- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: System Backup with host keys
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
System Backup with host keys
Hello Checkmates,
Maybe the question is trivial, but I've been asked to configure the System Backup of a couple of secure gateways using host keys (scp or sftp). The sk about host keys and the management of them I have found. But the admin guide (R81.20 et al..) only mentions scp with username/password. Does that mean host keys are not supported to be used with System Backup ?
Thanks,
Chris.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As I know there is no limitation around the host keys.
I use host keys on R81.10, and works.
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My experience with this feature was that if you had an SSH key configured with the remote end, this would be used first.
The password, in this case, can be anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As I know there is no limitation around the host keys.
I use host keys on R81.10, and works.
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im fairly sure it would be supported.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the replies. I didn't mention the second part of my question as to how is it done ? Gaia GUI: no way to enter the keys when scheduling a system backup. CLISH either AFAIK , or maybe I don't have the proper glasses on... Do I need to use mgmt scripting fu to have it done and add it to crontab ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could use host keys to add the keys in the RBA configuration of your GAIA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My experience with this feature was that if you had an SSH key configured with the remote end, this would be used first.
The password, in this case, can be anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks folks... got it working now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wonder how you made it work.
I keep getting this error with scheduled backups and ssh key authentication (see below) even though I can ssh or do a once off backup from the gui with ssh key authentication.
scheduled_backup: Error : Base64 decode failed
scheduled_backup: schedule backup: obfuscation error
scheduled_backup: /bin/scheduled_backup: rc=-1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AFAIK, using SSH keys to transfer backup files is still not supported. You can double-check it via a TAC case, to get an official answer. You can also open an RFE and ask to support this feature.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
oh really? It has always worked for me in R77.20, R80.40, R81.10.
It has only failed in R81.20 now
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you talking about a scheduled backup or an immediate one?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
scheduled backup with ssh keys works for me in r77.20, r80.40, r81.10
immediate backup with ssh keys works for me in r77.20, r80.40, r81.10 and r81.20 too
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I might be wrong then. Please check with TAC if it is supported, and take it with them, if it is
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Luis Miguel,
It's been a while, but this is from my notes:
create ssh key with command ssh-keygen in bash
Then in clish:
add ssh hba hostname <ip address of server> public-key access-mode standalone file /home/admin/.ssh/id_rsa.pub
connect with ssh to server with -i and answer yes... the server's fingerprint will be added to the known_hosts file.
To test one time: backup scp ip <ip address of server> path <path to backup on server>/ username <username> password 1234
Then I simply created the scheduled backup in the GUI...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
weird I get that error in r81.20, doing the same
scheduled_backup: Error : Base64 decode failed
scheduled_backup: schedule backup: obfuscation error
scheduled_backup: /bin/scheduled_backup: rc=-1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
as a workaround, I replace the schedule backup scp with ssh keys with:
1) scheduled backup stored locally
2) cron job with scp localbackup.tgz remoteuser@remotescpserver
I found another issue, the retention policy fails when configured to 1.
My expectation is that if it is configured it to 1, the system will delete the old backup and will run a new backup. But it the schedule backup service just hangs and you need to reboot the firewall manager.
So eventually configured the retention policy to 2.