Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dosbre
New Contributor

Restoring FortiGate configuration using secure file copy SCP returns 501-Permission Denied

After upgrade to FortiOS 7.2.5 trying to restore configuration using SCP returns 501-Permission Denied.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-a-FortiGate-configuration-...

5 REPLIES 5
pgautam
Staff
Staff

Hi @dosbre

 

You can restore the configuration using the SCP.

What file name are you giving when trying to restore?

It should be fgt-restore-config.

 

Regards

 

Priyanka

 

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

 

dosbre
New Contributor

Hi, @pgautam

 

The command is used in a script, so the user has ssh-public-key1 configured. Trying to restore using password authentication works, but with configured keys it returns 501-Permission Denied. Althorught login with SSH keys still works.

 

$ scp -v backup.conf <IP_FGT>:fgt-restore-config

...

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:6MS1v/a5+7rPjY9cM6Cd6AkiwzDx9R4wfj+3uXF/5tU /home/<USER>/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to <IP_FGT> ([IP_FGT]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v -t fgt-restore-config
501-Permission Denied
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 3504, received 1976 bytes, in 0.1 seconds
Bytes per second: sent 57751.3, received 32567.5
debug1: Exit status 0

 

Thanks for helping

pgautam
Staff
Staff

Hi @dosbre 

 

A quick search over the Internet shows that this is a Linux side issue ("501-Permission Denied" message):

https://www.linuxquestions.org/questions/linux-software-2/scp-problem-after-a-debian-upgrade-squeeze...
https://community.fortinet.com/t5/Support-Forum/scp-problem-after-a-debian-upgrade-squeeze/m-p/13546...

 

Regards

Priyanka

 

 

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

dosbre
New Contributor

Hi,

 

Just tried using PuTTY's pscp and got the same error. It seems it's a Windows site issue too. The only change was the FortiOS version, the script and SSH keys are the same.

 

Althorught, restore still works using password authentication:

 

$ scp -o PubkeyAuthentication=no <backup-config> <user>@<IP_FGT>:fgt-restore-config

 

 

Thanks.

Vitor_Luz
New Contributor

Hello,
I'm having exactly the same problem. Up to version 6.4.11 it worked correctly, and the only change was the update to version 7.2.5.

Regards

Labels
Top Kudoed Authors