Close to working, but not quite.
Here is the line from /tmp/amanda/server/daily/amcheck.20170414130845.debug on
the server:
Fri Apr 14 13:08:45 2017: thd-0x2383200: amcheck-clients: exec: /usr/bin/ssh -x -o BatchMode=yes -o
PreferredAuthentications=publickey -l backup -i /usr/local/etc/amanda/.ssh/id_rsa_daily_config
kilgore.server.isb.nsm /usr/local/libexec/amanda/amandad -auth=ssh
The key is that it is asking to execute /usr/local/libexec/amanda/amandad on the client, but amandad
is at /usr/lib/amanda/amandad. I had changed that in the authorized_keys file on the client, but
where is the server getting that in the first place? How do I change it for this client, short of
setting up that directory with a symlink? And, would a symlink even work? Or would the security
checks disallow a symlink?
At the moment, I'm getting "Permission denied (publickey,password)." during
amcheck.
On 4/14/17 12:07 PM, Jean-Louis Martineau wrote:
Chris,
The home directory is not important, but you must put the .amandahosts
and .ssh there.
In the dle, you must set client-username and probably amandad-path (but
it is better to set it in the client .ssh/authorized_keys for security.
According to
https://unix.stackexchange.com/questions/184031/can-a-command-be-executed-over-ssh-with-a-nologin-user,
the nologin shell should not be a problem.
But you can set it to valid shell if you want to connect to the client
Try to ssh the client from the server to accept the server keys
(known_hosts),a valid might be required here, I'm not sure.
Then run amcheck.
Jean-Louis
On 14/04/17 11:46 AM, Chris Hoogendyk wrote:
> Thank you, Jean-Louis,
>
> It's not so much a question of what doesn't work as it is of where to
> start.
>
> There doesn't seem to be any documentation of how the Debian/Ubuntu
> package was built or what steps should be required to implement a client.
>
> Typically, when I build Amanda on a client, I build it with ssh-auth
> and user and group amanda. After the client is built and installed, I
> manually ssh back and forth to set up the known_hosts, transfer the
> public key to the new client, set up .amandahosts, and maybe a couple
> of other steps. Then I edit the disklist and add entries for the new
> client, run amcheck, and work out any remaining glitches, but usually
> it just works at this point.
>
> With the Debian/Ubuntu 3.3.6 package on Ubuntu 16.04, as I tried to
> figure out what had been done, I started out by running `dpkg-query -L
> amanda-client`. Since there was no amanda user or amandbackup user
> installed, I began looking at user backup. But its home directory,
> /var/backups, seemed weird, and its shell was /usr/sbin/nologin. So
> then what? Is it assumed that I will manually edit known_hosts and so
> on? And will the ssh-auth connection work when the client user has a
> shell of /usr/sbin/nologin? Or should I change that shell to something
> that works? And then just start hacking through with my normal
> procedures, but with a special dumptype that incorporates
> client-username "backup"?
>
> I'd prefer to do it as intended rather than hacking. One would presume
> that should be smoother, assuming the intended setup is known
> (documented).
>
>
> On 4/14/17 8:29 AM, Jean-Louis Martineau wrote:
>> Chris,
>>
>> We could help if you tell us what doesn't work.
>>
>> Jean-Louis
>>
>> On 13/04/17 03:53 PM, Chris Hoogendyk wrote:
>> > I have a group of amanda servers and clients that are all Ubuntu 14.04
>> > with amanda 3.3.6 installed from source with ssh config and user
>> amanda.
>> >
>> > Now I'm trying to set up a new client that is Ubuntu 16.04. I saw that
>> > the aptitude had amanda 3.3.6, common, server, and client packages.
>> > So, I thought, hey, that will make things easy.
>> >
>> > Not.
>> >
>> > So, it seems they built the package with user backup, home directory
>> > /var/backups, and shell /usr/sbin/nologin. There doesn't seem to be
>> > any readme or install or configure instructions anywhere explaining
>> > how it has been built and how it has to be set up to function. I had
>> > assumed it would be largely ready to go, with instructions on what
>> > configuration remained to be done.
>> >
>> > I also haven't been able to find much of anything through google.
>> >
>> > Does anyone have any guidance on this? Or should I just rip it out and
>> > build from source? Amanda is one of the few things that I have
>> > continued to build from source since I switched from Solaris to Ubuntu
>> > several years ago. All the other major packages get patches and
>> > security updates fairly regularly, so it pays to stick with aptitude.
>> >
>> >
>>
>>
>> *Disclaimer*
>>
>> This message is the property of *CARBONITE, INC.*
>> <http://www.carbonite.com> and may contain confidential or privileged
>> information.
>>
>> If this message has been delivered to you by mistake, then do not
>> copy or deliver this message to anyone. Instead, destroy it and
>> notify me by reply e-mail.
>>
>
*Disclaimer*
This message is the property of *CARBONITE, INC.* <http://www.carbonite.com> and may contain
confidential or privileged information.
If this message has been delivered to you by mistake, then do not copy or deliver this message to
anyone. Instead, destroy it and notify me by reply e-mail.
--
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geosciences Departments
(*) \(*) -- 315 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<hoogen...@bio.umass.edu>
---------------
Erdös 4
