Results 1 to 7 of 7

Thread: Client SSH Error

  1. #1
    Join Date
    Jul 2014
    Posts
    3

    Exclamation Client SSH Error

    Hi guys,

    I'm having some trouble getting amanda to work with network clients using SSH as the authentication method. The server will back up locally just fine but after adding a remote host to the disklist I keep getting this error from amcheck:

    "WARNING: amanda-client.localdomain: selfcheck request failed: EOF on read from amanda-client.localdomain
    Client check: 2 hosts checked in 5.307 seconds. 1 problem found."

    To set it all up I followed the guides on the amanda wiki for setting up amanda to backup remote hosts, and when I SSH to the client from the server using "ssh -i /etc/amanda/MyConfig/ssh-key [email]client@amanda-client.locald[/email]omain" (as specified in the wiki) it works fine and I get a shell. I have a feeling this issue is something to do with amanda pointing to the wrong user but I have that specified in amanda.conf.

    I'm running amanda-server 3.3.6 on Ubuntu Server 12.04 and amanda-client 3.3.6 on Ubuntu Desktop 12.04.

    The the dumptypes I am using in amanda.conf are:

    define dumptype global {
    comment "Global settings"
    index yes
    record yes
    }

    define dumptype remote {
    comment "global ssh settings"
    auth "ssh"
    ssh_keys "/etc/amanda/MyConfig/ssh-key"
    client_username "client"
    }

    define dumptype user-tar {
    global
    root-tar
    comment "user partitions dumpded with tar"
    }

    define dumptype user-tar-remote {
    user-tar
    remote
    comment "User partitions dumped with tar for network client"
    }

    the disklist entry is:

    amanda-client.localdomain /home/client/Documents user-tar-remote

    If anyone knows what I have done wrong or can point out something I've missed it would be greatly appreciated,
    Thanks!

  2. #2
    Join Date
    Nov 2005
    Location
    Canada
    Posts
    1,019

    Default

    Look for the ssh command in the amcheck.*.debug file and run it from the command line.
    What's in the amandad debug file on the client?

  3. #3
    Join Date
    Jul 2014
    Posts
    3

    Default

    Hi thanks for the reply

    In the amcheck debug file it has this as the command:

    exec: /usr/bin/ssh -x -o BatchMode=yes -o PreferredAuthentications=publickey -l client -i /etc/amanda/MyConfig/ssh-key amanda-client.localdomain /usr/libexec/amanda/amandad -auth=ssh

    (fyi: "amanda-client.localdomain" is the FQDN for the client and the username is "client", both the server and the client are VM's running on a local domain)

    Here is the contents of the amandad debug file on the client.

    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: pid 6010 ruid 63998 euid 63998 version 3.3.6: start at Wed Jul 16 01:47:25 2014
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: security_getdriver(name=bsdtcp) returns 0x7fd00b066980
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: version 3.3.6
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: build: VERSION="Amanda-3.3.6"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: BUILT_DATE="Tue Jul 8 14:13:30 PDT 2014" BUILT_MACH=""
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: BUILT_REV="5807" BUILT_BRANCH="tags"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: CC="x86_64-linux-gnu-gcc"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: paths: bindir="/usr/bin" sbindir="/usr/sbin"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: libexecdir="/usr/libexec"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: amlibexecdir="/usr/libexec/amanda" mandir="/usr/share/man"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: AMANDA_TMPDIR="/tmp/amanda"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: AMANDA_DBGDIR="/var/log/amanda" CONFIG_DIR="/etc/amanda"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: DEV_PREFIX="/dev/" RDEV_PREFIX="/dev/" DUMP="/sbin/dump"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: RESTORE="/sbin/restore" VDUMP=UNDEF VRESTORE=UNDEF
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: XFSDUMP="/sbin/xfsdump" XFSRESTORE="/sbin/xfsrestore"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: VXDUMP=UNDEF VXRESTORE=UNDEF
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: SAMBA_CLIENT="/usr/bin/smbclient" GNUTAR="/bin/tar"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: COMPRESS_PATH="/bin/gzip" UNCOMPRESS_PATH="/bin/gzip"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: LPRCMD=UNDEF MAILER=UNDEF
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: listed_incr_dir="/var/lib/amanda/gnutar-lists"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: defs: DEFAULT_SERVER="localhost" DEFAULT_CONFIG="DailySet1"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: DEFAULT_TAPE_SERVER="localhost" DEFAULT_TAPE_DEVICE=""
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: NEED_STRSTR AMFLOCK_POSIX AMFLOCK_FLOCK AMFLOCK_LOCKF
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: AMFLOCK_LNLOCK SETPGRP_VOID ASSERTIONS AMANDA_DEBUG_DAYS=4
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: BSD_SECURITY USE_AMANDAHOSTS CLIENT_LOGIN="amandabackup"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: CHECK_USERID HAVE_GZIP COMPRESS_SUFFIX=".gz"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: COMPRESS_FAST_OPT="--fast" COMPRESS_BEST_OPT="--best"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: UNCOMPRESS_OPT="-dc"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: CONFIGURE_ARGS=" 'MAKEFLAGS=-j1 ' 'CFLAGS=-pipe ' 'MAILER=/usr/bin/mail' '--enable-as-needed' '--host=x86_64-linux-gnu' '--build=x86_64-linux-gnu' '--prefix=/usr' '--bindir=/usr/bin' '--mandir=/usr/share/man' '--libexecdir=/usr/libexec' '--enable-shared' '--sysconfdir=/etc' '--localstatedir=/var' '--with-amdatadir=/var/lib/amanda' '--with-gnutar-listdir=/var/lib/amanda/gnutar-lists' '--with-index-server=localhost' '--with-tape-server=localhost' '--with-user=amandabackup' '--with-group=disk' '--with-fqdn' '--with-bsd-security' '--with-bsdtcp-security' '--with-bsdudp-security' '--with-amandahosts' '--with-smbclient=/usr/bin/smbclient' '--with-debugging=/var/log/amanda' '--with-ssh-security' '--with-assertions' '--enable-s3-device' '--disable-installperms' 'build_alias=x86_64-linux-gnu' 'host_alias=x86_64-linux-gnu' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'"
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: security_handleinit(handle=0x25212e0, driver=0x7fd00b066980 (BSDTCP))
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: security_streaminit(stream=0x2521490, driver=0x7fd00b066980 (BSDTCP))
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: authenticated peer name is 'localhost'
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: accept recv REQ pkt:
    <<<<<
    SERVICE amindexd
    OPTIONS features=ffffffff9efefbffffffffff3f;auth=bsdtcp;
    >>>>>
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: amindexd: invalid service
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: sending NAK pkt:
    <<<<<
    ERROR amindexd: invalid service, add 'amindexd' as argument to amandad
    >>>>>
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: tcpm_send_token: data is still flowing
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: security_close(handle=0x25212e0, driver=0x7fd00b066980 (BSDTCP))
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: security_stream_close(0x2521490)
    Wed Jul 16 01:47:25 2014: thd-0x2516400: amandad: pid 6010 finish time Wed Jul 16 01:47:25 2014

    Looks like amindexd is the problem, but not sure what to do with it exactly. Any ideas?

  4. #4
    Join Date
    Nov 2005
    Location
    Canada
    Posts
    1,019

    Default

    To enhance security, you must put the amandad argument in the authorized_keys file.
    This ssh_keys must be used only to run amandad

    Look at [url]http://wiki.zmanda.com/index.php/How_To:Set_up_transport_encryption_with_SSH[/url], the following text:

    For client connections to the server, reverse the process -- put the public key (the same key or a new one -- your choice) on the clients, and the public key in the server's ~/.ssh/authorized_keys file. Prefix the authorized_keys line with:

    from="amanda_client.your.domain.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/absolute/path/to/amandad -auth=ssh amindexd amidxtaped"

    You can omit the from=.. option if you have too many clients to list, although this has obvious security implications.

  5. #5
    Join Date
    Jul 2014
    Posts
    3

    Default

    Thanks again for the reply, sorry this one is so late I have been on holiday.

    After adding that to my authorized_keys file I am still getting the EOF error from amcheck. My authorized_keys file contains:

    ssh-rsa **RSA KEY** server2@ubuntu from="amanda-server2.localdomain",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/libexec/amanda/amandad -auth=ssh amdump

    The ssh command displayed in the debug work perfectly outside of amanda, so it should work when running amanda? Is the problem not the SSH authentication?

  6. #6
    Join Date
    Nov 2005
    Location
    Canada
    Posts
    1,019

    Default

    Do amandad is executed? Check in system log and/or if the amandad debug file is created.

  7. #7
    Join Date
    Dec 2014
    Posts
    1

    Default

    Wow, lots of great info in there [url=http://www.pass4-sure.biz]http://pass4-sure.biz/[/url] . Thanks for taking your time to do that.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •