Here is a set of patches to add a dumptype boolean option called "sencrypt" to Amanda. The default value for sencrypt is "no" If "sencrypt" is set to "yes" then sendbackup will try to use an SSL encryption filter when sending a dump image to the tape server. Short of establishing a full-blown VPN between client and server, this seemed to be the easiest way to protect the contents of an Amanda dump-stream while it's being transmitted over a network. This patch causes sendbackup to spawn an encryption program in much the same way as it would spawn a gzip process to handle compression. The file descriptors are lined up so that the image is sent via the encryption program before being transmitted across the network. On the server side, dumper spawns a child process to decrypt the backup image as it arrives off the network. This patch makes use of an SSL encrypt/decrypt program called sst[*] but given the nature of the changes, it should be possible to replace sst with any other similarly-configured encrypt/decrypt tool(s). The file 'sencrypt-241p1' contains the context diffs for Amanda 2.4.1p1. The file 'sencrypt-242p2' contains the context diffs for Amanda 2.4.2p2. The file 'sencrypt-243' contains the context diffs for Amanda 2.4.3. The file 'sencrypt-244' contains the context diffs for Amanda 2.4.4. The file 'amanda.conf-example' contains example dumptype definitions. The file 'disklist-example' has entries which use the example dumptypes --- We started using Amanda in 1999 to backup our group's various unix boxes on an inherited EXB210 tape robot. It's worked quite well. We've been pretty happy with it and it's saved our butts a few times. But there was one thing missing - encryption (actually, Amanda already supports Kerberos encryption but we weren't ready to mess with Kerberos then and we're still not ready now). And with the growing acceptance of OpenSSL, SSL tools seemed to offer more flexibility). Hence the 241p1 patch. We recently acquired a used EXB-440 tape robot and are in the process of upgrading to Amanda 2.4.2p2. Hence the 242p2 patch. I was notified that the 242p2 patch breaks when applied to Amanda 2.4.3. Hence the 243 patch. Please note that we've only ever used sendbackup-dump so the mods to sendbackup-gnutar have never really been tested. {sendbackup-gnutar update: > From biglers.ch!marc Mon Feb 24 16:48:34 2003 > From: marc at biglers.ch > > Just wanted to let you know that I am currently using your sst + sencrypt > patches on AMANDA 2.4.3 with gnutar on Linux client/servers and it works fine !! > Cheers > Marc Thanks for the news, Marc! } Since Amanda 2.4.4 was released, a few have requested an update. Hence the 244 patch. It's basically identical to the 243 patch except for many line numbering changes. P Kern 2003/05/29 pkern at cns.utoronto.ca --- [*] see "http://cns.utoronto.ca/~pkern/stuff/sst/" sst was put together mainly to provide SSL encryption for Amanda but it can also be used for interactive SSL tunneling or as an SSL front-end to inetd services.