#1 Global Leader in Data Protection & Ransomware Recovery

Impact of tmux on Veeam Interactions With Linux OS

KB ID: 4466
Product: Veeam Backup & Replication
Veeam ONE
Veeam Agent for Linux
Published: 2023-06-22
Last Modified: 2024-03-12
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Purpose

This article documents a known incompatibility between Veeam applications that initiate SSH connections to remote Linux machines and those Linux machines being configured to have tmux autorun when users connect.

 

Connection Examples

As stated, this issue affects all interactions wherein a Veeam application makes an SSH connection to a remote Linux server that has tmux automatically start during account login. The list below is not exhaustive and presents the most commonly impacted scenarios.

Known Limitation

Veeam Backup & Replication does not support SSH connections to a server where when the user Veeam logs in as is configured to have tmux automatically start.

  • For persistent agents, automatic tmux at login must be disabled during the initial deployment of the Veeam Data Mover services that are installed when the Linux Machine is first added to Veeam Backup & Replication.
  • For Hardened Repositories, review: https://www.veeam.com/kb4250
  • For non-persistent agents, automatic tmux must be disabled completely for the user Veeam Backup & Replication is configured to connect as.
    Note: This use scenario is rare as it only occurs when the account supplied to Veeam Backup & Replication does not have sudo rights.
To successfully deploy the Veeam services on the system, tmux must be temporarily disabled or disabled for the account used by Veeam (see More Information section). Usually, this is configured in /etc/bashrc for all users on the system, as shown here:
[user@rhel8 ~]$ sudo grep tmux /etc/bashrc
case "$name" in sshd|login) exec tmux ;; esac

While this specific example is from RHEL 8 using the NIST 800-171 security profile, which includes tmux automatic startup system-wide, the same concept applies to other distros.

To disable the automatic launching of tmux, edit the /etc/bashrc file and comment (#) out the line with tmux, as shown in the grep output below.

[user@rhel8 ~]$ sudo grep tmux /etc/bashrc
#case "$name" in sshd|login) exec tmux ;; esac
If an account was provided to Veeam Backup & Replication that had root equivalent permissions (sudo), the Veeam Data Mover services would be installed during the process of adding the Linux machine to Veeam Backup & Replication. Once that is complete, Veeam Backup & Replication will no longer need to SSH into that Linux machine for most day-to-day operations; As such, the automatic tmux at login can be re-enabled.
comment example
The implementation of tmux may be different between distros and versions of the same distro. For example, in RHEL 8.9 with the NIST 800-171 security profile enabled, the /etc/bashrc file does not contain an "exec tmux" line. Instead, it calls a series of scripts from /etc/profiles.d/ to be processed, which, in turn, activates /etc/profile.d/tmux.sh. That tmux.sh file contains the exec tmux line that can be commented out temporarily, or the if statement can be modified as shown in the More Information section below to prevent the tmux.sh script from being run for a specific user.

More Information

For non-persistent configurations, or customers seeking to ensure Veeam Backup & Replication can SSH into the Linux machine as needed for operations such as upgrading the Data Mover Services, an exemption could be created to prevent tmux from starting for the specific user account provided to Veeam Backup & Replication.

For example, below is the default if statement used to start tmux automatically.

if [ "$PS1" ];then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
case "$name" in (sshd|login) exec tmux ;; esac
fi

By adding a qualifier to the initial if statement to check for a specific username, it is possible to exempt a single user from having tmux start automatically. (In this example, that user account is named 'veeam'.)

if [ "$PS1" ] && [ "$(id -un)" != "veeam" ];then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
case "$name" in (sshd|login) exec tmux ;; esac
fi
tmux su bypass
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.