Help Center
Choose product document...
Veeam Backup & Replication 9.5
Veeam Agent Management Guide

Configuring Security Settings

When you configure the Veeam Agent management infrastructure in Veeam Backup & Replication, you can specify what TLS certificate Veeam Backup & Replication will use to establish a secure connection between the backup server and protected computers. By default, Veeam Backup & Replication offers the following security settings for testing and evaluation purposes:

  • To establish a secure connection between parties, Veeam Backup & Replication uses the default self-signed certificate.
  • Veeam Backup & Replication allows all computers that run a Linux OS to establish a connection to the backup server.

You can change security settings if needed, for example, in case security regulations of your organization require usage of a custom certificate and/or verification of Linux host fingerprints.

To specify the security settings, do the following:

  1. From the main menu, select General Options.
  2. Click the Security tab.
  3. In the Certificate section, check information about the currently used certificate. By default, Veeam Backup & Replication uses a self-signed TLS certificate generated at the process of upgrade to version 9.5 Update 3. If you want to use a custom certificate, click Install and specify a new certificate. To learn more, see Managing TLS Certificates.
  4. In the Linux fingerprints section, specify SSH fingerprint verification settings for Linux-based protected computers. You can select one of the following options:
  • Trust all newly discovered Linux hosts automatically — with this option enabled, Veeam Backup & Replication allows all discovered computers that run a Linux OS to connect to the backup server. This scenario is recommended for demo environments only.
  • Trust only known Linux hosts — with this option enabled, only the following Linux-based computers can connect to the backup server:
  • Protected computers that have already established a connection to the backup server and have their fingerprints stored in the Veeam Backup & Replication database. Veeam Backup & Replication displays the number of such computers in the Trusted Linux hosts field. To export the list of trusted Linux computers to a known_hosts file, click Export and specify a path to the folder to save the file.
  • Protected computers specified in the known_hosts file imported to Veeam Backup & Replication. To import a known_hosts file, click Import and specify a path to the folder where the file resides.

Computers that do not meet the above-mentioned conditions cannot connect to the Veeam backup server and download Veeam Agent for Linux installation packages during discovery. Veeam Backup & Replication displays these computers under the Untrusted node in the inventory. To start managing an untrusted computer, you need to validate its fingerprint manually in the Veeam Backup & Replication console. To learn more, see Validating SSH Fingerprints.

  1. Click OK.

Configuring Security Settings 

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Backup Explorers User Guide

PowerShell Reference

RESTful API Reference

Veeam Backup FREE Edition User Guide

Veeam Backup for Microsoft Office 365

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation