Managing CDP Server Keys
The CDP Linux Agent listens on TCP port 1167 for requests from a continuous data protection server. Authentication is done using a built-in IP-based firewall and a highly secure RSA-based PGP authentication system.
When a connection is made by the CDP Server to the Agent running on the computer, the Agent will read all files located in the following default directory:
Each file is named with the IP address of the allowed CDP Server and contains the Server's RSA Public Key for authentication. If the connection attempt is made from an IP address that is unknown, the connection is immediately dropped. If the connection attempt is made from an allowed IP, the RSA authentication procedure begins.
CDP Server Keys can be created manually using a text editor or with r1key utility. Once a CDP Server's Key has been installed in the /etc/buagent/server.allow directory, the CDP Server will be able to take remote Backups of the client machine. If the CDP Server's Key is removed from the /etc/buagent/server.allow directory, it will no longer be able to take remote Backups of the client machine.
If a CDP Server's Public Key or IP changes, the original Key file will need to be updated or reinstalled. If the CDP Server's IP changes, the old Key should be removed using the original IP or server name as shown when listing Keys.
 | New in Version 1.56 By default, the IPAuthentication option (located in /etc/buagent/agent_config) is set to "No." If set to "Yes," the Agent looks for a file in the server.allow directory matching the IP address of an incoming connection. Read more in Linux Agent Configuration. |
See also:
Registering CDP Server Keys
Option 1 - Using r1key
Follow the instructions below to add a CDP Server to the list of Servers known to the Agent using the Command Line Interface (CLI) tools.
1. Run the r1key --add --server =IP command.
| Note The --add function downloads the Key from the Server. For this option to work, the Server should be up and the Agent should be able to access the Server via the network. |
Example:
To add a Server with IP address 192.168.0.222 to the list of Servers known to the Agent, run the r1key --add --server =192.168.0.222 command.
More Examples:
2. The r1key --add --server command does not produce an output. If you want to make sure that the Key has been added, run the r1key --list command as follows:
Return:
Option 2 - Manually
Follow the instructions below to add a CDP Server Key to the CDP Agent manually.
1. To add a new authentication Key by hand, first log in to the CDP Server Web Interface.
2. Click the "Options" tab in the Main Menu.
3. Next, click the "Server Key" tab on the "Options: Server Public Key" page.
4. Select the Public Key using your mouse and press <Ctrl> and <C> to copy it to the clipboard.
5. Then open a SSH session to the Linux Host running the CDP Agent. The Agent installer can be started in a remote SSH session, in a GUI terminal window (Konsole in KDE, Gnome Terminal in Gnome, etc.), or on the Linux text console. Obtain root permissions either by logging in as root or by running command su or sudo after login.
6. Copy the RSA Public Key text to a plain text file on the client machine. For the Linux Host to be backed up by the Server, the Server Public Key should be placed in the following file:
*"IP" is the connecting CDP Server's IP address.
| Note This path is default. After finishing the installation of the Agent, you are informed of the path where the Server Key(s) should be placed. |
7. Open the file in your favorite Linux text editor (vi, emacs, pico, or mcedit). Enter or paste the Server Key and save the file. The following image shows the file opened in mcedit - the editor that is built into the Midnight Commander file manager.
Example: If the Control Server IP address is 192.168.0.215, then the file should be the following:
| Note If you do not know how to work with text editors in Linux SSH session, run the following command:
cat > /etc/buagent/server.allow/SERVER_IP
|
8. Paste the Server Key from the clipboard and press <Ctrl> and <D>.
Displaying Registered Keys
To view the list of all Keys known to the Agent, run the following command:
Return:
Removing Keys From The Agent
Follow the instructions below to remove a CDP Server Key from the Agent's database.
1. Run the command r1key --remove --server =IP.
Example:
To remove the Key of a Server with IP address 192.168.0.233 from the Agent's database, run the command r1key --remove --server =192.168.0.233.
Return :
2. The r1key --remove --server command does not produce an output. If you want to make sure the Key has been added, run the r1key --list command as follows:
Return:
More Examples:
Remove Key: