Sam Couter wrote: > The SSH authentication agent gets messed up somehow when > /usr/lib/amanda/dumper is suid. > > I needed to chmod u-s /usr/lib/amanda/dumper to make it work properly. > Perhaps dpkg-statoverride is of use here. There may be a way to make the > suid work without losing the SSH authentication agent environment > variables too.
Another thing to note is that with ssh authentication, its root on the Amanda host that runs 'amandad -auth=ssh' via ssh'ing to backup on the client. So, any keys that are created for root on the host, can be limited to only run amandad -auth=ssh. ie /var/backups/.ssh# cat authorized_keys command="/usr/lib/amanda/amandad -auth=ssh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss .... I'd also like ssh-security enabled. I don't know about dpkg-statoverride, but it works normally if you pass that. Maybe just a SSH-HOWTO . -- Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
