Veeam: Create Linux user for Private Key Login Credentials

//Veeam: Create Linux user for Private Key Login Credentials

Veeam: Create Linux user for Private Key Login Credentials

For Backups Guest OS files and indexing(and application awareness), Veeam needs Admin rights in Guest OS(Windows and Linux). In Windows a Domain Administrator account, and in Linux root access to perform this type of Backups and also Restore.

In this article, we will only focus on the Linux root account.

Since for security reasons most companies will not provide root access to the Backup tool, we can do this by creating a nonroot account with a Linux Private Key that will be elevated to root account.

First, we will create the user and the Private Key in Linux.

Note: We will create a Private Key, but also a Passphrase for security reasons.

1. Linux Create User:

Create Private Key: ssh-keygen -C “Key for Veeam Linux user Backup” -O no-x11-forwarding -O no-port-forwarding -O no-agent-forwarding

Note: Use a Passphrase password(if you leave blank, will not use a Passphrase ) to use in the Veeam Section.

Local user to be configured:

  • user name: veeam-linux
  • user id: 90
  • home: /var/lib/veeam-linux
  • SSH key file: /var/lib/veeam-linux/.ssh/authorized_keys

Linux command to create local user and key:

adduser -b /var/lib/ -c “Veeam Linux user Backup” -g users -m -u 90 veeam-linux
passwd -l veeam-linux # Prevent login via password
su – veeam-linux
mkdir .ssh
chmod 700 .ssh/
vi .ssh/authorized_keys
-> enter Public key:
ssh-rsa (public key)== Key for Veeam backup user
visudo
-> veeam-linux ALL=NOPASSWD: ALL

After the user is created and also the Public Key to your authorized_keys in your Linux OS, you should use the RSA_key.ppk(name that we used) file with the Private Key in Veeam.

Note: After we test this user and add the Public Key, if is working for Linux Backup jobs, we will use Linux Puppet to spread the User vs. Public Key to all our Linux VMs and all be able to use the same Key in authorized_keys.

Depending on your environment, you can also copy the corresponding Public Key to all your Linux Guests.

2. Veeam Linux user Configuration:

Next, we will create new Linux credentials to use in our Backups.

Open your Veeam Backup & Replication Console, and in the upper left corner we can open “Manage Credentials.”

Screen Shot 03-29-16 at 09.55 PM 001

Now click add and choose to add a Linux Private Key.

Veeam: Create Linux user for Private Key Login Credentials

Next, add the user and use the information from the Linux User and Private Key create in the Linux section.

Veeam: Create Linux user for Private Key Login Credentials

Option 1: Add the user created in the Linux Guest OS

Option 2: Add the Passphrase used in ssh-keygen.

Option 3: Use the RSA file extracted from the Linux Private Key.

Option 4: Since the account will only be elevated to root(not a root account) enable this option.

After these tasks, we have a Linux user that will use a Private Key and will be elevated to root in the VMs Linux Backups.

After this, we will create a job to test(Linux Backup) the Credentials and our Private Key.

Veeam: Create Linux user for Private Key Login Credentials

In the “Guest Processing” screen we can test our User / Private Key to see if it works when we start the job.

Veeam: Create Linux user for Private Key Login Credentials

In “Guest OS Credentials” choose the user that we have created above. Then click the option “Test Now.”

As we can see in the next image, the user was able to connect to the Guest OS and have the right permissions. All tests are green.

Veeam: Create Linux user for Private Key Login Credentials

After this, we can use this user(with the Private Key) to Backup and Restore all our Linux VMs.

In this job example, we had only one VM to test this user, but if you have a job just for Linux VMs if you choose this user will set and will use for all VMs automatically.

But in case you have some mix OS Guest jobs(like we have) you should set the user for the Linux VMs.

Just edit your Backup Job and again go to the “Guest Processing” screen. Here click on “Credentials” options.

Veeam: Create Linux user for Private Key Login Credentials

Choose VMs that should use the Linux User and click “Set User” and then “Linux credentials.”

Next, click “Add” and choose the Linux user.

Veeam: Create Linux user for Private Key Login Credentials

After this, all Linux VMs will use that user to Backup and Restore.

After all this, you now have a Linux OS Guest user with a Private Key.

Hope this can help you how to configure this option. If you have any doubts or need extra help, don’t hesitate to contact me, or reply to this post.

For extra information, please check Veeam Help for this subject HERE

Final Note: Will like to thank you my Linux colleague Philipp van Huellen for help on the part of the Linux Private Key testing and also to provide the right security configuration on the Linux side.

Note: Share this article, if you think it is worth sharing.

©2016 ProVirtualzone. All Rights Reserved

 

By | 2018-10-28T20:45:19+02:00 March 30th, 2016|Backups|2 Comments

About the Author:

I am over 20 years’ experience in the IT industry. Working with Virtualization for more than 10 years (mainly VMware). I am an MCP, VCP6.5-DCV, VMware vSAN Specialist, Veeam Vanguard 2018/2019, vExpert vSAN 2018/2019 and vExpert for the last 4 years. Specialties are Virtualization, Storage, and Virtual Backups. I am working for Elits a Swedish consulting company and allocated to a Swedish multinational networking and telecommunications company as a Teach Lead and acting as a Senior ICT Infrastructure Engineer. I am a blogger and owner of the blog ProVirtualzone.com

2 Comments

  1. WilliamMl May 11, 2016 at 2:29 am - Reply

    A round of applause for your forum topic.Thanks Again. Really Cool. Titus

Leave a Reply

%d bloggers like this: