Thanks. That link helped. I realized my problem is that I run this machine via SSH and that won't work with the reboot cycle. After I rounded up a keyboard and monitor, I attached directly to my server, and re-entered the MOK command, rebooted, and caught the MOK enrollment screen. Backup is running now.rovshan.pashayev wrote: ↑May 06, 2024 5:14 pm Hello,
After reboot, did you run these steps: https://helpcenter.veeam.com/docs/agent ... olling-mok ?
If not, run mokutil command & reboot, so you get to that step again.
-
- Influencer
- Posts: 10
- Liked: 2 times
- Joined: Oct 25, 2022 5:39 pm
- Contact:
Re: Linux agent on debian
-
- Veeam Legend
- Posts: 824
- Liked: 128 times
- Joined: May 11, 2018 8:42 am
- Contact:
Re: Linux agent on debian
Did you install veeam agent manually or from protection group on veeam server ?
-
- Veeam Software
- Posts: 497
- Liked: 100 times
- Joined: Jul 03, 2023 12:44 pm
- Full Name: Rovshan Pashayev
- Location: Czechia
- Contact:
Re: Linux agent on debian
Hello Matteu,
Follow these steps to install and configure VAL on Debian 11 with Secure Boot enabled.
1. Install prerequisites:
2. Download veeam packages from repository into /(root) directory and install them:
3. Create a configuration file for generating the key pair, for example signing_key.conf, you will need adjust it according to your organization:
4. Generate Private Key and Certificate:
5. Sign the Kernel Module:
6. Enroll the certificate:
7. Reboot your system and follow steps as in https://helpcenter.veeam.com/docs/agent ... olling-mok
8. After reboot load the module:
9. Configure backup job and start it.
Even after reboots, jobs should run successfully.
Make sure the private key (signing_key.pem) is stored securely.
Note that these steps are assuming that you run all commands as root user.
Follow these steps to install and configure VAL on Debian 11 with Secure Boot enabled.
1. Install prerequisites:
Code: Select all
apt-get install dkms
apt-get install linux-headers-`uname -r`
Code: Select all
apt-get install ./veeamsnap_6.1.0.1498_all.deb
apt-get install ./veeam-libs_6.1.0.1498_amd64.deb
apt-get install ./veeam_6.1.0.1498_amd64.deb
Code: Select all
cat > signing_key.conf << EOF
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
encrypt_key = no
[ req_distinguished_name ]
CN = Your Name Kernel Module Signing
EOF
Code: Select all
openssl req -new -nodes -utf8 -sha256 -days 36500 -batch -x509 -config signing_key.conf -outform PEM -out signing_key.pem -keyout signing_key.pem
openssl x509 -in signing_key.pem -outform DER -out signing_key.der
Code: Select all
/usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 signing_key.pem signing_key.der $(modinfo veeamsnap -n)
Code: Select all
mokutil --import signing_key.der
8. After reboot load the module:
Code: Select all
modprobe veeamsnap
Even after reboots, jobs should run successfully.
Make sure the private key (signing_key.pem) is stored securely.
Note that these steps are assuming that you run all commands as root user.
Rovshan Pashayev
Analyst
Veeam Agent for Linux, Mac, AIX & Solaris
Analyst
Veeam Agent for Linux, Mac, AIX & Solaris
Who is online
Users browsing this forum: No registered users and 15 guests