LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-04-2012, 09:53 AM   #1
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 229

Rep: Reputation: 4
Juniper firewall backup using ssh from linux


Hi All,
Our network team has many firewalls.To take backup, we had written script by connecting to that firewall using telnet and taking backup, all went well. Now to increase security, we have planned to use ssh instead of telnet. But I am able to login via script but the command seems to be not executed. The script is as follows

# set Variables
set ipaddr [lrange $argv 0 0]
set username [lrange $argv 1 1]
set password [lrange $argv 2 2]
set enpassword [lrange $argv 3 3]
#set enpassword [lrange $argv 3 3]
#set arg1 [lrange $argv 4 4]
#set timeout -1

# spawn a new telnet session
spawn ssh -c des $username@$ipaddr
match_max 100000

#check for the password prompt
expect {
"*?assword:*" {
send -- "$password\r"
}
}
expect {
"*#*" {
send -- "get config\r"
}
}
expect "*#*"
send -- "exit\r"
send -- "\r"
expect eof

When I run the script I receive the following in logs
spawn ssh -c des backup@*.*.*.*
No valid ciphers for protocol version 2 given, using defaults.^M
backup@*.*.*.*'s password:
Remote Management Console
fircom-> Connection to *.*.*.* closed

backup is not happening successfully. I am doing something wrong, I could not find that out. Kindly help

Last edited by Iyyappan; 08-04-2012 at 09:55 AM.
 
Old 08-04-2012, 12:16 PM   #2
mustafa
Member
 
Registered: Feb 2003
Distribution: gentoo
Posts: 87

Rep: Reputation: 15
Hi,

If you use Netscreen firewalls then you could set up ssh keys and via a scipt on your server scp the config file back to you, schedule the script with cron and you're set. The config is called ns_sys_config in the root dir.

If it is Junos firewalls then they have a built in scp client to copy the config to your server.


Hope it helps.
 
Old 08-06-2012, 07:12 PM   #3
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 229

Original Poster
Rep: Reputation: 4
Does Juniper firewall provides ssh key, which can be placed in server? I have used password-less login in Linux. In that case, I used to genereate keys in client and place the public key in server and connect from client without password. Kindly let me know, how to set up ssh keys for firewall. How to get the ssh details from firewall which can be placed in server sides known_hosts file.

When I type get ssh in juniper firewall, I receive the following


Active sessions: 1

Admin Ip Addr Vsys Auth Method Service
---------- --------------- ---------- ------------ --------
backup 192.168.1.28 Root password console

Auth Method is password. Is this correct.

Last edited by Iyyappan; 08-06-2012 at 08:21 PM.
 
Old 08-25-2012, 03:37 AM   #4
mustafa
Member
 
Registered: Feb 2003
Distribution: gentoo
Posts: 87

Rep: Reputation: 15
Hi,

The firwall will not push the config to your server, instead your server will fetch the config from the firewall.
You generate the ssh key on your linux server, then create a read-only user on your netscreen firewall and attach that ssh key to that user.
Schedule a script on your linux server that fetch the NS config file, something like:
scp <read-only-user>@<fw-ip>:ns_sys_config /backup/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux http traffic slow through Juniper with Web Filtering pcirne Linux - Networking 1 08-31-2009 09:26 AM
ssh error during backup from XP to linux server tennis_slacker Linux - Server 2 04-22-2009 01:06 PM
SSH /firewall problems with mdk 10.0 linux-secure thomas.nichols Mandriva 3 03-25-2005 03:13 PM
Windows to Linux ssh backup? SSBN Linux - Networking 1 03-20-2004 12:12 AM


All times are GMT -5. The time now is 11:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration