Technical Tip: Get access to secure shell of FortiADC starting from v7.0

JordAnge · ‎08-20-2024

Description

This article describes how to secure the shell access of FortiADC. It has changed the method starting from v7.0.

Scope

FortiADC v7.0 or later.

Solution

In the previous release, it is possible to access the shell with root permission through fnsysctl sh.
Example:

Enter shell mode:

fnsysctl sh

Enter to log directory:

/#cd var/log

From v7.0 or later, to access the shell for debugging, it is necessary to enable it through CLI. Below is the example to enable the shell access with username=ftnt and password=12345:

config system global

set shell-access enable

set shell-username ftnt

set shell-password 12345

set shell-timeout 200

end

Note:

The shell-timeout means the shell access will be disabled automatically after 200 minutes.

Now, it is possible to try to access the shell through a console or SSH.

ssh ftnt@172.23.133.148

X11 forwarding request failed on channel 0

-- WARNING! All configurations should be done through CLI shell.

-- You now have full access.

~# whoami

ftnt

Note:

There will be restrictions to read/write some files in the system, and permission denial will happen.

The following commands are accepted:

basename, cat, date, df, dmesg, du, ifconfig, netstat, nslookup, ping, sleep, uname, ps, kill, killall, lspci, df, fdisk, mount, free, lsusb, smartctl, ssh, strace.

Technical Tip: Get access to secure shell of FortiADC starting from v7.0

You are leaving our website