DOKK / manpages / debian 11 / amanda-common / amanda-auth-ssl.7.en
AMANDA-AUTH-SSL(7) Miscellanea AMANDA-AUTH-SSL(7)

amanda-auth-ssl - SSL Communication/Authentication methods between Amanda server and client

This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted.

Each amanda client/server must have its own certificate signed by the amanda CA certificate.

Amanda must be configure with --with-ssl-security

In amanda.conf and amanda-client.conf.

ssl-dir

The directoty where amanda store all the certificates. A good value is ~/amanda-ssl.

ssl-check-certificate-host

Check the peer hostname match the certificate host name.

ssl-check-fingerprint

Check the fingerprint of the certificate is the same as the fingerprint we already have for that host.

ssl-check-host

Do the bsd check, dns name of peer IP is the hostname we connect to.

$SSL_DIR/CA/crt.pem                   # CA certificate that signed

all certificates. $SSL_DIR/CA/private/key.pem # CA private key
(on server only) $SSL_DIR/me/crt.pem # public certificate of the host $SSL_DIR/me/private/key.pem # private key of the host $SSL_DIR/me/fingerprint # fingerprint of my certificate $SSL_DIR/remote/HOSTNAME/fingerprint # fingerprint of the HOSTNAME
certificate

On the HOSTNAME host, $SSL_DIR/remote/HOSTNAME is a symbolic link to ../me.

The amssl program is a tool to manage the certificate.

amanda(8), amanda.conf(5), amanda-client.conf(5), disklist(5), amdump(8), amrecover(8), amssl(8), amanda-auth(7)

The Amanda Wiki: : http://wiki.zmanda.com/

Jean-Louis Martineau <martineau@zmanda.com>

Zmanda, Inc. (http://www.zmanda.com)

Dustin J. Mitchell <dustin@zmanda.com>

Zmanda, Inc. (http://www.zmanda.com)

Paul Yeatman <pyeatman@zmanda.com>

Zmanda, Inc. (http://www.zmanda.com)
12/01/2017 Amanda 3.5.1