Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dosbre
New Contributor

Restoring FortiGate configuration using secure file copy SCP returns 501-Permission Denied

After upgrade to FortiOS 7.2.5 trying to restore configuration using SCP returns 501-Permission Denied.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-a-FortiGate-configuration-...

5 REPLIES 5
pgautam
Staff
Staff

Hi @dosbre

 

You can restore the configuration using the SCP.

What file name are you giving when trying to restore?

It should be fgt-restore-config.

 

Regards

 

Priyanka

 

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

 

dosbre
New Contributor

Hi, @pgautam

 

The command is used in a script, so the user has ssh-public-key1 configured. Trying to restore using password authentication works, but with configured keys it returns 501-Permission Denied. Althorught login with SSH keys still works.

 

$ scp -v backup.conf <IP_FGT>:fgt-restore-config

...

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:6MS1v/a5+7rPjY9cM6Cd6AkiwzDx9R4wfj+3uXF/5tU /home/<USER>/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to <IP_FGT> ([IP_FGT]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v -t fgt-restore-config
501-Permission Denied
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 3504, received 1976 bytes, in 0.1 seconds
Bytes per second: sent 57751.3, received 32567.5
debug1: Exit status 0

 

Thanks for helping

pgautam
Staff
Staff

Hi @dosbre 

 

A quick search over the Internet shows that this is a Linux side issue ("501-Permission Denied" message):

https://www.linuxquestions.org/questions/linux-software-2/scp-problem-after-a-debian-upgrade-squeeze...
https://community.fortinet.com/t5/Support-Forum/scp-problem-after-a-debian-upgrade-squeeze/m-p/13546...

 

Regards

Priyanka

 

 

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

dosbre
New Contributor

Hi,

 

Just tried using PuTTY's pscp and got the same error. It seems it's a Windows site issue too. The only change was the FortiOS version, the script and SSH keys are the same.

 

Althorught, restore still works using password authentication:

 

$ scp -o PubkeyAuthentication=no <backup-config> <user>@<IP_FGT>:fgt-restore-config

 

 

Thanks.

Vitor_Luz
New Contributor

Hello,
I'm having exactly the same problem. Up to version 6.4.11 it worked correctly, and the only change was the update to version 7.2.5.

Regards