Holy wrote:

Hello,

 

how to set a Password for a Backup user in this script?

 

thank you

 

 

elthon.abreu wrote:

nbctcp wrote:

Ethon,

Can you please show me the steps

 

nbctcp,

 

I've attached the script for you. You can change according to your needs.

 

PS.: Script only for Windows OS.

Holy,

I've used a *.pub key file for best security.

Hello,

thank you for the quick Answer.

and how can i do such *.pub key? and how do i set it Up for the Backup User to Authenticate?

Thank you in advance

elthon.abreu wrote:

Holy wrote:

Hello,

 

how to set a Password for a Backup user in this script?

 

thank you

 

 

elthon.abreu wrote:

nbctcp wrote:

Ethon,

Can you please show me the steps

 

nbctcp,

 

I've attached the script for you. You can change according to your needs.

 

PS.: Script only for Windows OS.

Holy,

 

I've used a *.pub key file for best security.

Hello,

so in that case the user will use either ssh-public-key or password for authentication?

what if i want to use only password? what would be the Parameter to set in your script?

set=password ?

Thank you

elthon.abreu wrote:

Holy,

 

I've used the Putty Key Generation (Looking in "ProgramFiles\PuTTY" If you have putty installed). There is a variable "Key" on the script file. To create the user "bkp" you can use the config below:

 

config system admin edit "bkpusr" set trusthost1 "backup IP address only - for best security" set vdom "root" set ssh-public-key1 "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhIasKun...." set password ****** next end

 

Best regards

You should only use the public key.

Did anyone figure out how to get the whole config with SCP for multiple vDoms ?

I get the whole config of my FGTs that have only one vDom but I also have two 300D in cluster A-A with 2 vDoms and I only get the config of one vDom with either fgt-config or sys_config.

Thank you,

I got an answer from TAC. I have to use a read-write user in order to have the whole config with multiple vDoms. The read-only user doesn't have access to the global mode therefore can't get the whole config.

I just done that using pscp in windows

https://nbctcp.wordpress....kup-config-using-pscp/

emnoc wrote:

Will for me the fgt-config pulls the complete configs ( full ) with vdoms.

 

scp  <myuser>@1.1.1.1:fgt-config ./

 

So anything with fgt-config in the name will pull the full cfg.

 

e.g ( using fgt-config2  the 2 doesn't matter ;) )

 

 

scp -P 2022 admin@10.10.80.1:fgt-config2 ./ admin@10.10.80.1's password: fgt-config                                    100%  371KB  37.1KB/s   00:10 

 

 

So anything with  fgt-config or sys_config no matter what the spelling works.

 

 kfelix$ scp -P 2022 admin@10.10.80.1:custB/sys_config ./ admin@10.10.80.1's password: sys_config                                                            100%  371KB  33.7KB/s   00:11    

 kfelix$ scp -P 2022 admin@10.10.80.1:sys_config-blhblhlah  ./ admin@10.10.80.1's password: sys_config                                                            100%  371KB  37.1KB/s   00:10            

 

Ken

IMHO both sys_config and fgt-config is not FULL BACKUP

Both sys_config and fgt-config are the same files

here how to test

in Forti CLI

# show full-configuration | grep ssh-public-key1         set ssh-public-key1 "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhgCSKwiNYG7YDE0QUm2mefS8oq89dvms1+ArW/vRZ2j2AIl9a/NRMIK7whvUstVWD60HVWcGAlzpIYnCMZm3d82xifCJgSsi2QamWKzvHG27EPmn2KmXJTFdINcvK60tih89ebxGN3sPX3nv/LlyX5p3gmvcGyW019ipTEo5zFN0aMYSrkg5Xiuw3xFZhGYgNxRpSLNf1IwGcacTq+XMx58kic1QRNEnqgUrmIM1ODLpfaWm3ecq6NVTfa2UcIjPQXaweFpEgtViN5rtOi+z0oE7wm1RpbA+bM6vHeJHlBsigFqa/0Z9EY2DXtYwCM+IYzgXWF6zxtloAixDQrqi3w=="   I didn't get any "ssh-public-key1" result from  sys_config, fgt-config or (GUI/admin/Configuration/Backup) backup result  

QUESTIONS: 1. any other method to do full config backup

UPDATE1:

-this method got full backup

# execute backup full-config tftp clifull.bak 10.0.1.1

tq