Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Our network team has many firewalls.To take backup, we had written script by connecting to that firewall using telnet and taking backup, all went well. Now to increase security, we have planned to use ssh instead of telnet. But I am able to login via script but the command seems to be not executed. The script is as follows
# set Variables
set ipaddr [lrange $argv 0 0]
set username [lrange $argv 1 1]
set password [lrange $argv 2 2]
set enpassword [lrange $argv 3 3]
#set enpassword [lrange $argv 3 3]
#set arg1 [lrange $argv 4 4]
#set timeout -1
# spawn a new telnet session
spawn ssh -c des $username@$ipaddr
When I run the script I receive the following in logs
spawn ssh -c des backup@*.*.*.*
No valid ciphers for protocol version 2 given, using defaults.^M
Remote Management Console
fircom-> Connection to *.*.*.* closed
backup is not happening successfully. I am doing something wrong, I could not find that out. Kindly help
If you use Netscreen firewalls then you could set up ssh keys and via a scipt on your server scp the config file back to you, schedule the script with cron and you're set. The config is called ns_sys_config in the root dir.
If it is Junos firewalls then they have a built in scp client to copy the config to your server.
Does Juniper firewall provides ssh key, which can be placed in server? I have used password-less login in Linux. In that case, I used to genereate keys in client and place the public key in server and connect from client without password. Kindly let me know, how to set up ssh keys for firewall. How to get the ssh details from firewall which can be placed in server sides known_hosts file.
When I type get ssh in juniper firewall, I receive the following
Active sessions: 1
Admin Ip Addr Vsys Auth Method Service
---------- --------------- ---------- ------------ --------
backup 192.168.1.28 Root password console
The firwall will not push the config to your server, instead your server will fetch the config from the firewall.
You generate the ssh key on your linux server, then create a read-only user on your netscreen firewall and attach that ssh key to that user.
Schedule a script on your linux server that fetch the NS config file, something like:
scp <read-only-user>@<fw-ip>:ns_sys_config /backup/