Hi,
For the hardened linux repository server, it is suggested to delete the single use credentials after the immutable repository is added to the VBR server. So then if I restart the repository server, which credential is used to start the veeam transport service?
thanks
-
storageguy
- Expert
- Posts: 160
- Liked: 16 times
- Joined: Nov 19, 2014 4:20 am
- Contact:
-
chris.childerhose
- Veeam Vanguard
- Posts: 638
- Liked: 154 times
- Joined: Aug 13, 2014 6:03 pm
- Full Name: Chris Childerhose
- Location: Toronto, ON
- Contact:
Re: Single Use Credentials
As per this page - https://helpcenter.veeam.com/docs/backu ... ml?ver=110
"When you add a Linux server, Veeam Backup & Replication saves a fingerprint of the Linux host SSH key to the configuration database. During every subsequent connection to the server, Veeam Backup & Replication uses the saved fingerprint to verify the server identity and avoid the man-in-the-middle attack."
"When you add a Linux server, Veeam Backup & Replication saves a fingerprint of the Linux host SSH key to the configuration database. During every subsequent connection to the server, Veeam Backup & Replication uses the saved fingerprint to verify the server identity and avoid the man-in-the-middle attack."
-----------------------
Chris Childerhose
Veeam Vanguard / Veeam Legend / Veeam Ceritified Architect / VMCE
vExpert / VCAP-DCA / VCP8 / MCITP
Personal blog: https://just-virtualization.tech
Twitter: @cchilderhose
Chris Childerhose
Veeam Vanguard / Veeam Legend / Veeam Ceritified Architect / VMCE
vExpert / VCAP-DCA / VCP8 / MCITP
Personal blog: https://just-virtualization.tech
Twitter: @cchilderhose
-
Origin 2000
- Service Provider
- Posts: 91
- Liked: 23 times
- Joined: Sep 24, 2020 2:14 pm
- Contact:
Re: Single Use Credentials
@chris.childerhose
that doesnt make sense because there is no running SSH anymore when youre finished with the setup of the hardened repository. This is only true for a normal linux server.
@storageguy
The veeam service starts automaticly as any other registered service on that OS. Because you temporary grand permission for the selected/used user during the Veeam install the wizzard was able to register it services.
that doesnt make sense because there is no running SSH anymore when youre finished with the setup of the hardened repository. This is only true for a normal linux server.
@storageguy
The veeam service starts automaticly as any other registered service on that OS. Because you temporary grand permission for the selected/used user during the Veeam install the wizzard was able to register it services.
-
storageguy
- Expert
- Posts: 160
- Liked: 16 times
- Joined: Nov 19, 2014 4:20 am
- Contact:
Re: Single Use Credentials
@Origin 2000, I have a situation where we restarted our linux server and the VBR server can no longer connect to the repository. After our investigation, we found out that the veeamtransport service won't start because the user was not found. So we re-created the deleted user and after re-creating the user, VBR server was able to connect to the repository again and the veeamtransport service started successfully. Strange, and that's why I'm confuse as to which user will be used once the single use credential is deleted.
-
Regnor
- VeeaMVP
- Posts: 1007
- Liked: 314 times
- Joined: Jan 31, 2011 11:17 am
- Full Name: Max
- Contact:
Re: Single Use Credentials
Do I get it right that you've deleted the user, which you've used to connect the repository to Veeam? If so, that was wrong. The transport service will run in the context of this user, so it still needs to be present on your Linux server.
Veeam on the other hand only initially needs the credentials to deploy the transport service. That's why you use 'single use credentials' as Veeam doesn't need to save those credentials.
What you can and should to after the setup:
*remove the service user from the sudo group
*disable SSH and any remote access
Veeam on the other hand only initially needs the credentials to deploy the transport service. That's why you use 'single use credentials' as Veeam doesn't need to save those credentials.
What you can and should to after the setup:
*remove the service user from the sudo group
*disable SSH and any remote access
-
chris.childerhose
- Veeam Vanguard
- Posts: 638
- Liked: 154 times
- Joined: Aug 13, 2014 6:03 pm
- Full Name: Chris Childerhose
- Location: Toronto, ON
- Contact:
Re: Single Use Credentials
That is exactly right @Regnor as noted here too - https://helpcenter.veeam.com/docs/backu ... =110#step2
-----------------------
Chris Childerhose
Veeam Vanguard / Veeam Legend / Veeam Ceritified Architect / VMCE
vExpert / VCAP-DCA / VCP8 / MCITP
Personal blog: https://just-virtualization.tech
Twitter: @cchilderhose
Chris Childerhose
Veeam Vanguard / Veeam Legend / Veeam Ceritified Architect / VMCE
vExpert / VCAP-DCA / VCP8 / MCITP
Personal blog: https://just-virtualization.tech
Twitter: @cchilderhose
-
perjonsson1960
- Veteran
- Posts: 527
- Liked: 58 times
- Joined: Jun 06, 2018 5:41 am
- Full Name: Per Jonsson
- Location: Sweden
- Contact:
Re: Single Use Credentials
If I want to change the description of the Linux server in the properties, I cannot get past the credentials step if I have used Single-Use Credentials. Does this mean that I have to start the SSH service in the Linux server first, and then submit the username and password for the "single-use account", and when I have finished the wizard, stop the SSH service again, just to change the description?
PJ
PJ
-
Gostev
- Chief Product Officer
- Posts: 31814
- Liked: 7302 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Single Use Credentials
Right, you need SSH to go through the wizard before the new configuration can be saved to configuration. I supposed as an alternative you could just change it in the configuration database directly 
if you have some experience with databases.
if you have some experience with databases.Who is online
Users browsing this forum: No registered users and 28 guests