SCP Backup with 7.4.4 not working?

RenePilz · ‎06-25-2024

Hello everybody,

we did the backups of our Fortigate Firewalls with scp (pscp.exe -scp - batch -pw password user@0.0.0.0:fgt-config /target/folder) and a scheduled task on a Windows server.
This was working like a charm.

We upgraded one Firewall (60F) from FortiOS version 7.2.8 to version 7.4.4 and we recognized that the backup script is no longer working.

There is no error or anything like that - also if we execute it manually it looks like it is working but no file is stored in the target folder.

Were there any changes in 7.4.4 that scp is no longer working or is it a bug?
I can't find anything in the release notes. Connecting to the firewall via SSH is working as usual.
Any information on that or any hint to get it running again?

Thank you.

Best regards
René

mpapisetty · ‎06-26-2024

@RenePilz ,

Could it be that there was a windows server upgrade which caused the OpenSSH version to upgrade to 9.0 which uses SFTP by default instead of SCP? Fortigate, yet, does not support SFTP protocol.

https://en.wikipedia.org/wiki/Secure_copy_protocol#:~:text=As%20of%20OpenSSH%20version%209.0,the%20l....

You can check the OpenSSH version for windows using "ssh -V" on the command line.

HTH
Manoj Papisetty

fricci_FTNT · ‎06-27-2024

Hi @RenePilz ,

The SCP should work in 7.4.4 : https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/702257#SCP

As mentioned by my colleague the issue might be due to the fact that OpenSSH is using version 9.0 and connects using SFTP protocol by default.

Workaround: use the -O flag to force openSSH to use the older scp protocol.

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.

akyl · ‎06-27-2024

Thank you @fricci_FTNT and @mpapisetty.

We are using pscp the SCP client from Putty (version 0.81, also a previous version was not working) and not OpenSSH on the server directly - that means there is no OpenSSH 9.0 and with pscp there is also no -O option as far as I know.

Windows updates was installed but as we don't use OpenSSH it should be no issue I think.

Any other ideas?

mpapisetty · ‎07-03-2024

Hi @akyl , @oren

I just tested with PSCP on my windows machine and can confirm that the backup works just fine. I would recommend you to try manually with verbose and logging enabled to see if that gives any hints.

Try this format -

pscp.exe -v -scp -sshrawlog log.txt -pw password user@0.0.0.0:fgt-config /target/folder

Review or attach the terminal output along with the log.txt to give a better idea on what the problem is. Hope this helps.

HTH
Manoj Papisetty

Yurisk · ‎07-03-2024

Also make sure the command enabling SCp is still present in the Fortigate config:

config system global
    set admin-scp enable
end

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-a-FortiGate-configuration-...

Yuri Slobodyanyuk

Fmodena · ‎09-09-2024

We were also copying via scp using the read-only profile and after updating it started to fail.
When testing with a super_admin user it worked!
We created a custom profile with read and write in "Administrator users" and everything else in "none"

Fmodena · ‎09-09-2024

Dear,

Please check the backup. It was not complete.
Adjust the user permissions.

Regards

SCP Backup with 7.4.4 not working?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website