR
314 parameter can be used with xinetd but is usually in addition to the primary form of access control via the \&.amandahosts file\&.
316 Client example of using
318 authorization for xinetd server and for Amanda user "backup":
323 only_from = amandaserver\&.example\&.com
330 server = /path/to/amandad
331 server_args = \-auth=bsd amdump
336 The same could be used for
338 if specifying \-auth=bsdudp instead of \-auth=bsd\&.
340 Client example of using
342 authorization for xinetd server and for Amanda user "backup":
347 only_from = amandaserver\&.example\&.com amandaclient\&.example\&.com
354 server = /path/to/amandad
355 server_args = \-auth=bsdtcp amdump
363 would typically be added as additional
366 for an Amanda server\&.
368 For Amanda version 2\&.5\&.0 and earlier, remember that neither
372 are supported and the Amanda daemon
374 accepts no arguments\&. Because of the latter,
376 as of Amanda version 2\&.5\&.1 is not compatible with 2\&.5\&.0 and earlier servers\&. Thus, servers that are 2\&.5\&.0 or earlier must, in addition to the
382 Amanda services as their own network services, amandaidx and amidxtape, respectively (see below)\&.
384 There are no compatibility issues if server and clients are all 2\&.5\&.0 or earlier\&. If your server is 2\&.5\&.1 or later, you can still have clients that are 2\&.5\&.0 and earlier although you must then use
386 communication/authentication with these clients and must also run
390 Amanda services on the server as their own network services, amandaidx and amidxtape, respectively (see below)\&. If you have a server that is 2\&.5\&.0 and earlier, clients of a later version on which you wish to run
394 instead and, again, the server must be running the amandaidx and amidxtape network services\&.
396 Example of amindexd and amidxtaped Amanda daemon services configured as their own network services for a 2\&.5\&.0 or earlier server or a newer server having 2\&.5\&.0 or earlier clients
406 server = /usr/local/libexec/amanda/amindexd
417 server = /usr/local/libexec/amanda/amidxtaped
423 List of TCP/UDP ports used by network service communication methods for Amanda server and client\&.
428 RPpAP = Reserved Port per Amanda Process
429 UPpDLE = Unreserved Port per DLE
430 [\&.\&.] = Configure options that can be used at compile time to define port ranges
432 Authentication Protocol Amanda server Amanda client
433 bsd udp 1 RPpAP [\-\-with\-udpportrange] 10080
434 tcp 1 UP [\-\-with\-tcpportrange] 3 UPpDLE [\-\-with\-tcpportrange]
435 bsdudp udp 1 RPpAP [\-\-with\-udpportrange] 10080
436 tcp 1 UP [\-with\-tcpportrange] 1 UPpDLE [\-\-with\-tcpportrange]
437 bsdtcp tcp 1 RPpAP [\-\-with\-low\-tcpportrange] 10080
440 Amanda server also uses two ports (dumper process) to communicate with the chunker/taper processes\&. These ports are in the range set by \-\-with\-tcpportrange\&.
442 You can override the default port ranges that Amanda was compiled with in each configuration using the
443 \fIreserved\-udp\-port\fR,
444 \fIreserved\-tcp\-port\fR, and
445 \fIunreserved\-tcp\-port\fR
446 parameters in amanda\&.conf and amanda\-client\&.conf configuration files (see
449 \fBamanda-client.conf\fR(5))\&.
450 .SS "Authenticated Peer Hostnames with BSD Authentications"
452 The BSD authentication mechanisms only verify that the remote host\*(Aqs DNS is configured correctly and that the remote user has access to reserved ports\&. As such, the peer hostname should only be trusted to the extent that the local DNS service is trusted\&.
453 .SH "KERBEROS COMMUNICATION AND AUTHENTICATION"
455 For more detail, see http://wiki\&.zmanda\&.com/index\&.php/Kerberos_authentication\&.
457 Amanda supports Kerberos 5 communication methods between Amanda server and client\&.
459 General information including compilation are given above (see
460 \fBCOMPILATION AND GENERAL INFORMATION\fR
463 Kerberos 5 uses TCP and the server uses only one TCP port and data streams are multiplexed to this port\&.
466 The \fBkrb5\fR driver script defaults to:
469 * The lifetime of our tickets in minutes\&.
471 #define AMANDA_TKT_LIFETIME (12*60)
474 * The name of the service in /etc/services\&.
476 #define AMANDA_KRB5_SERVICE_NAME "k5amanda"
480 You can currently only override these by editing the source code\&.
482 The kerberized AMANDA service uses a different port on the client hosts\&. The /etc/services line is:
487 And the /etc/inetd\&.conf line is:
490 k5amanda stream tcp nowait root /usr/local/libexec/amanda/amandad amandad \-auth=krb5
493 Note that you\*(Aqre running this as root, rather than as your dump user\&. AMANDA will set its UID down to the dump user at times it doesn\*(Aqt need to read the keytab file, and give up root permissions entirely before it goes off and runs dump\&. Alternately you can change your keytab files to be readable by user amanda\&. You should understand the security implications of this before changing the permissions on the keytab\&.
495 The following dumptype options apply to
499 auth "krb5" # use krb5 auth for this host
500 # (you can mingle krb hosts and bsd \&.rhosts in one conf)
503 The principal and keytab files that Amanda uses must be set in the amanda\&.conf file for kerberos 5 dumps to work\&. You can hardcode this in the source code if you really want to (common\-src/krb5\-security\&.c)
513 krb5keytab "/etc/krb5\&.keytab\-amanda"
514 krb5principal "amanda/saidin\&.omniscient\&.com"
517 The principal in the second option must be contained in the first\&. The keytab should be readable by the amanda user (and definitely not world readable!) and is (obviously) on the server\&. In MIT\*(Aqs kadmin, the following:
520 addprinc \-randkey amanda/saidin\&.omniscient\&.com
521 ktadd \-k /etc/krb5\&.keytab\-amanda amanda/saidin\&.omniscient\&.com
524 will do the trick\&. You will obviously want to change the principal name to reflect something appropriate for the conventions at your site\&.
526 You must also configure each client to allow the amanda principal in for dumps\&.
528 There are several ways to go about authorizing a server to connect to a client\&.
530 The normal way is via a \&.k5amandausers file or a \&.k5login file in the client user\*(Aqs home directory\&. The determination of which file to use is based on the way you ran configure on AMANDA\&. By default, AMANDA will use \&.k5amandahosts, but if you configured with \-\-without\-amandahosts, AMANDA will use \&.k5login\&. (similar to the default for \&.rhosts/\&.amandahosts\-style security)\&. The \&.k5login file syntax is a superset of the default
532 \&.k5login\&. The routines to check it are implemented in amanda rather than using krb5_kuserok because the connections are actually gssapi based\&.
534 This \&.k5amandahosts/\&.k5login is a hybrid of the \&.amandahosts and a \&.k5login file\&. You can just list principal names, as in a \&.k5login file and the principal will be permitted in from any host\&. If you do NOT specify a realm, then there is no attempt to validate the realm (this is only really a concern if you have cross\-realm authentication set up with another realm or something else that allows you multiple realms in your kdc\&. If you do specify a realm, only that principal@realm will be permitted to connect\&.
536 You may prepend this with a hostname and whitespace, and only that principal (with optional realm as above) will be permitted to access from that hostname\&.
538 Here are examples of valid entries in the \&.k5amandahosts:
542 service/amanda@TEST\&.COM
543 dumpmaster\&.test\&.com service/amanda
544 dumpmaster\&.test\&.com service/amanda@TEST\&.COM
547 Rather than using a \&.k5amandahosts or \&.k5login file, the easiest way is to use a principal named after the destination user, (such as amanda@TEST\&.COM in our example) and not have either a \&.k5amandahosts or \&.k5login file in the destination user\*(Aqs home directory\&.
549 There is no attempt to verify the realm in this case (only a concern if you have cross\-realm authentication setup)\&.
550 .SS "Authenticated Peer Hostnames with Kerberos Authentication"
552 When accepting a new incoming connection, the Kerberos authentication mechanism performs a similar check to that done by the BSD authentications: the forward and reverse DNS entries for the remote host must match\&. As such, while Kerberos authentication can cryptographically ensure that the remote system is recognized (since it has a ticket), its assurances about the remote host\*(Aqs identity are weaker and depend on the integrity of the DNS\&.
553 .SH "LOCAL COMMUNICATION"
555 The Amanda server communicates with the client internally versus over the network, ie\&. the client is also the server\&.
557 This is the only method that requires no authentication as it is clearly not needed\&.
559 The authenticated peer hostname for this authentication is always "localhost"\&.
560 .SH "RSH COMMUNICATION AND AUTHENTICATION"
562 For more detail, see http://wiki\&.zmanda\&.com/index\&.php/Configuring_rsh_authentication\&.
564 The Amanda server communicates with its client as the Amanda user via the RSH protocol\&.
566 Please note that RSH protocol itself is insecure and should be used with caution especially on any servers and clients with public IPs\&.
568 Each Amanda client communicates with the server using one TCP port and all data streams from the client are multiplexed over one port\&. The number of Amanda clients is limited by the number of reserved ports available on the Amanda server\&. Some versions of RSH do not use reserved ports and, thus, this restriction is not valid\&.
570 General information including compilation is given above (see
571 \fBCOMPILATION AND GENERAL INFORMATION\fR
574 In addition to specifying the
576 field in dumptype definition, it might be required to specify
577 \fIclient\-username\fR
580 fields\&. If the backup user name is different on the Amanda client, the user name is specified as
581 \fBclient\-username\fR\&. If the location of the Amanda daemon
583 is different on the Amanda client, the location is specified as
589 define dumptype rsh_example {
592 client\-username "backup"
593 amandad\-path "/usr/lib/exec/amandad"
597 .SS "Authenticated Peer Hostnames with RSH Authentication"
599 The RSH authentication mechanism does not provide an authenticated peer hostname\&.
600 .SH "SSH COMMUNICATION AND AUTHENTICATION"
602 For more detail, see http://wiki\&.zmanda\&.com/index\&.php/How_To:Set_up_transport_encryption_with_SSH\&.
604 Amanda client sends data to the server using SSH\&. SSH keys have to be set up so that Amanda server can communicate with its clients using SSH\&.
606 General information including compilation is given above (see \fBCOMPILATION AND GENERAL INFORMATION\fR above)\&.
608 SSH provides transport encryption and authentication\&. To set up an SSH authentication session, Amanda will run the equivalent of the following to start the backup process\&.
610 \fB /path/to/ssh \-l \fR\fB\fIuser_name\fR\fR\fB client\&.zmanda\&.com $libexecdir/amandad\fR
612 To use SSH, you need to set up SSH keys either by storing the passphrase in cleartext, using ssh\-agent, or using no passphrase at all\&. All of these options have security implications which should be carefully considered before adoption\&.
614 When you use a public key on the client to do data encryption (see http://wiki\&.zmanda\&.com/index\&.php/How_To:Set_up_data_encryption), you can lock away the private key in a secure place\&. Both, transport and storage will be encrypted with such a setup\&. See http://wiki\&.zmanda\&.com/index\&.php/Encryption for an overview of encryption options\&.
616 Enable SSH authentication and set the \fBssh\-keys\fR option in all DLEs for that host by adding the following to the DLE itself or to the corresponding dumptype in amanda\&.conf:
619 ssh\-keys "/home/backup/\&.ssh/id_rsa_amdump"
621 \fBssh\-keys\fR is the path to the private key on the client\&. If the username to which Amanda should connect is different from the default, then you should also add
623 client\-username "otherusername"
625 If your server \fBamandad\fR path and client \fBamandad\fR path are different, you should also add
627 amandad\-path "/client/amandad/path"
629 For a marginal increase in security, prepend the keys used for AMANDA in the clients\*(Aq authorized_keys file with the following:
632 from="amanda_server\&.your\&.domain\&.com",no\-port\-forwarding,no\-X11\-forwarding,no\-agent\-forwarding,command="/absolute/path/to/amandad \-auth=ssh amdump"
635 This will limit that key to connect only from Amanda server and only be able to execute
638 In the same way, prepend the key used for AMANDA in the server\*(Aqs authorized_keys file with:
641 from="amanda_client\&.your\&.domain\&.com",no\-port\-forwarding,no\-X11\-forwarding,no\-agent\-forwarding,command="/absolute/path/to/amandad \-auth=ssh amindexd amidxtaped"
644 You can omit the from=\&.\&. option if you have too many clients to list, although this has obvious security implications\&.
648 and any other necessary options in /etc/amanda/amanda_client\&.conf:
652 ssh\-keys "/root/\&.ssh/id_rsa_amrecover"
653 client\-username "amanda"
654 amandad\-path "/server/amandad/path"
657 Besides user keys, SSH uses host keys to uniquely identify each host, to prevent one host from impersonating another\&. Unfortunately, the only easy way to set up these host keys is to make a connection and tell SSH that you trust the identity:
660 $ ssh client1\&.zmanda\&.com
661 The authenticity of host \*(Aqclient1\&.zmanda\&.com (192\&.168\&.10\&.1)\*(Aq can\*(Aqt be established\&.
662 RSA key fingerprint is 26:4e:df:a2:be:c8:cb:20:1c:68:8b:cc:c0:3b:8e:9d\&.
663 Are you sure you want to continue connecting (yes/no)?yes
666 As Amanda will not answer this question itself, you must manually make every connection (server to client and client to server) that you expect Amanda to make\&. Note that you must use the same username that Amanda will use (that is, ssh client and ssh client\&.domain\&.com are distinct)\&.
667 .SS "Authenticated Peer Hostnames with SSH Authentication"
669 When accepting an incoming conneciton, the SSH daemon gives Amanda information about the remote system in the $SSH_CONNECTION environment variable\&. Amanda parses this information to determine the remote address, and then performs a similar check to that done by the BSD authentications: the forward and reverse DNS entries for the remote host must match\&. As such, while SSH authentication can cryptographically ensure that the remote system is recognized (since it had a recognized secret key), its assurances about the remote host\*(Aqs identity are weaker and depend on the integrity of the DNS\&.
673 \fBamanda.conf\fR(5),
674 \fBamanda-client.conf\fR(5),
680 : http://wiki.zmanda.com/
683 \fBJean\-Louis Martineau\fR <\&martineau@zmanda\&.com\&>
685 Zmanda, Inc\&. (http://www\&.zmanda\&.com)
688 \fBDustin J\&. Mitchell\fR <\&dustin@zmanda\&.com\&>
690 Zmanda, Inc\&. (http://www\&.zmanda\&.com)
693 \fBPaul Yeatman\fR <\&pyeatman@zmanda\&.com\&>
695 Zmanda, Inc\&. (http://www\&.zmanda\&.com)